All cgroup managers implement Apply() and Set() methods:

• Apply is used to create a cgroup (and, in case of systemd, a systemd unit) and/or put a PID into the cgroup (and unit);
• Set is used to set various cgroup resources and limits;

fs/fs2 cgroup managers implement the functionality as per the description above.

systemd v1/v2 managers are somewhat weird. They set most of cgroup limits (those that can be projected to systemd unit properties) in Apply(), and they set all cgroup limits in Set -- first indirectly via systemd properties -- same as in Apply, then via cgroupfs (actually backed by fs manager)).

A bit of recent history -- before #2287/#2343 systemd managers used to set unit properties (incl. resources) in Apply, and cgroup "raw" properties in Set. After that PR, they set properties in both Apply and Set.

To reiterate, systemd managers are peculiar since:

• they set some properties in Apply() (fs managers do not);
• they set all properties again in set.

Since runc calls both Apply() and Set(), this is not really a problem, except for some curious side effects (such as #2812 (comment)). This might be worse for other users (need to be looked at).

The proposed solution is not set and resources in Apply (the actual fix is surprisingly tidy -- see PR #2813).

TODO:

• look at how crun does it (maybe @giuseppe can shed some light)
• look at how kubernetes uses cgroup manager's Set and Apply.