From 26eddc16a887e84f31ef540e0568cbb998dfe155 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 31 Aug 2018 12:53:49 +0200 Subject: [PATCH] systemd: add "Delegate=yes" to docker's service file We need to add delegate yes to docker's service file so that it can manage the cgroups of the processes that it launches without systemd interfering with them and moving the processes after it is reloaded. Delegate= Turns on delegation of further resource control partitioning to processes of the unit. For unprivileged services (i.e. those using the User= setting), this allows processes to create a subhierarchy beneath its control group path. For privileged services and scopes, this ensures the processes will have all control group controllers enabled. This is the proper fix for issue moby/moby#20152 Signed-off-by: Sebastiaan van Stijn --- contrib/init/systemd/docker.service | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/contrib/init/systemd/docker.service b/contrib/init/systemd/docker.service index 5683409328..ad94533863 100644 --- a/contrib/init/systemd/docker.service +++ b/contrib/init/systemd/docker.service @@ -8,6 +8,10 @@ Wants=network-online.target [Service] # Install containerd-shim-process if it's not already installed ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd-offline-installer/containerd-shim-process.tar docker.io/docker/containerd-shim-process + +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker ExecStart=/usr/bin/dockerd ExecStopPost=/usr/bin/dockerd post-stop TimeoutSec=0 @@ -27,5 +31,8 @@ LimitCORE=infinity # Only systemd 226 and above support this option. TasksMax=infinity +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes + [Install] WantedBy=multi-user.target