mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-04-04 19:16:12 +00:00
60e3679eb7
Add full cgroups support on host. Cgroups are managed by `FsManager` and `SystemdManager`. As the names impies, the `FsManager` manages cgroups through cgroupfs, while the `SystemdManager` manages cgroups through systemd. The two manages support cgroup v1 and cgroup v2. Two types of cgroups path are supported: 1. For colon paths, for example "foo.slice:bar:baz", the runtime manages cgroups by `SystemdManager`; 2. For relative/absolute paths, the runtime manages cgroups by `FsManager`. vCPU threads are added into the sandbox cgroups in cgroup v1 + cgroupfs, others, cgroup v1 + systemd, cgroup v2 + cgroupfs, cgroup v2 + systemd, VMM process is added into the cgroups. The systemd doesn't provide a way to add thread to a unit. `add_thread()` in `SystemdManager` is equivalent to `add_process()`. Cgroup v2 supports threaded mode. However, we should enable threaded mode from leaf node to the root node (`/`) iteratively [1]. This means the runtime needs to modify the cgroups created by container runtime (e.g. containerd). Considering cgroupfs + cgroup v2 is not a common combination, its behavior is aligned with systemd + cgroup v2, which is not allowed to manage process at the thread level. 1: https://www.kernel.org/doc/html/v4.18/admin-guide/cgroup-v2.html#threads Fixes: #11356 Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>