[systemd-devel] Feedback sought: can we drop cgroupv1 support soon?

[Lennart Poettering]

On Mi, 19.07.23 10:23, Lewis Gaul (lewis.gaul at gmail.com) wrote:

> Hi Lennart, all,
>
> TL;DR: A container making use of cgroup controllers must use the same
> cgroup version as the host,

Controllers on cgroupv1 are not safely delegatable. If you did, then
this highly problematic anyway, as you give containers the ability to
hang the whole system. Moreover many controllers are not actually
recursive on cgroupsv1 (cpuset, …), hence totally wrong to delegate.

The kernel never supported that and we explicitly never supported that
in systemd, documenting this. If you ignore that, and delegate anyway,
then this leaves me kinda indefferent to your situation...

You can safely delegate named hierachies (i.e. not controller
hierarchies) on cgroupsv1, hence that is what I'd recommend you to do.

> Does this make sense as a use-case and motivation for wanting new systemd
> versions to continue supporting cgroups v1? Of course not forever, but
> until there are less hosts out there using cgroups v1.

I am not too impressed tbh. You are doing something half broken and
outside of the intended model already, I am not sure we need to go the
extra mile to support this for longer.

Lennart

--
Lennart Poettering, Berlin