Bug 1438079
| Summary: | snapd is incompatible with unified cgroup hierarchy | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Zbigniew Jędrzejewski-Szmek <zbyszek> |
| Component: | snapd | Assignee: | Zygmunt Krynicki <me> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | maciek.borzecki, me, nerijus, ngompa13 |
| Target Milestone: | --- | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | snapd-2.41-1.fc31 | Doc Type: | Enhancement |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-09-14 00:10:27 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Zbigniew Jędrzejewski-Szmek
2017-03-31 20:03:24 UTC
The udev rules are in snap-confine-2.23.6-1.fc26.x86_64.rpm actually. So there's snap-confine in dist git, but snap-confine is now built from snapd. Confusing! Thank you for the bug report. We will look at solving this! It doesn't work in general on v2: $ sudo snap run --shell hello-fedora cannot open tasks file for freezer cgroup hierarchy for snap hello-fedora: No such file or directory Zygmunt, Maciek, what is the progress on this? Fedora 31 will be moving to CGroups v2, so snaps will be dead in the water on F31 GA if it isn't fixed in time... We've made some initial progress. I'm currently looking into a way to group the processes of a given snap, so that we can freeze and count them without jumping around the `system.slice` and `user.slice` hierarchies.
We can do that right now with v1 by using controllers that aren't used by systemd and creating separate groups there. The snap-confine tool would place the process under the right group before exec()'ing the snap payload.
With v2, it seems system services from snaps can be easily addressed by setting up slices for each snap. However, I'm seeing more problems with user started applications and services. Those are reasonably placed under user-*.slice/user@*.service/{,session-*}. Even if we create a subtree there, we'd still need to check 2-3 places to get the information about running processes or to freeze them.
For now, I only managed to achieve the same by moving from under the cgroup created by systemd to another one, something we should not do. Perhaps we'll manage to discuss some ideas during Flock too.
FEDORA-2019-bb0a25e48d has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb0a25e48d snapd-2.41-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb0a25e48d snapd-2.41-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report. snapd-2.41-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report. |