<div dir="ltr"><div><br class="gmail-Apple-interchange-newline"><table cellpadding="0" class="gmail-cf gmail-gJ" style="border-collapse:collapse;margin-top:0px;width:auto;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:14px;letter-spacing:0.2px;display:block"><tbody style="display:block"><tr class="gmail-acZ" style="height:auto;display:flex"><td class="gmail-gF gmail-gK" style="white-space:nowrap;padding:0px;vertical-align:top;width:609.862px;line-height:20px;display:block;max-height:20px"><table cellpadding="0" class="gmail-cf gmail-ix" style="border-collapse:collapse;table-layout:fixed;width:609.6px"><tbody><tr><td class="gmail-c2" style="display:flex"><h3 class="gmail-iw" style="overflow:hidden;font-size:0.75rem;font-weight:inherit;margin:inherit;text-overflow:ellipsis;letter-spacing:0.3px;color:rgb(95,99,104);line-height:20px"><span class="gmail-qu" tabindex="-1"><span name="Tomasz Torcz" class="gmail-gD" style="color:rgb(32,33,36);font-size:0.875rem;font-weight:bold;display:inline;vertical-align:top;letter-spacing:0.2px;line-height:20px">Tomasz Torcz</span></span></h3></td></tr></tbody></table></td></tr></tbody></table></div><div>In fact I m just comparing containers, I have no need yet for context switch, but I hope to understand why nspawn is slower and if there is something I can do to improve it, for example disabling spectre/meltdown mitigations improved nspawn a lot, so I was wondering if there is something else I can do to make nspawn as quick as podman/docker/qemu.<br class="gmail-Apple-interchange-newline"></div><div><table cellpadding="0" class="gmail-cf gmail-ix" style="border-collapse:collapse;table-layout:fixed;width:589.6px;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:14px;letter-spacing:0.2px;white-space:nowrap"><tbody><tr><td class="gmail-c2" style="display:flex"><h3 class="gmail-iw" style="overflow:hidden;font-size:0.75rem;font-weight:inherit;margin:inherit;text-overflow:ellipsis;letter-spacing:0.3px;color:rgb(95,99,104);line-height:20px"><span class="gmail-qu" tabindex="-1"><span name="Mantas Mikulėnas" class="gmail-gD" style="color:rgb(32,33,36);font-size:0.875rem;font-weight:bold;display:inline;vertical-align:top;letter-spacing:0.2px;line-height:20px">Mantas Mikulėnas</span></span></h3></td></tr></tbody></table></div><div>I tested with  Export SYSTEMD_SECCOMP=0<div>no improvement, I still get the same result</div><div>thank you,</div><div>badr</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jan 25, 2021 at 1:40 PM Badr Elmers <<a href="mailto:badrelmers@gmail.com">badrelmers@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I tested with 

Export SYSTEMD_SECCOMP=0<div>no improvement, I still get the same result</div><div>thank you,</div><div>badr</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jan 25, 2021 at 1:14 PM Mantas Mikulėnas <<a href="mailto:grawity@gmail.com" target="_blank">grawity@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jan 25, 2021, 12:56 Badr Elmers <<a href="mailto:badrelmers@gmail.com" target="_blank">badrelmers@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><span style="color:rgb(36,39,41);font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px">Why </span><code style="margin:0px;padding:2px 4px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;font-size:13px;vertical-align:baseline;box-sizing:inherit;white-space:pre-wrap;color:rgb(36,39,41);border-radius:3px">nspawn</code><span style="color:rgb(36,39,41);font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px"> is slow compared to </span><code style="margin:0px;padding:2px 4px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;font-size:13px;vertical-align:baseline;box-sizing:inherit;white-space:pre-wrap;color:rgb(36,39,41);border-radius:3px">docker</code><span style="color:rgb(36,39,41);font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px"> </span><code style="margin:0px;padding:2px 4px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;font-size:13px;vertical-align:baseline;box-sizing:inherit;white-space:pre-wrap;color:rgb(36,39,41);border-radius:3px">podman</code><span style="color:rgb(36,39,41);font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px"> and even </span><code style="margin:0px;padding:2px 4px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Consolas,Menlo,Monaco,"Lucida Console","Liberation Mono","DejaVu Sans Mono","Bitstream Vera Sans Mono","Courier New",monospace,sans-serif;font-size:13px;vertical-align:baseline;box-sizing:inherit;white-space:pre-wrap;color:rgb(36,39,41);border-radius:3px">qemu</code><span style="color:rgb(36,39,41);font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px">?! </span></div><div><span style="color:rgb(36,39,41);font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px">CPU tasks take twice of the time it takes in docker, podman or qemu</span> </div><div><br></div><div style="margin:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;width:649.2px;color:rgb(36,39,41)"><p style="margin-top:0px;margin-right:0px;margin-left:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit;clear:both">here I filled a request to improve nspawn performance which contain the steps and the full test result: <a href="https://github.com/systemd/systemd/issues/18370" rel="nofollow noreferrer noreferrer" style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit" target="_blank">https://github.com/systemd/systemd/issues/18370</a></p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit;clear:both">Do you know why systemd-nspawn is slower? how can I improve it?</p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit;clear:both">thank you</p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit;clear:both"><br></p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit;clear:both"></p></div></div></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Have you tried completely *disabling* the syscall filtering and all other seccomp-based features? Export SYSTEMD_SECCOMP=0 before running nspawn and check if it makes any difference...<br></div></div>
</blockquote></div>
</blockquote></div></div>