[Devel] [PATCH VZ10 v2 0/12] ve/cgroup-v2: support cgroup-v2 in VE

Konstantin Khorenko khorenko at virtuozzo.com
Fri Dec 12 20:02:21 MSK 2025 

All in all:

i could apply the patchset right now,

* various comments i can fix myself

* [PATCH vz10] cgroup-v2: Fix error handling in cgroup_controllers_hidden_write
   This is important but really can be fixed later with an incremental patch.

* the only question is with
   [PATCH VZ10 v2 11/12] ve_namespace: Reorder VE namespace creation before other namespaces
   i really think the flags check is incorrect here and i would appreciate if you give me a hint that 
my suggestion is ok and i can apply it as well.

Thank you for that serious core new feature!

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 12/10/25 11:34, Pavel Tikhomirov wrote:
> Second part of changes for enabling cgroup-v2:
> - Enable cgroup-v2 files
> - Hide cgroup files per controller
> - Move ve cgroup attach operations to namespace join path
> - Allow nested ve cgroup in cgroup-v2
> - Link ve namespace and cgroup namespace exclusively
> - Make CLONE_NEWVE easier to use from vzctl and alter original namespace
>    creation ordering to be user -> ve -> other namespaces.
> 
> https://virtuozzo.atlassian.net/browse/VSTOR-119803
> https://virtuozzo.atlassian.net/browse/VSTOR-119804
> https://virtuozzo.atlassian.net/browse/VSTOR-119941
> https://virtuozzo.atlassian.net/browse/VSTOR-104639
> https://virtuozzo.atlassian.net/browse/VSTOR-119801
> https://virtuozzo.atlassian.net/browse/VSTOR-118289
> 
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> 
> v2: append extra improving/fixing patches
> 
> Pavel Tikhomirov (12):
>    cgroup-v2: Add a new API to hide cgroup files per controller
>    ve: Enable files on cgroup-v2
>    ve/cgroup-v2: Allow writing to some files in the root of cgroup
>      namespace
>    ve_namespace: Don't allow to share thread group across VE boundaries
>    ve_namespace: Move cgroup ve_attach() operations to namespace join
>      path
>    ve_namespace: Block setns untill VE is running
>    ve: Always allow to attach to ve cgroup
>    ve/cgroup-v2: Allow nested ve cgroup directories
>    ve/cgroup-v2: Don't hide default cgroup when ve controller is enabled
>      on it
>    ve_namespace: Make link between ve namespace and cgroup exclusive
>    ve_namespace: Reorder VE namespace creation before other namespaces
>    ve_namespace: Make CLONE_NEWVE work with clone3
> 
>   fs/sysfs/ve.c               |   2 +-
>   include/linux/cgroup-defs.h |   1 +
>   include/linux/cgroup.h      |   1 +
>   include/linux/ve.h          |   6 ++
>   kernel/cgroup/cgroup.c      | 136 +++++++++++++++++++++++++++++++++++-
>   kernel/fork.c               |  56 ++++++++++-----
>   kernel/ve/ve.c              | 132 ++++++++--------------------------
>   kernel/ve/ve_namespace.c    |  56 +++++++++++++--
>   8 files changed, 260 insertions(+), 130 deletions(-)
>

More information about the Devel mailing list