[systemd-devel] How to use cgroups within containers?
Lennart Poettering
lennart at poettering.net
Mon Oct 20 10:27:34 PDT 2014
On Mon, 20.10.14 19:16, Richard Weinberger (richard at nod.at) wrote:
> > Have you read the link I posted?
>
> Sure, I've also been in the room in Düsseldorf while you've read it
> in front of us.
Not that I changed it since then... ;-)
> > Yes, I test systemd inside containers. Daily. Actually it's my primary
> > way of testing systemd, since it is extremely quick and allows me to
> > attach from the host with debugging tools...
> >
> > As long as you follow the suggestions in the document I linked systemd
> > will work without modifications in container managers. At least
> > libvirt-lxc and nspawn follows these suggestions, not sure about the
> > other container managers.
>
> If I read the source of nspwan correctly, it does not use user
> namespaces.
Ah, this is about user namespaces? No I have not played around with
them so far. Sorry.
> libvirt-lxc is currently not sure how to support systemd. So far it
> bind mounts only the machine specific part of cgroups into the container.
> Which is not really nice but better than exposing the whole hierarchy into
> the container.
It really should also bind mount the upper parts, but possibly mark
them read-only (which nspawn currently doesn't do).
Thanks,
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list