-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
join the cgroup after the initial setup finished #4438
Conversation
We should join the cgroup after the initial setup finished, but before runc init clone new children processes. (opencontainers#4427) Because we should try our best to reduce the influence of memory cgroup accounting from all runc init processes before we start the container init process. Signed-off-by: lifubang <[email protected]>
Frankly, I don't understand what this PR is doing, or what difference does it make, from looking in the |
There is really a race situation here, it's very obviously in the branch |
Like I mentioned in #4439 (comment) runc/libcontainer/nsenter/nsexec.c Line 896 in ea5f8e0
|
I think the |
The other aspect, keep this |
Yes, I can understand why this is needed in 1.1. I still can not understand why this is needed here in the main branch, what race it is fixing, what difference does it make. Can you please explain the race in details to me? Like, draw two columns, one for runc parent, another for runc init, and write which one is doing what and how a race can happen. Or, I will take another look next week (maybe I'm just dumb and tired).
This is not a good argument. First of all, we hope we'll have less code in nsexec, not more, and in general, the less locking and synchronization there is, the better. |
Yes, you are right, there is only one function call |
@lifubang can you please explain what was the race anyways? |
We should join the cgroup after the initial setup finished,
but before runc init clone new children processes. (#4427)
Because we should try our best to reduce the influence of
memory cgroup accounting from all runc init processes
before we start the container init process.
If we cherry pick this commit to release-1.1, it will eliminate
the impacts of memory accounting from
ensure_clone_binary
.