oci-systemd-hook WIP - Add other systemd hierarchies

Signed-off-by: TomSweeneyRedHat [email protected]

Do NOT merge this for now. See @rhatdan's comment below, we'll retest after the selinux fix come through to see if we need to do any of this.

Adds the other systemd hierarchies to the mix so they can be mounted appropriately too. The bind mount for /sys/fs/cgroup/systemd was also changed from a RO to RW by changing the boolean from true to false in the bind_mount() call at line 664.

The systemd hierarchies are listed in the file /proc/{pid}/cgroup. At the time of this change on 3/28/18 they included: "cpuset", "pids", "blkio", "hugetlb", "freezer", "devices", "perf_event", "cpu,cpuacct", "net_cls,net_prio", "memory", "name=systemd", and "unified",

Feb 23 '18 01:02 TomSweeneyRedHat

@mrunalp PTAL

Mar 26 '18 13:03 TomSweeneyRedHat

LGTM

Mar 26 '18 19:03 rhatdan

Out today will take a look tomorrow.

Sent from my iPhone

On Mar 26, 2018, at 2:15 PM, Daniel J Walsh [email protected] wrote:

LGTM

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

Mar 26 '18 19:03 mrunalp

@TomSweeneyRedHat What are the other hierarchies? It might be good to add to the commit message for posterity.

Mar 27 '18 23:03 mrunalp

@mrunalp good thought on the commit message. I've touched it up.

Mar 28 '18 14:03 TomSweeneyRedHat

I am wondering if all of these libraries need to be writable within a systemd container. Or were these only labeled this way in the search to find the real problem which was the SELinux kernel support for cgroupfs not labeling the new subdirs correctly.

Mar 29 '18 04:03 rhatdan

That's a good question @rhatdan. It may well be that we won't need this patch once the selinux fix bubbles up. I'll add a WIP/Don't merge tag to this for now and we can revisit.

Mar 29 '18 14:03 TomSweeneyRedHat

As this is nearly five years old, closing.

Feb 16 '23 20:02 TomSweeneyRedHat

WIP - Add other systemd hierarchies - Don't merge