[lxc-devel] [lxd/master] cgroups: pre-mount on pure-cgroup2 systems with cgroup namespaces

brauner on Github lxc-bot at linuxcontainers.org
Wed Dec 11 15:21:17 UTC 2019 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 556 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20191211/b78cff16/attachment.bin>
-------------- next part --------------
From 2a4c2ed0421ec1affb741440eae7a9a5e1f43b0a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 11 Dec 2019 16:18:51 +0100
Subject: [PATCH] cgroups: pre-mount on pure-cgroup2 systems with cgroup
 namespaces

We only do force-premounting if we are on a cgroup2-only system.
While it's paranoid to check for both since cgroup2-only should imply cgroupns
but let's not rely on that.

Closes #6587.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/cgroup/init.go   | 23 +++++++++++++++++++++++
 lxd/container_lxc.go |  4 +++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/lxd/cgroup/init.go b/lxd/cgroup/init.go
index 6cd78e24af..db1ccd734f 100644
--- a/lxd/cgroup/init.go
+++ b/lxd/cgroup/init.go
@@ -6,12 +6,27 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/lxc/lxd/shared"
 	"github.com/lxc/lxd/shared/logger"
 )
 
+var cgCgroup2SuperMagic int64 = 0x63677270
+
 var cgControllers = map[string]Backend{}
+var cgFullCgroup2 bool
+var cgCgroupNamespace bool
 
 func init() {
+	st, err := shared.Statvfs("/sys/fs/cgroup")
+	if err == nil && st.Type == cgCgroup2SuperMagic {
+		cgFullCgroup2 = true
+	}
+
+	_, err = os.Stat("/proc/self/ns/cgroup")
+	if err == nil {
+		cgCgroupNamespace = true
+	}
+
 	// Go through the list of resource controllers for LXD.
 	selfCg, err := os.Open("/proc/self/cgroup")
 	if err != nil {
@@ -72,3 +87,11 @@ func init() {
 		}
 	}
 }
+
+func WantsMountCgroupsForce() bool {
+	return cgFullCgroup2 && cgCgroupNamespace
+}
+
+func WantsMountCgroupsMixed() bool {
+	return cgCgroupNamespace
+}
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 2c4e0097ca..972ed44ac4 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -781,7 +781,9 @@ func (c *containerLXC) initLXC(config bool) error {
 		mounts = append(mounts, "sys:rw")
 	}
 
-	if !shared.PathExists("/proc/self/ns/cgroup") {
+	if cgroup.WantsMountCgroupsForce() {
+		mounts = append(mounts, "cgroup:rw:force")
+	} else if cgroup.WantsMountCgroupsMixed() {
 		mounts = append(mounts, "cgroup:mixed")
 	}

More information about the lxc-devel mailing list