Cgroup

[vlstill]

Add support for (optionally) running nix-daemon actions in cgroups of calling process. Supported only if daemon can access given cgroups.

[edolstra]

Some comments:

• I'm wondering if it wouldn't be better to only run builders in the calling cgroup (rather than the entire worker). Otherwise there is a risk of priority inversion, i.e. a client with a low priority will also cause the daemon worker to run with low priority. Since it will typically acquire some SQLite locks, it can cause other (high-priority) clients to block for a long time. I just turned off the use of nice/ionice in the Nix daemon NixOS module for that reason.
• Could you move the cgroup handling into a separate file instead of util.cc? E.g. cgroups.cc / cgroups.hh.
• Please add a description of daemon-use-cgroups to doc/manual/conf-file.xml.

[vlstill]

I implemented your comments.

As far as the whole-worker or just-build problem goes, my original intention was to prevent users with low priority from using system resources though Nix, but I guess I didn't really take locks into account. So now Nix uses cgroups only for building. The only downside is that now it needs to have write access also to it's original cgroups, as it needs to return to them in case other action is required.

[edolstra]

It won't need to restore the cgroup if you only change the cgroup in the builder's child process, i.e., in initChild() in build.cc.

[stale[bot]]

I marked this as stale due to inactivity. → More info

[Ericson2314]

I think it would be better to return to this after https://github.com/NixOS/nix/pull/3600 is merged.

[edolstra]

We can close this now that #3600 has been merged.