From 5e5f8f7d689ecb8e71369362c3d7a59219b81ea8 Mon Sep 17 00:00:00 2001 From: Tobias Meggendorfer Date: Fri, 7 Jun 2024 12:38:10 +0200 Subject: [PATCH] Fixes --- doc/benchexec-in-container.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/doc/benchexec-in-container.md b/doc/benchexec-in-container.md index 14a07c1a1..27e89aeaa 100644 --- a/doc/benchexec-in-container.md +++ b/doc/benchexec-in-container.md @@ -12,7 +12,9 @@ SPDX-License-Identifier: Apache-2.0 This document explains the complications of using BenchExec inside containerized environments (such as Docker or Podman) and shows how you can create your own interactive Docker image (or adapt existing ones) to use -BenchExec within it. +BenchExec within it. We focus mainly on the (nowadays standard) cgroups v2, +a brief guidline for the (outdated) cgroups v1 is provided +[below](#cgroups-v1). There is a difference between executing only BenchExec inside a (non-interactive) container and a fully interactive one which contains @@ -50,11 +52,10 @@ docker run --privileged --cap-drop=all -t my-container benchexec ## BenchExec in Interactive Containers Next follows a step-by-step guide to create a Docker / Podman image with -BenchExec (assuming cgroups v2, the standard nowadays). Some further background -and reasoning is provided later. Summarized, the main reason why BenchExec -needs a "custom" setup for containers is due to how cgroups work in combination -with containers; we need to "manually" set up a separate cgroup for BenchExec. -A brief guidline for the outdated cgroups v1 is provided [below](#cgroups-v1). +BenchExec (assuming cgroups v2). Some further background and reasoning is +provided later. Summarized, the main reason why BenchExec needs a "custom" +setup for containers is due to how cgroups work in combination with containers; +we need to "manually" set up a separate cgroup for BenchExec. While this setup should work on most recent system, we cannot guarantee this, since there simply are too many variables. In some cases, you may need to