Re: [libvirt PATCH v3] cgroup/LXC: Do not condition availability of v2 by controllers

Hello. (Sorry for a stitched mail below, I'm not subscribed to the ML so this is what I got from public archives. Please, keep me Cced.) On 10/24/22 13:54, Pavel Hrdina wrote: I very much agree with this. Despite that I suggested the posted patch [1] because libvirt/lxc apparently violates systemd rules of exclusive access to cgroup hierarchies already. (At least that's how I understand the migration between libvirtd.service and target machine.slice/.../*.scope.) The patch is meant as a quick (and admittedly dirty) fix to the issue that users have been reporting with libvirt/lxc in the hybrid mode for several months. Yes, as I wrote in the commit message, there seems to be some inconsistency in what libvirt core vs libvirt/lxc uses to access cgroups. Using always systemd API would seem most consistent but I'd retain the current patch as a workaround provided it doesn't break things more (than the current state). On 10/24/22 13:28, Pavel Hrdina wrote: As a more detailed explanation why the reversed order works: It relies on the tmpfs mount over the ro-path in the v1 virCgroupBindMount so that ../unified mount directory can be created for the v2 mount. (IIUC, this is related to the environment inside the container where libvirt/lxc attempts to prepare hybrid-like cgroup setup.) HTH, Michal [1] v1 in https://bugzilla.opensuse.org/show_bug.cgi?id=1183247#c35