[systemd-devel] How to use cgroups within containers?
Richard Weinberger
richard at nod.at
Mon Oct 20 16:55:11 UTC 2014
Am 20.10.2014 um 18:51 schrieb Lennart Poettering:
> On Mon, 20.10.14 18:49, Richard Weinberger (richard at nod.at) wrote:
>
>> Am 20.10.2014 um 18:24 schrieb Lennart Poettering:
>>> On Fri, 17.10.14 23:35, Richard Weinberger (richard.weinberger at gmail.com) wrote:
>>>
>>>> Dear systemd and container folks,
>>>>
>>>> at Plumbers the question raised how to provide cgroups to a systemd that lives
>>>> in a container (with user namespaces).
>>>> Due to the GDL train strikes I had to leave very soon and had no chance to
>>>> talk to you in person.
>>>>
>>>> Was a solution proposed?
>>>> All I want to know is how to provide cgroups in a sane and secure way
>>>> to systemd. :-)
>>>
>>> The cgroups setup systemd requires to be able to run cleanly without
>>> changes in a container is documented here:
>>>
>>> http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
>>>
>>> You have to mount the full cgroupfs hierarchies into the containers,
>>> so that /proc/$PID/cgroup makes sense inside the containers (that file
>>> lists absolute paths...). They can be mounted read-only up to the
>>> container's root, but further down they need to be writable to the
>>> container, so that systemd inside the container can do its job.
>>
>> And what solution do you propose?
>
> Solution? For what problem precisely?
Running systemd inside Linux container (including user namespaces). :-)
>> Will cgroup namespaces make systemd finally happy?
>
> I have no idea about cgroup namespaces and what they entail.
>
> systemd is quite happy already, if you follow the guidelines for
> container managers we put together...
Have you ever used systemd inside a container?
Say, LXC or libvirt-lxc...
Thanks,
//richard
More information about the Containers
mailing list