Bug 89765 - systemd-escape && systemd-nspawn
Summary: systemd-escape && systemd-nspawn
Status: RESOLVED INVALID
Alias: None
Product: systemd
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: medium normal
Assignee: systemd-bugs
QA Contact: systemd-bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-25 15:39 UTC by disarmer
Modified: 2015-04-06 14:17 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Description disarmer 2015-03-25 15:39:52 UTC
Hi!

Recently i moved my arch system to nspawn container. Now, i can't find out my process cgroup inside container:

% systemctl --user show -p ControlGroup tmux.service
ControlGroup=/system.slice/system-systemd\x5cx2dnspawn.slice/systemd-nspawn@grey.service/user.slice/user-1000.slice/user@1000.service/tmux.service

% systemd-escape --unescape $(systemctl --user show -p ControlGroup tmux.service)
ControlGroup=/system.slice/system/systemd\x2dnspawn.slice/systemd/nspawn@grey.service/user.slice/user/1000.slice/user@1000.service/tmux.service

But actually nspawn.slice is located in /sys/fs/cgroup/systemd/system.slice/system-systemd\x2dnspawn.slice


systemd-cgls shows:
├─system.slice
...
│ └─system-systemd\x2dnspawn.slice
│   └─systemd-nspawn@grey.service


% systemctl --version
systemd 218
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD +IDN
Comment 1 Lennart Poettering 2015-04-03 15:55:23 UTC
This is a misunderstanding, "systemd-escape" is not implementing the escaping logic that we use for generating cgroups paths. Instead it implements escaping for including arbitrary strings in unit names.

The escaping used for generating cgroup names is an internal implementation detail of systemd really. It's implemented here:

http://cgit.freedesktop.org/systemd/systemd/tree/src/shared/cgroup-util.c#n1443
Comment 2 disarmer 2015-04-03 16:55:43 UTC
(In reply to Lennart Poettering from comment #1)
> This is a misunderstanding, "systemd-escape" is not implementing the
> escaping logic that we use for generating cgroups paths. Instead it
> implements escaping for including arbitrary strings in unit names.
> 
> The escaping used for generating cgroup names is an internal implementation
> detail of systemd really. It's implemented here:
> 
> http://cgit.freedesktop.org/systemd/systemd/tree/src/shared/cgroup-util.
> c#n1443

Well, but how can i get my service cgroup from outside systemd code, in bash for example?
I previously used:
stat /sys/fs/cgroup/systemd/$(systemctl --user show -p ControlGroup tmux.service|sed 's/.*=//' )
but it doesn't work when service is running in container via nspawn service (systemctl start systemd-nspawn@grey.service)

Right now only way how i can get it is:
stat /sys/fs/cgroup/systemd/$(systemctl --user show -p ControlGroup tmux.service|sed 's/.*=//' | sed 's/x5c//' )
Comment 3 Lennart Poettering 2015-04-03 17:27:26 UTC
> stat /sys/fs/cgroup/systemd/$(systemctl --user show -p ControlGroup
> tmux.service|sed 's/.*=//' )

This is pretty good already. To get the missing prefix use the control group root that your PID 1 systemd instance is using, which you can query with:

systemctl -a show -p ControlGroup

i.e. don't specify a unit name, and you get the manager's properties. And do this for the system instance, not the user instance.

If you then concat the /sys/fs/cgroup prefix, with this PID1 cgroup root, with the unit path, then you should be good.
Comment 4 disarmer 2015-04-03 17:57:56 UTC
(In reply to Lennart Poettering from comment #3)
> > stat /sys/fs/cgroup/systemd/$(systemctl --user show -p ControlGroup
> > tmux.service|sed 's/.*=//' )
> 
> This is pretty good already. To get the missing prefix use the control group
> root that your PID 1 systemd instance is using, which you can query with:
> 
> systemctl -a show -p ControlGroup
> 
> i.e. don't specify a unit name, and you get the manager's properties. And do
> this for the system instance, not the user instance.
> 
> If you then concat the /sys/fs/cgroup prefix, with this PID1 cgroup root,
> with the unit path, then you should be good.

Yes, but it returns broken path even for container system manager:

% systemctl -a show -p ControlGroup
ControlGroup=/system.slice/system-systemd\x5cx2dnspawn.slice/systemd-nspawn@grey.service

But actually path is:
% find /sys/fs/cgroup/systemd/ -name '*nspawn.slice'
/sys/fs/cgroup/systemd/system.slice/system-systemd\x2dnspawn.slice
Comment 5 Lennart Poettering 2015-04-06 14:17:39 UTC
Note sure I understand what you are asking for?

Slices are simply a way to group scope or service units. Not sure why you are interested in that?


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.