]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 910384c) | patch
nspawn: move nspawn cgroup hierarchy one level down unconditionally
authorLennart Poettering <lennart@poettering.net>
Wed, 2 May 2018 12:24:54 +0000 (14:24 +0200)
committerLennart Poettering <lennart@poettering.net>
Thu, 3 May 2018 15:45:42 +0000 (17:45 +0200)
commit720f0a2f3c928cc9379501a52146be9fbb4d9be2
treebc5c733e8cf132e7747ae7738f328e17e90440fbtree | snapshot
parent910384c82177bac586a6ba543d50ca6aa63b8710commit | diff
nspawn: move nspawn cgroup hierarchy one level down unconditionally

We need to do this in all cases, including on cgroupsv1 in order to
ensure the host systemd and any systemd in the payload won't fight for
the cgroup attributes of the top-level cgroup of the payload.

This is because systemd for Delegate=yes units will only delegate the
right to create children as well as their attributes. However, nspawn
expects that the cgroup delegated covers both the right to create
children and the attributes of the cgroup itself. Hence, to clear this
up, let's unconditionally insert a intermediary cgroup, on cgroupsv1 as
well as cgroupsv2, unconditionally.

This is also nice as it reduces the differences in the various setups
and exposes very close behaviour everywhere.
src/nspawn/nspawn-cgroup.c diff | blob | blame | history
src/nspawn/nspawn-cgroup.h diff | blob | blame | history
src/nspawn/nspawn.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.