Skip to content

Why hasn't Docker Rootless implemented cgroup v1? Are there any limitations? #48778

Answered by AkihiroSuda
yushiqie asked this question in Q&A
Discussion options

You must be logged in to vote

Because there was no easy and secure way to delegate cgroup v1 to non-root users.
You can still run Rootless Docker on cgroup v1 hosts, but cgroup-related flags such as --cpus and --memory are just ignored.

Most Linux distributions have already switched to cgroup v2 that properly supports rootless delegation.
https://rootlesscontaine.rs/getting-started/common/cgroup2/

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@yushiqie
Comment options

Answer selected by AkihiroSuda
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
area/rootless Rootless mode
2 participants