not on Raspberry Pi: "memory is chosen randomly, any cgroup used by docker works"

[thediveo]

issue severity: fun fact 😀

https://github.com/vishvananda/netns/blob/db3c7e526aae966c4ccfa6c8189b693d6ac5d202/netns_linux.go#L196

...unfortunately memory cgroup controllers are often disabled on various Raspberry Pi Linux distributions, such as Ubuntu 19.04-20.04. A better bet thus seems to be using another controller type, such as cpu.

[imilchev]

Be aware that Docker often specifies the cgroup as cpu,cpuacct and if you try using the cpu cgroup it will not find it because of this split https://github.com/vishvananda/netns/blob/db3c7e526aae966c4ccfa6c8189b693d6ac5d202/netns_linux.go#L147 I encountered that issue myself. The same applies for net_cls which is mentioned in Docker as net_cls,net_prio

[jeffwidman]

PR's improving docs, comments, or code are always welcome!

[thediveo]

Well, I don't think that there much value in trying to fix this particular function: it'll break soon again due to systemd changing cgroup paths anyway. Now, I'm surely opinionated here, as I'm the author of the lxkns discovery engine that for some time now has direct support for relating namespaces and processes to containers by talking to container engines, namely docker, containerd and even podman.