jail: parse OCI cgroups resources
Start pure cgroup2 implementation with emulation of (some) cgroup1
properties.
Initially support converting cpu, memory, blockIO, pids to unified in
addition to directly specifying unified attributes as suggested in
https://github.com/opencontainers/runtime-spec/pull/1040
Support for converting devices and network into BPF programs is
planned.
Now that containers have their representation in the unified cgroup
hierarchy, make sure using cgroup namespaces also produces meaningful
results.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
projects / project / procd.git / commit