[systemd-devel] How to use cgroups within containers?

Lennart Poettering lennart at poettering.net
Mon Oct 20 17:27:34 UTC 2014


On Mon, 20.10.14 19:16, Richard Weinberger (richard at nod.at) wrote:

> > Have you read the link I posted?
> 
> Sure, I've also been in the room in Düsseldorf while you've read it
> in front of us.

Not that I changed it since then... ;-)

> > Yes, I test systemd inside containers. Daily. Actually it's my primary
> > way of testing systemd, since it is extremely quick and allows me to
> > attach from the host with debugging tools...
> > 
> > As long as you follow the suggestions in the document I linked systemd
> > will work without modifications in container managers. At least
> > libvirt-lxc and nspawn follows these suggestions, not sure about the
> > other container managers.
> 
> If I read the source of nspwan correctly, it does not use user
> namespaces.

Ah, this is about user namespaces? No I have not played around with
them so far. Sorry.

> libvirt-lxc is currently not sure how to support systemd. So far it
> bind mounts only the machine specific part of cgroups into the container.
> Which is not really nice but better than exposing the whole hierarchy into
> the container.

It really should also bind mount the upper parts, but possibly mark
them read-only (which nspawn currently doesn't do).

Thanks,

Lennart

-- 
Lennart Poettering, Red Hat


More information about the Containers mailing list