[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
** Also affects: systemd (Ubuntu) Importance: Undecided Status: New ** Summary changed: - cgroup v2 is not fully supported yet, proceeding with partial confinement + Switch to "unified" cgroup hierarchy (cgroupv2) ** Changed in: systemd (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: Switch to "unified" cgroup hierarchy (cgroupv2) To manage notifications about this bug go to: https://bugs.launchpad.net/lxc/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
lxc (1:4.0.4-0ubuntu1) groovy; urgency=medium * New upstream bugfix release (4.0.4): - Support for new Linux clone flags (clone into cgroup) - Support for new Linux VFS system calls - Internal symbols are now properly hidden from external consumers * New upstream bugfix release (4.0.3): - Improvement to cgroupv1/cgroupv2 handling - Various improvements and tests for lxc-usernsexec -- Stéphane Graber Thu, 20 Aug 2020 18:07:53 -0400 ** Also affects: lxc (Ubuntu) Importance: Undecided Status: New ** Changed in: lxc (Ubuntu) Importance: Undecided => Wishlist ** Changed in: lxc (Ubuntu) Status: New => Fix Released ** Changed in: snapd (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/lxc/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
** No longer affects: lxcfs (Ubuntu) ** No longer affects: lxd (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/lxc/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
** Changed in: systemd (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/lxc/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
** Changed in: lxc (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/lxc/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
** Changed in: lxd Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/lxc/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
** Package changed: lxc (Ubuntu) => lxc ** Changed in: lxc Importance: Unknown => Undecided ** Also affects: systemd (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943981 Importance: Unknown Status: Unknown ** Bug watch removed: LXC bug tracker #3198 https://github.com/lxc/lxc/issues/3198 ** Bug watch added: Debian Bug tracker #944389 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944389 ** Also affects: lxc (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944389 Importance: Unknown Status: Unknown ** Bug watch removed: LXC bug tracker #3221 https://github.com/lxc/lxc/issues/3221 ** Bug watch removed: LXC bug tracker #3240 https://github.com/lxc/lxc/issues/3240 ** Bug watch removed: github.com/ubports/ubports-installer/issues #1448 https://github.com/ubports/ubports-installer/issues/1448 ** Also affects: lxd via https://github.com/lxc/lxd/issues/6587 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/lxc/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
After discussing this we decided that we will leave cgroups v1 support for 21.04 because the snapd team will not be able to port all features to v2 in time. But early in the 21.10 cycle v1 is turned off and snapd needs to be ported to full v2 support. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: docker.io (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
** Also affects: snapd Importance: Undecided Status: New ** Changed in: snapd Status: New => Confirmed ** Changed in: snapd Importance: Undecided => High ** Changed in: snapd Assignee: (unassigned) => Maciej Borzecki (maciek-borzecki) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
@mvo: Fedora switched in 2019: https://medium.com/nttlabs/cgroup-v2-596d035be4d7 Debian switched with systemd 247.2-2 https://tracker.debian.org/news/1204112/accepted-systemd-2472-2-source-into-unstable/ I was about to follow Debian in systemd, but I'm holding the switch back for now. Could you please provide a link where snapd's progress can be tracked? I plan keeping the current systemd default then for 21.04 to minimize disruption and give some more time for preparation, but I'd like to make the switch early in the 21.10 cycle to also have time to fix regressions by 21.10's release. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
@rbalint Do you have a timeline when you plan this? The changes required make this most likely something we can only tackle during the 21.10 cycle :/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
@rbalint Thanks for this heads up. Unfortunately we are not ready for cgroups v2. Snapd is working on v2 systems but a lot of the functionality is not ported. AIUI it requires quite a bit of work on our side and the two are quite different :/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
Thank you everyone for implementing cgroup v2 support Snapd is not reported here to be fixed, but it may be: https://github.com/ubports/ubports-installer/issues/1448 @maciek-borzecki could you please confirm that snapd is fixed? Debian plans switching systemd to use cgroupv2 by default and if every package listed as affected here is ready I plan making the switch in Ubuntu, too. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943981 ** Bug watch added: github.com/ubports/ubports-installer/issues #1448 https://github.com/ubports/ubports-installer/issues/1448 ** Bug watch added: Debian Bug tracker #943981 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943981 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
** Changed in: lxc (Ubuntu) Importance: Undecided => Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
LXD, LXCFS and LXC all have cgroupv2 support now. It's certainly not perfect and things like CRIU (lxc-checkpoint) will not work until such time as cgroupv2 support is fully on part in the kernel with cgroupv1 and the needed additional interfaces are added to projects like CRIU. But for normal day to day use, we should be in pretty good shape now. ** Changed in: lxd (Ubuntu) Status: New => Fix Released ** Changed in: lxcfs (Ubuntu) Status: New => Fix Released ** Changed in: lxc (Ubuntu) Importance: Unknown => Undecided ** Changed in: lxc (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
lxc-checkpoint in the latest github master branch does not work under pure cgroup v2 as https://github.com/lxc/lxc/issues/3240 ** Bug watch added: LXC bug tracker #3240 https://github.com/lxc/lxc/issues/3240 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
On Mon, Dec 09, 2019 at 08:41:18PM -, Ryutaroh Matsumoto wrote: > https://github.com/lxc/lxc/issues/3221 Another LXC-container-doesn't > -start-at-all type issue also observed on Ubuntu Eoan with > systemd.unified_cgroup_hierarchy as well as Fedora 31. That seems specific to LXC stable-3.0 which had barebone unified hierarchy support to deal with systemd hyrbid cgroup layouts. However the changes to git master which enable full cgroup2 compatibility have been backported to the stable-3.0 branch and will be released with the next bugfix release. In other words, the start-at-all on a pure unified layout with 3.0.4 is expected unfortunately. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
https://github.com/lxc/lxd/issues/6587 When Ubuntu Eoan is booted with systemd.unified_cgroup_hierarchy, LXD cannot run Ubuntu Eoan in its container, but a small change to lxd/lxd/container_lxc.go enables LXD to operate as usual. ** Bug watch added: LXD bug tracker #6587 https://github.com/lxc/lxd/issues/6587 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
https://github.com/lxc/lxc/issues/3221 Another LXC-container-doesn't -start-at-all type issue also observed on Ubuntu Eoan with systemd.unified_cgroup_hierarchy as well as Fedora 31. ** Bug watch added: LXC bug tracker #3221 https://github.com/lxc/lxc/issues/3221 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
https://github.com/lxc/lxc/issues/3198#issuecomment-562252884 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
https://github.com/lxc/lxc/issues/3198#issuecomment-562064091 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
This was reported to the upstream https://github.com/lxc/lxc/issues/3198 The purpose of libpam-cgfs is only chowning some CGroup directories to the login user. When Linux is booted with systemd.unified_cgroup_hierarchy, /sys/fs/cgroup/user.slice/user-$UID.slice/session-nnn.scope is not chowned to a login user. So libpam-cgfs completely fails to function under cgroup v2. ** Also affects: lxcfs (Ubuntu) Importance: Undecided Status: New ** Bug watch added: LXC bug tracker #3198 https://github.com/lxc/lxc/issues/3198 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
When Ubuntu Eoan is started with systemd.unified_cgroup_hierarchy, lxc- start (version 3.0.4 packaged by Eoan) cannot be used in its default setting. It is a combination of unsuitable default configuration and an upstream bug in LXC 3.0.4. For detail, please refer to https://github.com/lxc/lxc/issues/3183 ** Project changed: lxc => lxc (Ubuntu) ** Changed in: lxc (Ubuntu) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
** Bug watch added: LXC bug tracker #3183 https://github.com/lxc/lxc/issues/3183 ** Also affects: lxc via https://github.com/lxc/lxc/issues/3183 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/lxc/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1850667] Re: cgroup v2 is not fully supported yet, proceeding with partial confinement
There's some ongoing work in snapd in this area. With 2.42 the snaps do not outright fail and a warning is printed out for the user. The current work on a named snapd v1 hierarchy should restore the snap process tracking capabilities. ** Changed in: snapd (Ubuntu) Status: New => In Progress ** Changed in: snapd (Ubuntu) Assignee: (unassigned) => Maciej Borzecki (maciek-borzecki) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1850667 Title: cgroup v2 is not fully supported yet, proceeding with partial confinement To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1850667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
