Bug#943981: Proposal: Switch to cgroupv2 by default
Ryutaroh Matsumoto
ryutaroh at ict.e.titech.ac.jp
Wed Apr 22 02:25:15 BST 2020
> It's a bit unfortunate, that when you boot your system with the unified
> hierarchy, you need to explicitly configure
> "lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy=1" or hope
> the host systemd instance has been built with unified hierarchy as default.
> That means, once we flip the default in unstable/testing, creating and
> running a buster container will require
> "lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy=1"
Alternatively, we can also use "lxc.mount.auto = cgroup:rw:force".
The default is "cgroup:mixed". This trick was told in the upstream:
https://github.com/lxc/lxc/issues/3183#issuecomment-560163709
(this github issue was opened by you).
By reading lxc.container.conf(5) man page, "cgroup:rw" seemed
insecure to me on hosts with the hybrid hierarchy.
But, comparison of /proc/mounts in containers
with "cgroup:rw:force" and "cgroup:mixed" on the hybrid hierarchy
on the host Linux, the effects of "cgroup:rw:force" and "cgroup:mixed"
look the same (*),
while "cgroup:rw:force" is more friendly on host with the unified hierarchy.
(*) Is it really correct??
One way to sort out the situation is that changing the line
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
to
lxc.mount.auto = cgroup:rw:force proc:mixed sys:mixed
in /usr/share/lxc/config/common.conf.
Then we almost achieve
> Would be nice if lxc could do that automatically.
We could send a wishlist but report to the Debian lxc package,
as it still lives in the experimental.
We can do some experiment now...
Best regards, Ryutaroh
More information about the Pkg-systemd-maintainers
mailing list