Hello. (Sorry for a stitched mail below, I'm not subscribed to the ML so this is what I got from public archives. Please, keep me Cced.) On 10/24/22 13:54, Pavel Hrdina wrote:
I don't like this at all and IMO this is incorrect fix of the issue you are trying to address. In hybrid mode with systemd the cgroup v2 controller is not a real controller. It's something systemd uses for process tracking and some other features. It is owned by systemd and we should not touch it directly at all.
I very much agree with this. Despite that I suggested the posted patch [1] because libvirt/lxc apparently violates systemd rules of exclusive access to cgroup hierarchies already. (At least that's how I understand the migration between libvirtd.service and target machine.slice/.../*.scope.) The patch is meant as a quick (and admittedly dirty) fix to the issue that users have been reporting with libvirt/lxc in the hybrid mode for several months.
We need to use proper systemd APIs to make any changes to that directory or if needed ask systemd to create cgroup with Delegate=yes which in this case is probably also not the correct approach.
Yes, as I wrote in the commit message, there seems to be some inconsistency in what libvirt core vs libvirt/lxc uses to access cgroups. Using always systemd API would seem most consistent but I'd retain the current patch as a workaround provided it doesn't break things more (than the current state). On 10/24/22 13:28, Pavel Hrdina wrote:
What I've seen is that hybrid systemd environments have:
/sys/fs/cgroup/unified /sys/fs/cgroup/memory /sys/fs/cgroup/blkio ...
but it doesn't mean that it is mounted in V1 cgroup filesystem.
In this case the /sys/fs/cgroup is tmpfs filesystem and there is nothing mounted over V1.
As a more detailed explanation why the reversed order works: It relies on the tmpfs mount over the ro-path in the v1 virCgroupBindMount so that ../unified mount directory can be created for the v2 mount. (IIUC, this is related to the environment inside the container where libvirt/lxc attempts to prepare hybrid-like cgroup setup.) HTH, Michal [1] v1 in https://bugzilla.opensuse.org/show_bug.cgi?id=1183247#c35