From b0bce6ae731d5be0aed3277eab29d7ae7491d08d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Oko=C5=84ski?= Date: Sat, 29 Oct 2022 22:22:43 +0200 Subject: [PATCH 1/2] maintainers: add farnoy --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 3e5cefc356c..3e31fb0721c 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -4373,6 +4373,12 @@ githubId = 1276854; name = "Florian Peter"; }; + farnoy = { + email = "jakub@okonski.org"; + github = "farnoy"; + githubId = 345808; + name = "Jakub OkoĊ„ski"; + }; fbeffa = { email = "beffa@fbengineering.ch"; github = "fedeinthemix"; From 12508ac79a3b940d42580e9cfb7d2037e7af3b00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Oko=C5=84ski?= Date: Sat, 29 Oct 2022 22:22:57 +0200 Subject: [PATCH 2/2] nixos-container: force systemd-nspawn to use unified cgroups hierarchy --- .../virtualisation/nixos-containers.nix | 2 ++ nixos/tests/all-tests.nix | 1 + nixos/tests/containers-unified-hierarchy.nix | 21 +++++++++++++++++++ .../nixos-container/default.nix | 1 + 4 files changed, 25 insertions(+) create mode 100644 nixos/tests/containers-unified-hierarchy.nix diff --git a/nixos/modules/virtualisation/nixos-containers.nix b/nixos/modules/virtualisation/nixos-containers.nix index 22be1d5bff9..4d51c53a604 100644 --- a/nixos/modules/virtualisation/nixos-containers.nix +++ b/nixos/modules/virtualisation/nixos-containers.nix @@ -138,6 +138,8 @@ let fi ''} + export SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1 + # Run systemd-nspawn without startup notification (we'll # wait for the container systemd to signal readiness) # Kill signal handling means systemd-nspawn will pass a system-halt signal diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 47a433c0322..fe75f158290 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -143,6 +143,7 @@ in { containers-reloadable = handleTest ./containers-reloadable.nix {}; containers-restart_networking = handleTest ./containers-restart_networking.nix {}; containers-tmpfs = handleTest ./containers-tmpfs.nix {}; + containers-unified-hierarchy = handleTest ./containers-unified-hierarchy.nix {}; convos = handleTest ./convos.nix {}; corerad = handleTest ./corerad.nix {}; coturn = handleTest ./coturn.nix {}; diff --git a/nixos/tests/containers-unified-hierarchy.nix b/nixos/tests/containers-unified-hierarchy.nix new file mode 100644 index 00000000000..978d59e12c8 --- /dev/null +++ b/nixos/tests/containers-unified-hierarchy.nix @@ -0,0 +1,21 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "containers-unified-hierarchy"; + meta = { + maintainers = with lib.maintainers; [ farnoy ]; + }; + + nodes.machine = { ... }: { + containers = { + test-container = { + autoStart = true; + config = { }; + }; + }; + }; + + testScript = '' + machine.wait_for_unit("default.target") + + machine.succeed("echo 'stat -fc %T /sys/fs/cgroup/ | grep cgroup2fs' | nixos-container root-login test-container") + ''; +}) diff --git a/pkgs/tools/virtualization/nixos-container/default.nix b/pkgs/tools/virtualization/nixos-container/default.nix index be17753b343..0b44bde4719 100644 --- a/pkgs/tools/virtualization/nixos-container/default.nix +++ b/pkgs/tools/virtualization/nixos-container/default.nix @@ -25,6 +25,7 @@ substituteAll { containers-ip containers-tmpfs containers-ephemeral + containers-unified-hierarchy ; }; };