Enforcing openrc-managed cgroups on users isn't good idea nor is suggesting use of libcgroup. Kernel's SCHED_AUTOGROUP handle cgroups per session just fine. For example current openrc's implementation will put all ssh users in one group, unlike sched_autogrup. Patch included. Reproducible: Always
Created attachment 296139 [details, diff] openrc_optional_cgroups.patch
the default should be "YES", and every call site shouldn't be handling the default themselves
Comment on attachment 296139 [details, diff] openrc_optional_cgroups.patch well, it should default to "NO" while it's under development (like it is now), but once that is no longer the case, it'll become "YES" by default also, the knob should not control whether the fs gets mounted. just whether cgroups get used. so your sysfs.in change here won't be applied.
Why would I want preserve openrc cgroup's mountpoint with openrc's release agent? If I try use it for example with lxc, it fail on shutdown as lxc want to remove cgroup dir after it is not used but the release agent do it before so there is an lxc error. I still think you should not mount it unless you use it.
Created attachment 296157 [details] 0001-cgroups-create-one-cgroup-per-subsystem.patch This is actually where I want to head with cgroups. According to the kernel documentation, we should create a cgroup for each subsystem. The only thing I'm not sure about yet is how to create the "openrc" group, which has no subsystems attached. If I can find out how to do that, we will build the same group hierarchy as systemd. I need to make a small change to this patch, which I will repost, that adds the release agent, but that's just an additional mount option.
Created attachment 296159 [details] 0001-cgroups-create-one-cgroup-per-subsystem.patch Here is an update of my patch. Notice that the openrc group is the only cgroup to use the release agent. Also, I''m not sure of the mount command to use for this cgroup to not attach any subsystems. Any suggestions would be helpful.
A modified version of your patch was applied in commit 3e2001f.
Thank you. Should I change status to RESOLVED or you want kept open?
Per Mike's request in comment #3, commit f6dc3d5 was also added. This makes sure that we always mount a tmpfs on /sys/fs/cgroup.
I am really disapointed by the commit 'cgroups: hide configure option to turn off cgroups'. this is so wrong that I don't know even where to start. Even if by default this is good idea to enable it, for the lord's sake, why you trying so hard to prevent user from choose if he want or not use it? I don't want openrc-managed cgroups and thanks god I know how to disable it, others may not.
(In reply to comment #10) > I am really disapointed by the commit 'cgroups: hide configure option to turn > off cgroups'. this is so wrong that I don't know even where to start. Even if > by default this is good idea to enable it, for the lord's sake, why you trying > so hard to prevent user from choose if he want or not use it? I don't want > openrc-managed cgroups and thanks god I know how to disable it, others may not. See /usr/src/linux/Documentation/cgroups/cgroups.txt. The kernel team has very specifically defined how the cgroups directory is supposed to be set up, and openrc is following their definition. In other words, what you are saying is you don't want the kernel defined cgroups. Right now, you can disable this specifically because of lxc and vserver, but once those packages are fixed, you will need this setup.
I'm using lxc and I encounter the same problem as Piotr Karbowski's comment 4. after lxc-stop: lxc-start: No such file or directory - failed to remove cgroup '/sys/fs/cgroup/openrc//lxc/virt-master' according to my understanding, the conclusion is lxc should be fixed. I have the willingness to do something to push the lxc team. But what is the correct behavior lxc should have? Can you give some more information here?