[libvirt PATCH v3] cgroup/LXC: Do not condition availability of v2 by controllers

Pavel Hrdina phrdina at redhat.com
Tue Oct 25 12:49:35 UTC 2022 

On Tue, Oct 25, 2022 at 02:31:21PM +0200, Michal Koutný wrote:
> Hello.
> 
> On Tue, Oct 25, 2022 at 11:33:56AM +0200, Pavel Hrdina <phrdina at redhat.com> wrote:
> > Unfortunately this breaks a lot of things and we cannot use it even as
> > workaround. Libvirt code has few assumptions as that's how unified mode
> > works and when the cgroups v2 backend is enabled for hybrid topology we
> > assume that cpuacct, devices controllers are enabled.
> 
> To be on the same side -- there's no cpuacct and devices on cgroup v2
> (regardless of hybrid or unified mode).

From cgroup POV yes there is no cpuacct and devices controller on cgroup
v2, but the functionality of cpuacct is provided directly by cgroup v2
and for devices there is BPF.

> > But in the case of hybrid topology they are enabled by cgroups v1. Due
> > to this change we no longer limit access to devices and cpu accounting
> > no longer works.
> 
> Shouldn't v1 backend still carry that out? (On a higher level -- I
> understand that having both backends enabled for the hybrid mode is
> what's not working well.)

Exactly, there is the same ordering issue, if cgroup v2 backend is
enabled it is the only one used for cpuacct and devices within libvirt
code.

> > I'm going to send a patch to revert this one and we need to find yet
> > another solution to the issue.
> 
> BTW do you have any pointers (a commit) when the hybrid mode could have
> become broken for libvirt/lxc? (I estimate from the (lack of) user
> reports that it must have worked at the time of libvirt 4.0.)

Only this specific hybrid mode of systemd which is cgroup v1 for
everything and unified for process tracking.

As I've already mentioned in previous reply, to fix the process tracking
we should ideally use

    org.freedesktop.systemd1.Manager.AttachProcessesToUnit

dbus call to add the process into the cgroup

and to fix the other issue with bind mount we need to modify both cgroup
v1 and v2 code in libvirt to create the necessary directory if it
doesn't exist.

Pavel

> Thanks,
> Michal


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20221025/5df3b716/attachment.sig>

More information about the libvir-list mailing list