Re: [Devel] [PATCH] cgroup/cpuset: emulate cgroup in container

Wed, 13 Dec 2017 04:46:18 -0800

Personally I don't like these as we still have no unswer to "If cpusets are optional for docker, why k8s can't work without them?" it seem there is not enough explanation in VZAP-31. 

We also need to revert the patch below to show cpuset in CT:
commit 5160bd34c9bd ("ve/proc/cpuset: do not show cpuset in CT")
It seem I can still attach a process to a nested cgroup in CT with these patch: 

CT-6ecd9be1 /# cat /proc/cgroups | grep cpuset
cpuset  16      1       1
CT-6ecd9be1 /# ls /sys/fs/cgroup/cpuset/cpuset.cpus
/sys/fs/cgroup/cpuset/cpuset.cpus
CT-6ecd9be1 /# mkdir /sys/fs/cgroup/cpuset/test
CT-6ecd9be1 /# sleep 1000 &
[1] 678
CT-6ecd9be1 /# echo  678 > /sys/fs/cgroup/cpuset/test/tasks
CT-6ecd9be1 /# cat /sys/fs/cgroup/cpuset/test/tasks
678

On 12/13/2017 01:37 PM, Stanislav Kinsburskiy wrote:

Any changes to this cgroup are skipped in container, but success code is
returned.
The idea is to fool Docker/Kubernetes.

https://jira.sw.ru/browse/PSBM-58423

This patch obsoletes "ve/proc/cpuset: do not show cpuset in CT"

Signed-off-by: Stanislav Kinsburskiy <skinsbur...@virtuozzo.com>
---
  kernel/cpuset.c |    9 +++++++++
  1 file changed, 9 insertions(+)

diff --git a/kernel/cpuset.c b/kernel/cpuset.c
index 26d88eb..dfac505 100644
--- a/kernel/cpuset.c
+++ b/kernel/cpuset.c
@@ -1441,6 +1441,9 @@ static int cpuset_can_attach(struct cgroup *cgrp, struct 
cgroup_taskset *tset)
        struct task_struct *task;
        int ret;
+ if (!ve_is_super(get_exec_env())) 
+               return 0;
+
        mutex_lock(&cpuset_mutex);
ret = -ENOSPC; 
@@ -1470,6 +1473,9 @@ static int cpuset_can_attach(struct cgroup *cgrp, struct 
cgroup_taskset *tset)
  static void cpuset_cancel_attach(struct cgroup *cgrp,
                                 struct cgroup_taskset *tset)
  {
+       if (!ve_is_super(get_exec_env()))
+               return;
+
        mutex_lock(&cpuset_mutex);
        cgroup_cs(cgrp)->attach_in_progress--;
        mutex_unlock(&cpuset_mutex);
@@ -1494,6 +1500,9 @@ static void cpuset_attach(struct cgroup *cgrp, struct 
cgroup_taskset *tset)
        struct cpuset *cs = cgroup_cs(cgrp);
        struct cpuset *oldcs = cgroup_cs(oldcgrp);
+ if (!ve_is_super(get_exec_env())) 
+               return;
+
        mutex_lock(&cpuset_mutex);
/* prepare for attach */ 



--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to