-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openrc and docker cgroup v2 path conflict #680
Comments
ncopa
added a commit
to ncopa/openrc
that referenced
this issue
Dec 15, 2023
Some services, like docker, creates and manages /sys/fs/cgroup/<service> themselves. Avoid conflict with the openrc created cgroup path by adding a `openrc.` prefix. Fixes: OpenRC#680
ncopa
added a commit
to ncopa/openrc
that referenced
this issue
Dec 18, 2023
Some services, like docker, creates and manages /sys/fs/cgroup/<service> themselves. Avoid conflict with the openrc created cgroup path by adding a `openrc.` prefix. Fixes: OpenRC#680
I believe this also affects lxc: https://gitlab.alpinelinux.org/alpine/aports/-/issues/15607 This is sort of critical. @williamh can you please take a look? |
williamh
pushed a commit
that referenced
this issue
Jan 9, 2024
Some services, like docker, creates and manages /sys/fs/cgroup/<service> themselves. Avoid conflict with the openrc created cgroup path by adding a `openrc.` prefix. Fixes: #680
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have been trying to solve a weird downstream bug with
rc_group_mode=unified
which recently was enabled as the default.To reproduce the issue, start docker as an openrc service:
rc-service docker start
Then try run a docker container with memory limits:
For some reason it ends up in
domain threaded
mode:Now try restart the service, and notice that it originally is not in
domain threaded
mode:Run any container and, it switches back to
domain threaded
mode (it works without memory limits):A workaround for this is to set
--cgroup-parent
to something other thandocker
.When trying to find out what sets this, I realized that openrc will create and use
/sys/fs/cgroup/$SVCNAME
. In the docker case this ends up with/sys/fs/cgroup/docker
. Now, the default --cgroup-parent in docker is "docker", so docker tries to manage its containers under/sys/fs/cgroup/docker
. But since openrc has its stuff there,it gets confused, and setsdomain threaded mode
(I believe).To properly fix this, I believe we should not use
/sys/fs/cgroup/$SVCNAME
to avoid the conflict with docker. We could use something like:Dowstream issues:
The text was updated successfully, but these errors were encountered: