Re: [meta-virtualization][PATCH] kernel/cfg: add CONFIG_CGROUP_BPF to docker config

Wed, 06 Mar 2024 22:20:24 -0800 


On 3/7/24 04:22, Bruce Ashfield wrote:

CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know 
the content is safe.

On Tue, Mar 5, 2024 at 9:00 PM Xiangyu Chen
<xiangyu.c...@eng.windriver.com> wrote:

From: Xiangyu Chen <xiangyu.c...@windriver.com>

Add CONFIG_CGROUP_BPF to ensure docker can be started under cgroup v2,
otherwise it would report the following error:

      Error: for ... error setting cgroup config for procHooks process:
      bpf_prog_query(BPF_CGROUP_DEVICE) failed: invalid argument: unknown

Cgroup v2 device controller has no interface files and is implemented on top
of cgroup BPF. To control access to device files, a user may create bpf programs
of type BPF_PROG_TYPE_CGROUP_DEVICE and attach them to cgroups with
BPF_CGROUP_DEVICE flag.

related to this, check out my latest push to master-next. I've not taken tweaks
to the fragments in meta-virt lately, as I really want to get rid of
the duplicate
fragments between the main kernel-cache and the layer.

So I finally took the time to do the sync and removal in meta-virt.

See what you get when building against meta-virt with that change, and
then we can do this same change in the kernel-cache and bump the
yocto-cfg-fragments SRCREV in meta-virt.


Hi Bruce,
I have synced the meta-virt on master-next branch, tested with the docker package. 

No error happens during building and running(with cgroup1).
For cgroup2, docker needs CONFIG_CGROUP_BPF option, it has already exists in features/bpf/bpf.cfg, but we might not
need to turn on all BPF features, so can we move CONFIG_CGROUP_BPF to feature features/cgroup/cgroup.cfg or duplicate it 

in to cfg/docker.cfg?


Thanks


Br,

Xiangyu



Bruce


Signed-off-by: Xiangyu Chen <xiangyu.c...@windriver.com>
---
  recipes-kernel/linux/linux-yocto/docker.cfg | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/recipes-kernel/linux/linux-yocto/docker.cfg 
b/recipes-kernel/linux/linux-yocto/docker.cfg
index eeeaa242..4d8d7e04 100644
--- a/recipes-kernel/linux/linux-yocto/docker.cfg
+++ b/recipes-kernel/linux/linux-yocto/docker.cfg
@@ -11,3 +11,5 @@ CONFIG_IP_NF_TARGET_MASQUERADE=m
  CONFIG_NETFILTER_XT_MATCH_IPVS=m

  CONFIG_OVERLAY_FS=y
+
+CONFIG_CGROUP_BPF=y
--
2.25.1






--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II




-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#8608): 
https://lists.yoctoproject.org/g/meta-virtualization/message/8608
Mute This Topic: https://lists.yoctoproject.org/mt/104758931/21656
Group Owner: meta-virtualization+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to