Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Currently, the Pid targeted by the cgroups isolator is moved into the cgroup before the subsystem runs to apply any type-specific cgroup configuration. We should reverse the order of this so that the PID is only moved once the cgroup is fully configured by the subsystem.
The specific use case that affected us was where a PID was assigned to a net_cls cgroup before that cgroup had the class ID set. This caused a separate system to become confused.