10000 `--cgroup-parent` option in `docker build` doesn't set the build containers cgroup v2 · Issue #45796 · moby/moby · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
--cgroup-parent option in docker build doesn't set the build containers cgroup v2 #45796
New issue
New issue
Closed
Closed
--cgroup-parent option in docker build doesn't set the build containers cgroup v2#45796
Labels
area/builderarea/builder/buildkitIssues affecting buildkitarea/cgroup2cgroup v2kind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.status/0-triageversion/24.0
@yastanotheruser

Description

@yastanotheruser
yastanotheruser
opened on Jun 22, 2023

Description

When building an image, it seems the --cgroup-parent option has no effect in the build containers. During build, the cgroup parent is system.slice and not the configured cgroup. The same option in docker run does work.

# mkdir /sys/fs/cgroup/mycgroup.slice
# container_id=`docker run -d --rm --cgroup-parent mycgroup.slice alpine sleep 5`
# cat /sys/fs/cgroup/mycgroup.slice/docker-$container_id.scope/cgroup.procs
127483

Reproduce

Dockerfile

FROM alpine
RUN cat /proc/self/cgroup
RUN sleep 5

docker-build-cgroup-parent-demo.sh

#!/bin/sh

set -ex
mkdir -p /sys/fs/cgroup/mycgroup.slice
docker build --cgroup-parent mycgroup.slice --no-cache . > docker-build.log 2>&1 &
sleep 1
cat /sys/fs/cgroup/mycgroup.slice/cgroup.procs
ls -la /sys/fs/cgroup/mycgroup.slice/
wait
# ./docker-build-cgroup-parent-demo.sh
+ mkdir -p /sys/fs/cgroup/mycgroup.slice
+ sleep 1
+ docker build --cgroup-parent mycgroup.slice --no-cache .
+ cat /sys/fs/cgroup/mycgroup.slice/cgroup.procs
+ ls -la /sys/fs/cgroup/mycgroup.slice/
total 0
drwxr-xr-x  2 root root 0 Jun 22 16:12 .
dr-xr-xr-x 18 root root 0 Jun 22 15:45 ..
-r--r--r--  1 root root 0 Jun 22 15:47 cgroup.controllers
-r--r--r--  1 root root 0 Jun 22 15:45 cgroup.events
-rw-r--r--  1 root root 0 Jun 22 15:47 cgroup.freeze
--w-------  1 root root 0 Jun 22 15:47 cgroup.kill
-rw-r--r--  1 root root 0 Jun 22 15:47 cgroup.max.depth
-rw-r--r--  1 root root 0 Jun 22 15:47 cgroup.max.descendants
-rw-r--r--  1 root root 0 Jun 22 15:47 cgroup.pressure
-rw-r--r--  1 root root 0 Jun 22 15:46 cgroup.procs
-r--r--r--  1 root root 0 Jun 22 15:47 cgroup.stat
-rw-r--r--  1 root root 0 Jun 22 16:12 cgroup.subtree_control
-rw-r--r--  1 root root 0 Jun 22 15:47 cgroup.threads
-rw-r--r--  1 root root 0 Jun 22 15:45 cgroup.type
-rw-r--r--  1 root root 0 Jun 22 15:45 cpu.idle
-rw-r--r--  1 root root 0 Jun 22 15:45 cpu.max
-rw-r--r--  1 root root 0 Jun 22 15:47 cpu.max.burst
-rw-r--r--  1 root root 0 Jun 22 15:47 cpu.pressure
-rw-r--r--  1 root root 0 Jun 22 15:45 cpuset.cpus
-r--r--r--  1 root root 0 Jun 22 15:47 cpuset.cpus.effective
-rw-r--r--  1 root root 0 Jun 22 15:47 cpuset.cpus.partition
-rw-r--r--  1 root root 0 Jun 22 15:45 cpuset.mems
-r--r--r--  1 root root 0 Jun 22 15:47 cpuset.mems.effective
-r--r--r--  1 root root 0 Jun 22 15:45 cpu.stat
-rw-r--r--  1 root root 0 Jun 22 15:47 cpu.uclamp.max
-rw-r--r--  1 root root 0 Jun 22 15:47 cpu.uclamp.min
-rw-r--r--  1 root root 0 Jun 22 15:45 cpu.weight
-rw-r--r--  1 root root 0 Jun 22 15:47 cpu.weight.nice
-r--r--r--  1 root root 0 Jun 22 15:47 hugetlb.2MB.current
-r--r--r--  1 root root 0 Jun 22 15:47 hugetlb.2MB.events
-r--r--r--  1 root root 0 Jun 22 15:47 hugetlb.2MB.events.local
-rw-r--r--  1 root root 0 Jun 22 15:47 hugetlb.2MB.max
-r--r--r--  1 root root 0 Jun 22 15:47 hugetlb.2MB.numa_stat
-r--r--r--  1 root root 0 Jun 22 15:47 hugetlb.2MB.rsvd.current
-rw-r--r--  1 root root 0 Jun 22 15:47 hugetlb.2MB.rsvd.max
-rw-r--r--  1 root root 0 Jun 22 15:45 io.bfq.weight
-rw-r--r--  1 root root 0 Jun 22 15:47 io.latency
-rw-r--r--  1 root root 0 Jun 22 15:47 io.low
-rw-r--r--  1 root root 0 Jun 22 15:47 io.max
-rw-r--r--  1 root root 0 Jun 22 15:47 io.pressure
-rw-r--r--  1 root root 0 Jun 22 15:47 io.prio.class
-r--r--r--  1 root root 0 Jun 22 15:45 io.stat
-rw-r--r--  1 root root 0 Jun 22 15:45 io.weight
-rw-r--r--  1 root root 0 Jun 22 15:47 irq.pressure
-r--r--r--  1 root root 0 Jun 22 15:47 memory.current
-r--r--r--  1 root root 0 Jun 22 15:45 memory.events
-r--r--r--  1 root root 0 Jun 22 15:47 memory.events.local
-rw-r--r--  1 root root 0 Jun 22 15:45 memory.high
-rw-r--r--  1 root root 0 Jun 22 15:45 memory.low
-rw-r--r--  1 root root 0 Jun 22 15:45 memory.max
-rw-r--r--  1 root root 0 Jun 22 15:45 memory.min
-r--r--r--  1 root root 0 Jun 22 15:47 memory.numa_stat
-rw-r--r--  1 root root 0 Jun 22 15:45 memory.oom.group
-r--r--r--  1 root root 0 Jun 22 15:47 memory.peak
-rw-r--r--  1 root root 0 Jun 22 15:47 memory.pressure
--w-------  1 root root 0 Jun 22 15:47 memory.reclaim
-r--r--r--  1 root root 0 Jun 22 15:47 memory.stat
-r--r--r--  1 root root 0 Jun 22 15:47 memory.swap.current
-r--r--r--  1 root root 0 Jun 22 15:47 memory.swap.events
-rw-r--r--  1 root root 0 Jun 22 15:47 memory.swap.high
-rw-r--r--  1 root root 0 Jun 22 15:45 memory.swap.max
-r--r--r--  1 root root 0 Jun 22 15:47 memory.zswap.current
-rw-r--r--  1 root root 0 Jun 22 15:45 memory.zswap.max
-r--r--r--  1 root root 0 Jun 22 15:47 misc.current
-r--r--r--  1 root root 0 Jun 22 15:47 misc.events
-rw-r--r--  1 root root 0 Jun 22 15:47 misc.max
-r--r--r--  1 root root 0 Jun 22 15:47 pids.current
-r--r--r--  1 root root 0 Jun 22 15:47 pids.events
-rw-r--r--  1 root root 0 Jun 22 15:45 pids.max
-r--r--r--  1 root root 0 Jun 22 15:47 pids.peak
-r--r--r--  1 root root 0 Jun 22 15:47 rdma.current
-rw-r--r--  1 root root 0 Jun 22 15:47 rdma.max
+ wait
# cat docker-build.log
#0 building with "default" instance using docker driver

#1 [internal] load .dockerignore
#1 transferring context: 2B done
#1 DONE 0.0s

#2 [internal] load build definition from Dockerfile
#2 transferring dockerfile: 87B done
#2 DONE 0.0s

#3 [internal] load metadata for docker.io/library/alpine:latest
#3 DONE 0.0s

#4 [1/3] FROM docker.io/library/alpine
#4 CACHED

#5 [2/3] RUN cat /proc/self/cgroup
#5 0.238 1:name=systemd:/
#5 0.238 0::/system.slice/system.slice:docker:osh60k53lspy0g0cjo94ur00h
#5 DONE 0.3s

#6 [3/3] RUN sleep 5
#6 DONE 5.5s

#7 exporting to image
#7 exporting layers
#7 exporting layers 0.9s done
#7 writing image sha256:7f76a15c59775bc9ac3da3c0cd728e42bfe2275345c86043bb88b6ffd7bfc6cc done
#7 DONE 0.9s

As you can see, no processes belong to mycgroup.slice, neither it has any child cgroups. And the cgroup v2 being used is /system.slice/system.slice:docker:osh60k53lspy0g0cjo94ur00h.

Expected behavior

The build containers cgroup should be under the configured --cgroup-parent.

docker version

Client:
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfcd85
 Built:             Mon May 29 15:50:06 2023
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          24.0.2
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.4
  Git commit:       659604f9ee
  Built:            Mon May 29 15:50:06 2023
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          v1.7.2
  GitCommit:        0cae528dd6cb557f7201036e9f43420650207b58.m
 runc:
  Version:          1.1.7
  GitCommit:        
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Version:    24.0.2
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  0.11.0
    Path:     /usr/lib/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  2.19.0
    Path:     /usr/lib/docker/cli-plugins/docker-compose

Server:
 Containers: 16
  Running: 0
  Paused: 0
  Stopped: 16
 Images: 175
 Server Version: 24.0.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: true
  Native Overlay Diff: false
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 0cae528dd6cb557f7201036e9f43420650207b58.m
 runc version: 
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.3.8-arch1-1
 Operating System: Arch Linux
 OSType: linux
 Architecture: x86_64
 ...
 ID: R7J3:743I:66GK:HGB3:3HJH:FNHY:2TCS:XGDL:MJUS:QNAB:5E34:O6OB
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: true
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

Related? #34469

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/builderarea/builder/buildkitIssues affecting buildkitarea/cgroup2cgroup v2kind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.status/0-triageversion/24.0

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0