On Wed, 05.02.14 23:44, Richard Weinberger (richard.weinber...@gmail.com) wrote:
> Hi! > > We're heavily using Linux containers in our production environment. > As modern Linux distributions move forward to systemd have to make sure that > systemd works within our containers. > > Sadly we're facing issues with cgroups. > Our testbed consists of openSUSE 13.1 with Linux 3.13.1 and libvirt 1.2.1. > > In a plain setup systemd stops immediately because it is unable to > create the cgroup hierarchy. > Mostly because the container uid 0 is in a user namespace and has no > rights to do that. Make sure to either make the name=systemd cgroups hierarchy available in the container, or to grant it CAP_SYS_MOUNT so that it can do it on its own. Make sure that your container manager sets up thigns like described here: http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ > Next try, trigger the "Ingo Molnar"-branch by mounting a tmpfs to > /sys/fs/cgroup/, systemd segfaults. > Bug filed to https://bugs.freedesktop.org/show_bug.cgi?id=74589 Yeah, this is never tested, and likely to break all the time. We probably should remove this feature, since we cannot guarantee it work, and apparently nobody has noticed it to be broken since a while. > Starting Create dynamic rule for /dev/root link... This is so bogus that it hurts ^^^^^^^ > But is this tmpfs hack the correct way to run systemd in a container? > I really don't think so. Nope. Please mount tmpfs to /sys/fs/cgroup as tmps, and then the name=systemd cgroup hierarchy to /sys/fs/cgroup/systemd, see above. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
