Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 395079 - sys-apps/openrc: add rc_cgroup option
Summary: sys-apps/openrc: add rc_cgroup option
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Hosted Projects
Classification: Unclassified
Component: OpenRC (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: OpenRC Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: openrc-tracker
  Show dependency tree
 
Reported: 2011-12-17 16:51 UTC by Piotr Karbowski
Modified: 2012-11-09 23:09 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
openrc_optional_cgroups.patch (openrc_optional_cgroups.patch,2.42 KB, patch)
2011-12-17 16:52 UTC, Piotr Karbowski
Details | Diff
0001-cgroups-create-one-cgroup-per-subsystem.patch (0001-cgroups-create-one-cgroup-per-subsystem.patch,1.84 KB, text/plain)
2011-12-17 19:15 UTC, William Hubbs
Details
0001-cgroups-create-one-cgroup-per-subsystem.patch (0001-cgroups-create-one-cgroup-per-subsystem.patch,2.04 KB, text/plain)
2011-12-17 20:04 UTC, William Hubbs
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Karbowski archtester Gentoo Infrastructure gentoo-dev Security 2011-12-17 16:51:59 UTC
Enforcing openrc-managed cgroups on users isn't good idea nor is suggesting
use of libcgroup. Kernel's SCHED_AUTOGROUP handle cgroups per session just fine.
For example current openrc's implementation will put all ssh users in one group,
unlike sched_autogrup.

Patch included.

Reproducible: Always
Comment 1 Piotr Karbowski archtester Gentoo Infrastructure gentoo-dev Security 2011-12-17 16:52:28 UTC
Created attachment 296139 [details, diff]
openrc_optional_cgroups.patch
Comment 2 SpanKY gentoo-dev 2011-12-17 18:41:58 UTC
the default should be "YES", and every call site shouldn't be handling the default themselves
Comment 3 SpanKY gentoo-dev 2011-12-17 18:43:15 UTC
Comment on attachment 296139 [details, diff]
openrc_optional_cgroups.patch

well, it should default to "NO" while it's under development (like it is now), but once that is no longer the case, it'll become "YES" by default

also, the knob should not control whether the fs gets mounted.  just whether cgroups get used.  so your sysfs.in change here won't be applied.
Comment 4 Piotr Karbowski archtester Gentoo Infrastructure gentoo-dev Security 2011-12-17 19:12:45 UTC
Why would I want preserve openrc cgroup's mountpoint with openrc's release agent?

If I try use it for example with lxc, it fail on shutdown as lxc want to remove cgroup dir after it is not used but the release agent do it before so there is an lxc error.

I still think you should not mount it unless you use it.
Comment 5 William Hubbs gentoo-dev 2011-12-17 19:15:43 UTC
Created attachment 296157 [details]
0001-cgroups-create-one-cgroup-per-subsystem.patch

This is actually where I want to head with cgroups. According to the
kernel documentation, we should create a cgroup for each subsystem. The
only thing I'm not sure about yet is how to create the "openrc" group,
which has no subsystems attached. If I can find out how to do that, we
will build the same group hierarchy as systemd.

I need to make a small change to this patch, which I will repost, that
adds the release agent, but that's just an additional mount option.
Comment 6 William Hubbs gentoo-dev 2011-12-17 20:04:08 UTC
Created attachment 296159 [details]
0001-cgroups-create-one-cgroup-per-subsystem.patch

Here is an update of my patch.

Notice that the openrc group is the only cgroup to use the release
agent. Also, I''m not sure of the mount command to use for this cgroup
to not attach any subsystems. Any suggestions would be helpful.
Comment 7 William Hubbs gentoo-dev 2011-12-20 07:37:13 UTC
A modified version of your patch was applied in commit 3e2001f.
Comment 8 Piotr Karbowski archtester Gentoo Infrastructure gentoo-dev Security 2011-12-20 08:14:29 UTC
Thank you. Should I change status to RESOLVED or you want kept open?
Comment 9 William Hubbs gentoo-dev 2011-12-20 15:26:34 UTC
Per Mike's request in comment #3, commit f6dc3d5 was also added.
This makes sure that we always mount a tmpfs on /sys/fs/cgroup.
Comment 10 Piotr Karbowski archtester Gentoo Infrastructure gentoo-dev Security 2012-01-07 10:58:11 UTC
I am really disapointed by the commit 'cgroups: hide configure option to turn off cgroups'. this is so wrong that I don't know even where to start. Even if by default this is good idea to enable it, for the lord's sake, why you trying so hard to prevent user from choose if he want or not use it? I don't want openrc-managed cgroups and thanks god I know how to disable it, others may not.
Comment 11 William Hubbs gentoo-dev 2012-01-07 16:07:37 UTC
(In reply to comment #10)
> I am really disapointed by the commit 'cgroups: hide configure option to turn
> off cgroups'. this is so wrong that I don't know even where to start. Even if
> by default this is good idea to enable it, for the lord's sake, why you trying
> so hard to prevent user from choose if he want or not use it? I don't want
> openrc-managed cgroups and thanks god I know how to disable it, others may not.

See /usr/src/linux/Documentation/cgroups/cgroups.txt. The kernel team has very specifically defined how the cgroups directory is supposed to be set up, and openrc is following their definition. In other words, what you are saying is you don't want the kernel defined cgroups.

Right now, you can disable this specifically because of lxc and vserver, but once those packages are fixed, you will need this setup.
Comment 12 Fpemud 2012-11-09 23:09:48 UTC
I'm using lxc and I encounter the same problem as Piotr Karbowski's comment 4.

after lxc-stop:
lxc-start: No such file or directory - failed to remove cgroup '/sys/fs/cgroup/openrc//lxc/virt-master'

according to my understanding, the conclusion is lxc should be fixed.
I have the willingness to do something to push the lxc team.
But what is the correct behavior lxc should have? Can you give some more information here?