Containers with unified cgroup hierarchy are broken on 18.09 #48749
Description
Issue description
I was successfully using a unified cgroup hierarchy (cgroups v2) with declarative nixos containers on 18.03, but after upgrade to 18.09 none of my containers can boot with the following errors in the journal:
Oct 20 16:29:41 server systemd[5592]: [email protected]: Failed to attach to cgroup /system.slice/system-container.slice/[email protected]: Device or resource busy
Oct 20 16:29:41 server systemd[5592]: [email protected]: Failed at step CGROUP spawning /nix/store/5g66qi1k4pgc8xiyyv4yl1abigkimc0q-unit-script-container_dhcpd-post-start: Device or resource busy
The cgroup folder mentioned in the message exists.
Steps to reproduce
Add kernel parameter in configuration.nix and create some containers:
boot.kernelParams = [ "systemd.unified_cgroup_hierarchy=1" ];
containers.dhcpd = {
autoStart = true;
privateNetwork = true;
macvlans = [ "lan" ];
config = {
networking = {
interfaces = {
mv-lan.ipv4.addresses = [ { address = 192.168.1.10; prefixLength = 24; } ];
};
firewall = {
enable = true;
allowedUDPPorts = [ 67 68 ];
};
};
services.dhcpd4 = {
enable = true;
interfaces = [ "lan" ];
};
};
};
Removing kernel parameter fixes the issue, all containers are booting.
Technical details
system: "x86_64-linux"
- host os:
Linux 4.14.76, NixOS, 18.09.932.09195057114 (Jellyfish) - multi-user?:
yes - sandbox:
yes - version:
nix-env (Nix) 2.1.1 - channels(root):
"nixos-server-18.09.932.09195057114, nixos-18.03" - nixpkgs:
/nix/var/nix/profiles/per-user/root/channels/nixos-server