Add --enable-nsdelegate flag to mount cgroups2 with nsdelegate option #682
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Emir Buljubašić <[email protected]>
emirbuljubasic
force-pushed
the
feature/cgroup-nsdelegate
branch
from
85d8cee to
85614ea
Compare
|
LGTM but I'll let @mihalicyn take a look as he's more familiar with how we handle arguments between the daemon and library and potential fun with updates and the like. |
|
Hey @mihalicyn any updates on this? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch introduces a new flag, --enable-nsdelegate, in the lxcfs project.
When specified, the flag makes the __cg_mount_direct function use the "nsdelegate"
mount option when mounting a cgroup2 filesystem. This helps to properly delegate
cgroup namespace control to the container, as required in some configurations.
The change was tested to ensure that when the flag is enabled, the cgroup mount
includes "nsdelegate", and when it is not enabled, the original behaviour is preserved.
Fixes #681