The main guidance we can give is to avoid using Docker with Isolate. We do not support this configuration and you are likely to get in trouble.

A couple of quick hints: First, have you tried to run the container in privileged mode? Second, if you are pasting error messages, please do not truncate them -- the > at the end means that the rest was truncated by systemctl.

from isolate.

ls -l /sys/fs/cgroup

total 0
dr-xr-xr-x 19 root root 0 Mar 10 14:56 blkio
dr-xr-xr-x 19 root root 0 Mar 10 14:56 cpu
dr-xr-xr-x 19 root root 0 Mar 10 14:56 cpuacct
dr-xr-xr-x 19 root root 0 Mar 10 14:56 cpuset
dr-xr-xr-x 19 root root 0 Mar 10 14:56 devices
dr-xr-xr-x 20 root root 0 Mar 10 14:56 freezer
dr-xr-xr-x 19 root root 0 Mar 10 14:56 memory
dr-xr-xr-x 19 root root 0 Mar 10 14:56 net_cls
dr-xr-xr-x 19 root root 0 Mar 10 14:56 net_prio
dr-xr-xr-x 19 root root 0 Mar 10 14:56 perf_event
dr-xr-xr-x 19 root root 0 Mar 10 14:56 pids
dr-xr-xr-x 19 root root 0 Mar 10 14:56 rdma
dr-xr-xr-x 19 root root 0 Mar 10 14:56 systemd
dr-xr-xr-x 20 root root 0 Mar 10 14:56 unified

from isolate.

Are you sure you have cgroup v2 active? This looks like v1.

What does mount | grep cgroup print?

from isolate.

I have latest master branch. I think v2 is merged already.

from isolate.

mount | grep cgroup

cgroup on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,size=4096k,nr_inodes=1024,mode=755)
cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime)
cpuset on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cpu on /sys/fs/cgroup/cpu type cgroup (rw,nosuid,nodev,noexec,relatime,cpu)
cpuacct on /sys/fs/cgroup/cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct)
blkio on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
memory on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
devices on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
freezer on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
net_cls on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
perf_event on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
net_prio on /sys/fs/cgroup/net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_prio)
pids on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
rdma on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,relatime,name=systemd)

from isolate.

I have latest master branch. I think v2 is merged already.

I didn't mean v2 version of Isolate, but support for cgroup v2 on your system :)

It seems that your system is running in hybrid mode with v2 mounted on /sys/fs/cgroup/unified. Can you switch it to pure v2?

Also, having non-truncated error messages would be nice.

from isolate.

I have CentOS 9 host machine with cgroup v2 support. And I am running the docker image (ubuntu 22 with systemd enabled) of my application with isolate master branch installed on docker image.

Question: Do we need Host machine with cgroup v2 enabled OR the image itself?

from isolate.

This however doesn't answer my questions.

from isolate.

Fixed all issues with following set of steps:

1. Started Ubuntu 22.04 with systemd
2. Made sure that host and container both are using cgroupv2
3. Everything worked.

from isolate.

Ticket can be closed.

from isolate.