Why hasn't Docker Rootless implemented cgroup v1? Are there any limitations? #48778
-
Why hasn't Docker Rootless implemented cgroup v1? Are there any limitations? |
Beta Was this translation helpful? Give feedback.
Answered by
AkihiroSuda
Oct 28, 2024
Replies: 1 comment 1 reply
-
Because there was no easy and secure way to delegate cgroup v1 to non-root users. Most Linux distributions have already switched to cgroup v2 that properly supports rootless delegation. |
Beta Was this translation helpful? Give feedback.
1 reply
Answer selected by
AkihiroSuda
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Because there was no easy and secure way to delegate cgroup v1 to non-root users.
You can still run Rootless Docker on cgroup v1 hosts, but cgroup-related flags such as
--cpus
and--memory
are just ignored.Most Linux distributions have already switched to cgroup v2 that properly supports rootless delegation.
https://rootlesscontaine.rs/getting-started/common/cgroup2/