On 3/7/24 22:18, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Thu, Mar 7, 2024 at 1:20 AM Xiangyu Chen
<xiangyu.c...@eng.windriver.com> wrote:
On 3/7/24 04:22, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Tue, Mar 5, 2024 at 9:00 PM Xiangyu Chen
<xiangyu.c...@eng.windriver.com> wrote:
From: Xiangyu Chen <xiangyu.c...@windriver.com>
Add CONFIG_CGROUP_BPF to ensure docker can be started under cgroup v2,
otherwise it would report the following error:
Error: for ... error setting cgroup config for procHooks process:
bpf_prog_query(BPF_CGROUP_DEVICE) failed: invalid argument: unknown
Cgroup v2 device controller has no interface files and is implemented on top
of cgroup BPF. To control access to device files, a user may create bpf programs
of type BPF_PROG_TYPE_CGROUP_DEVICE and attach them to cgroups with
BPF_CGROUP_DEVICE flag.
related to this, check out my latest push to master-next. I've not taken tweaks
to the fragments in meta-virt lately, as I really want to get rid of
the duplicate
fragments between the main kernel-cache and the layer.
So I finally took the time to do the sync and removal in meta-virt.
See what you get when building against meta-virt with that change, and
then we can do this same change in the kernel-cache and bump the
yocto-cfg-fragments SRCREV in meta-virt.
Hi Bruce,
I have synced the meta-virt on master-next branch, tested with the
docker package.
No error happens during building and running(with cgroup1).
For cgroup2, docker needs CONFIG_CGROUP_BPF option, it has already
exists in features/bpf/bpf.cfg, but we might not
need to turn on all BPF features, so can we move CONFIG_CGROUP_BPF to
feature features/cgroup/cgroup.cfg or duplicate it
in to cfg/docker.cfg?
This is exactly the feedback I was looking for! Thanks for running the tests.
I agree that we don't want all those BPF options on every time that docker
support is required.
I'd suggest that duplicating it in the docker.cfg is the right thing to do.
Hi Bruce,
Thanks for your suggestion, a patch has been sent to linux-yocto.
Br,
Xiangyu
If you want to send a patch for that to the kernel-cache, I'll merge it and
bump the SRCREVs.
If nothing breaks in the next three weeks of testing of that change, I intend
to go to the single source of fragments for the LTS release. If something
does break, I'll make sure to get the options into the fragments in the layer.
Bruce
Thanks
Br,
Xiangyu
Bruce
Signed-off-by: Xiangyu Chen <xiangyu.c...@windriver.com>
---
recipes-kernel/linux/linux-yocto/docker.cfg | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-kernel/linux/linux-yocto/docker.cfg
b/recipes-kernel/linux/linux-yocto/docker.cfg
index eeeaa242..4d8d7e04 100644
--- a/recipes-kernel/linux/linux-yocto/docker.cfg
+++ b/recipes-kernel/linux/linux-yocto/docker.cfg
@@ -11,3 +11,5 @@ CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_NETFILTER_XT_MATCH_IPVS=m
CONFIG_OVERLAY_FS=y
+
+CONFIG_CGROUP_BPF=y
--
2.25.1
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#8610):
https://lists.yoctoproject.org/g/meta-virtualization/message/8610
Mute This Topic: https://lists.yoctoproject.org/mt/104758931/21656
Group Owner: meta-virtualization+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
