CGroup v2 and its impact for containers


One Line Summary

CGroup V2 is pretty different from CGroup V1 and the two can't fully operate in parallel leading to problems running containers which only support one or the other.


With the release of kernel 4.5 the new cgroupfs v2 API was declared non-experimental. But the missing feature parity between cgroupfs v2 with cgroupfs v1 makes it nearly impossible for container runtimes to use it. Especially before the cpu controller is merged, no runtime is expected to switch to it by default. Nonetheless cgroupfs v2 is slowly making its way into various distributions. This brings with it a new set of problems and challenges which container runtimes must tackle. For example, one of the core problems container runtimes will have to face is how to support running cgroupfs v1 hierarchies inside a container while the host is running a cgroupfs v2 hierarchy and vica versa. This talk will try to outline some of these problems more clearly, and suggest possible solutions and hopefully inspire a fruitful discussion that leads to further solutions or at least helps to identify and specify various problems more clearly.




  • Brauner

    Christian Brauner

    Canonical Ltd.


    Christian Brauner is a core developer and maintainer of the LXD and LXC projects. He works mostly upstream as part of the Ubuntu Server team on lower-level problems. He’s been active in the open source community for a long time and is a frequent speaker at various large Linux events; he is also strongly committed to working in the open, and a strong proponent of Free Software.