diff options
author | Lennart Poettering <lennart@poettering.net> | 2023-04-21 18:22:35 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-04-27 12:18:32 +0200 |
commit | a8b993dc11319292c54b301f3faffc4a05ab5ec1 (patch) | |
tree | a5397671b291b436283716adee1ea3668c405714 /docs | |
parent | 1a56b0c05dc14fa91f0de24f230d9b9f35cc5b05 (diff) | |
download | systemd-a8b993dc11319292c54b301f3faffc4a05ab5ec1.tar.gz |
core: add DelegateSubgroup= setting
This implements a minimal subset of #24961, but in a lot more
restrictive way: we only allow one level of subcgroup (as that's enough
to address the no-processes in inner cgroups rule), and does not change
anything about threaded cgroup logic or similar, or make any of this new
behaviour mandatory.
All this does is this: all non-control processes we invoke for a unit
we'll invoke in a subgroup by the specified name.
We'll later port all our current services that use cgroup delegation
over to this, i.e. user@.service, systemd-nspawn@.service and
systemd-udevd.service.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/CGROUP_DELEGATION.md | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/docs/CGROUP_DELEGATION.md b/docs/CGROUP_DELEGATION.md index f5509fb833..4210a75767 100644 --- a/docs/CGROUP_DELEGATION.md +++ b/docs/CGROUP_DELEGATION.md @@ -271,7 +271,9 @@ your service has any of these four settings set, you must be prepared that a means that your service code should have moved itself further down the cgroup tree by the time it notifies the service manager about start-up readiness, so that the service's main cgroup is definitely an inner node by the time the -service manager might start `ExecStartPost=`.) +service manager might start `ExecStartPost=`. Starting with systemd 254 you may +also use `DelegateSubgroup=` to let the service manager put your initial +service process into a subgroup right away.) (Also note, if you intend to use "threaded" cgroups — as added in Linux 4.14 —, then you should do that *two* levels down from the main service cgroup your |