cgroup2 support

It would be nice if cgroup2 was available for apps on Compared to v1, v2 is better designed and more secure, as safe delegation to non-privileged users is supported. Finally, 2022 is almost done and the world has largely transitioned to v2.

As far as I can see from probing the running machine and init-snapshot/ at public · superfly/init-snapshot · GitHub, cgroup2 are currently not supported.

I have attempted unmounting v1 hierarchies but apparently certain controllers are forever “tainted” and not available as cgroup2 controller.

Some context - is awesome as it is the only service that allows for safe execution of untrusted code with auto scaling out of the box. Think CTF competition or a language playground (e.g. AWS Lambda can’t do that for instance as they severely limit available Linux features (no namespaces, no seccomp, no cgroups).

1 Like