On Thu, Mar 7, 2024 at 1:20 AM Xiangyu Chen <[email protected]> wrote: > > > On 3/7/24 04:22, Bruce Ashfield wrote: > > CAUTION: This email comes from a non Wind River email account! > > Do not click links or open attachments unless you recognize the sender and > > know the content is safe. > > > > On Tue, Mar 5, 2024 at 9:00 PM Xiangyu Chen > > <[email protected]> wrote: > >> From: Xiangyu Chen <[email protected]> > >> > >> Add CONFIG_CGROUP_BPF to ensure docker can be started under cgroup v2, > >> otherwise it would report the following error: > >> > >> Error: for ... error setting cgroup config for procHooks process: > >> bpf_prog_query(BPF_CGROUP_DEVICE) failed: invalid argument: unknown > >> > >> Cgroup v2 device controller has no interface files and is implemented on > >> top > >> of cgroup BPF. To control access to device files, a user may create bpf > >> programs > >> of type BPF_PROG_TYPE_CGROUP_DEVICE and attach them to cgroups with > >> BPF_CGROUP_DEVICE flag. > > related to this, check out my latest push to master-next. I've not taken > > tweaks > > to the fragments in meta-virt lately, as I really want to get rid of > > the duplicate > > fragments between the main kernel-cache and the layer. > > > > So I finally took the time to do the sync and removal in meta-virt. > > > > See what you get when building against meta-virt with that change, and > > then we can do this same change in the kernel-cache and bump the > > yocto-cfg-fragments SRCREV in meta-virt. > > Hi Bruce, > > > I have synced the meta-virt on master-next branch, tested with the > docker package. > > No error happens during building and running(with cgroup1). > > For cgroup2, docker needs CONFIG_CGROUP_BPF option, it has already > exists in features/bpf/bpf.cfg, but we might not > > need to turn on all BPF features, so can we move CONFIG_CGROUP_BPF to > feature features/cgroup/cgroup.cfg or duplicate it > > in to cfg/docker.cfg?
This is exactly the feedback I was looking for! Thanks for running the tests. I agree that we don't want all those BPF options on every time that docker support is required. I'd suggest that duplicating it in the docker.cfg is the right thing to do. If you want to send a patch for that to the kernel-cache, I'll merge it and bump the SRCREVs. If nothing breaks in the next three weeks of testing of that change, I intend to go to the single source of fragments for the LTS release. If something does break, I'll make sure to get the options into the fragments in the layer. Bruce > > > Thanks > > > Br, > > Xiangyu > > > > > Bruce > > > >> Signed-off-by: Xiangyu Chen <[email protected]> > >> --- > >> recipes-kernel/linux/linux-yocto/docker.cfg | 2 ++ > >> 1 file changed, 2 insertions(+) > >> > >> diff --git a/recipes-kernel/linux/linux-yocto/docker.cfg > >> b/recipes-kernel/linux/linux-yocto/docker.cfg > >> index eeeaa242..4d8d7e04 100644 > >> --- a/recipes-kernel/linux/linux-yocto/docker.cfg > >> +++ b/recipes-kernel/linux/linux-yocto/docker.cfg > >> @@ -11,3 +11,5 @@ CONFIG_IP_NF_TARGET_MASQUERADE=m > >> CONFIG_NETFILTER_XT_MATCH_IPVS=m > >> > >> CONFIG_OVERLAY_FS=y > >> + > >> +CONFIG_CGROUP_BPF=y > >> -- > >> 2.25.1 > >> > >> > >> > >> > > > > -- > > - Thou shalt not follow the NULL pointer, for chaos and madness await > > thee at its end > > - "Use the force Harry" - Gandalf, Star Trek II > > > > > > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8609): https://lists.yoctoproject.org/g/meta-virtualization/message/8609 Mute This Topic: https://lists.yoctoproject.org/mt/104758931/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
