* interfaces/microstack-support: set controlsDeviceCgroup to true
This will prevent us from generating any udev rules which in turn should
entirely disable the enforcement of the device cgroup for processes in the
snap.
This is justified by the snap already managing cgroups of its containers and
VM's with the Delegate=true setting in serviceSnippets.
See also LP bug: https://bugs.launchpad.net/snapd/+bug/1892895 which is
partially addressed by this commit, specifically for the microstack snap which
uses the microstack-support interface.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests: add spread test for microstack cgroup delegation
* tests/main/interfaces-microstack-support: use snap restart
This fixes the test by making it fail on master without the change to use
controlsDeviceCgroup, but passes in the branch enabling that for the interface.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests: fix microstack-support test for cgroup v2
* i/b/microstack_support: add comment about delegation
* tests/microstack: make the service more verbose
Making the service more verbose might help debugging; these lines will
end up in journald.
* interfaces/udev/spec.go: leave TODO about cgroup interaction w/ Delegate=true
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Co-authored-by: Alberto Mardegan <alberto.mardegan@canonical.com>
