From ecd3c86b60655d892f5ec68549226cc5fa4be818 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 7 Dec 2020 22:18:28 +0000 Subject: [PATCH] Silence cgroups v1 read-only filesystem warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid warning messages when booting systemd-nspawn containers and using hybrid or legacy cgroups. systemd-nspawn mounts the cgroups v1 controller tree as read-only so these errors are expected and not problematic. Partially fixes #17862. Test plan: - Before: `mkosi --default .mkosi/mkosi.fedora boot` ``` ‣ Processing default... Spawning container image on /home/daan/projects/systemd/image.raw. Press ^] three times within 1s to kill container. systemd 247 running in system mode. (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified) Detected virtualization systemd-nspawn. Detected architecture x86-64. Welcome to Fedora 33 (Thirty Three)! Queued start job for default target Graphical Interface. -.slice: Failed to migrate controller cgroups from , ignoring: Read-only file system system.slice: Failed to delete controller cgroups /system.slice, ignoring: Read-only file system [ OK ] Created slice system-getty.slice. [ OK ] Created slice system-modprobe.slice. user.slice: Failed to delete controller cgroups /user.slice, ignoring: Read-only file system [ OK ] Created slice User and Session Slice. [ OK ] Started Dispatch Password Requests to Console Directory Watch. [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Reached target Local Encrypted Volumes. [ OK ] Reached target Paths. [ OK ] Reached target Remote File Systems. [ OK ] Reached target Slices. [ OK ] Reached target Swap. [ OK ] Listening on Process Core Dump Socket. [ OK ] Listening on initctl Compatibility Named Pipe. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Listening on Journal Socket. [ OK ] Listening on User Database Manager Socket. dev-hugepages.mount: Failed to delete controller cgroups /dev-hugepages.mount, ignoring: Read-only file system Mounting Huge Pages File System... sys-fs-fuse-connections.mount: Failed to delete controller cgroups /sys-fs-fuse-connections.mount, ignoring: Read-only file system Mounting FUSE Control File System... Starting Journal Service... Starting Remount Root and Kernel File Systems... system.slice: Failed to delete controller cgroups /system.slice, ignoring: Read-only file system ``` After: `mkosi --default .mkosi/mkosi.fedora boot` ``` ‣ Processing default... Spawning container image on /home/daan/projects/systemd/mkosi.output/image.raw. Press ^] three times within 1s to kill container. systemd 247 running in system mode. (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified) Detected virtualization systemd-nspawn. Detected architecture x86-64. Welcome to Fedora 33 (Thirty Three)! Queued start job for default target Graphical Interface. [ OK ] Created slice system-getty.slice. [ OK ] Created slice system-modprobe.slice. [ OK ] Created slice User and Session Slice. [ OK ] Started Dispatch Password Requests to Console Directory Watch. [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Reached target Local Encrypted Volumes. [ OK ] Reached target Paths. [ OK ] Reached target Remote File Systems. [ OK ] Reached target Slices. [ OK ] Reached target Swap. [ OK ] Listening on Process Core Dump Socket. [ OK ] Listening on initctl Compatibility Named Pipe. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Listening on Journal Socket. [ OK ] Listening on User Database Manager Socket. Mounting Huge Pages File System... Mounting FUSE Control File System... Starting Journal Service... Starting Remount Root and Kernel File Systems... [ OK ] Mounted Huge Pages File System. [ OK ] Mounted FUSE Control File System. [ OK ] Finished Remount Root and Kernel File Systems. Starting Create Static Device Nodes in /dev... [ OK ] Finished Create Static Device Nodes in /dev. [ OK ] Reached target Local File Systems (Pre). [ OK ] Reached target Local File Systems. Starting Restore /run/initramfs on shutdown... [ OK ] Finished Restore /run/initramfs on shutdown. [ OK ] Started Journal Service. Starting Flush Journal to Persistent Storage... [ OK ] Finished Flush Journal to Persistent Storage. Starting Create Volatile Files and Directories... [ OK ] Finished Create Volatile Files and Directories. Starting Network Name Resolution... Starting Update UTMP about System Boot/Shutdown... [ OK ] Finished Update UTMP about System Boot/Shutdown. [ OK ] Reached target System Initialization. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Reached target Timers. [ OK ] Listening on D-Bus System Message Bus Socket. [ OK ] Reached target Sockets. [ OK ] Reached target Basic System. Starting Home Area Manager... Starting User Login Management... Starting Permit User Sessions... [ OK ] Finished Permit User Sessions. [ OK ] Started Console Getty. [ OK ] Reached target Login Prompts. Starting D-Bus System Message Bus... [ OK ] Started D-Bus System Message Bus. [ OK ] Started Home Area Manager. [ OK ] Started User Login Management. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Finished Update UTMP about System Runlevel Changes. [ OK ] Started Network Name Resolution. [ OK ] Reached target Host and Network Name Lookups. Fedora 33 (Thirty Three) (built from systemd tree) Kernel 5.9.11-arch2-1 on an x86_64 (console) ``` --- src/core/cgroup.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/core/cgroup.c b/src/core/cgroup.c index fe7c80fdbc..cebead5eb5 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -1836,6 +1836,10 @@ int unit_pick_cgroup_path(Unit *u) { return 0; } +static int cg_v1_errno_to_log_level(int r) { + return r == -EROFS ? LOG_DEBUG : LOG_WARNING; +} + static int unit_update_cgroup( Unit *u, CGroupMask target_mask, @@ -1893,16 +1897,30 @@ static int unit_update_cgroup( * We perform migration also with whole slices for cases when users don't care about leave * granularity. Since delegated_mask is subset of target mask, we won't trim slice subtree containing * delegated units. + * + * If we're in an nspawn container and using legacy cgroups, the controller hierarchies are mounted + * read-only into the container. We skip migration/trim in this scenario since it would fail + * regardless with noisy "Read-only filesystem" warnings. */ if (cg_all_unified() == 0) { r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); if (r < 0) - log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", u->cgroup_path); + log_unit_full_errno( + u, + cg_v1_errno_to_log_level(r), + r, + "Failed to migrate controller cgroups from %s, ignoring: %m", + u->cgroup_path); is_root_slice = unit_has_name(u, SPECIAL_ROOT_SLICE); r = cg_trim_v1_controllers(u->manager->cgroup_supported, ~target_mask, u->cgroup_path, !is_root_slice); if (r < 0) - log_unit_warning_errno(u, r, "Failed to delete controller cgroups %s, ignoring: %m", u->cgroup_path); + log_unit_full_errno( + u, + cg_v1_errno_to_log_level(r), + r, + "Failed to delete controller cgroups %s, ignoring: %m", + u->cgroup_path); } /* Set attributes */