Add a setting for enabling cgroups
This commit is contained in:
parent
ff12d1c1a1
commit
67bcb99700
|
@ -43,10 +43,11 @@
|
||||||
|
|
||||||
```
|
```
|
||||||
extra-experimental-features = cgroups
|
extra-experimental-features = cgroups
|
||||||
|
use-cgroups = true
|
||||||
```
|
```
|
||||||
|
|
||||||
to `nix.conf`. It is also automatically enabled for builds that
|
to `nix.conf`. Cgroups are required for derivations that require the
|
||||||
require the `uid-range` system feature.
|
`uid-range` system feature.
|
||||||
|
|
||||||
* `nix build --json` now prints some statistics about top-level
|
* `nix build --json` now prints some statistics about top-level
|
||||||
derivations, such as CPU statistics when cgroups are enabled.
|
derivations, such as CPU statistics when cgroups are enabled.
|
||||||
|
|
|
@ -401,9 +401,14 @@ static void linkOrCopy(const Path & from, const Path & to)
|
||||||
void LocalDerivationGoal::startBuilder()
|
void LocalDerivationGoal::startBuilder()
|
||||||
{
|
{
|
||||||
if ((buildUser && buildUser->getUIDCount() != 1)
|
if ((buildUser && buildUser->getUIDCount() != 1)
|
||||||
|| settings.isExperimentalFeatureEnabled(Xp::Cgroups))
|
#if __linux__
|
||||||
|
|| settings.useCgroups
|
||||||
|
#endif
|
||||||
|
)
|
||||||
{
|
{
|
||||||
#if __linux__
|
#if __linux__
|
||||||
|
settings.requireExperimentalFeature(Xp::Cgroups);
|
||||||
|
|
||||||
auto ourCgroups = getCgroups("/proc/self/cgroup");
|
auto ourCgroups = getCgroups("/proc/self/cgroup");
|
||||||
auto ourCgroup = ourCgroups[""];
|
auto ourCgroup = ourCgroups[""];
|
||||||
if (ourCgroup == "")
|
if (ourCgroup == "")
|
||||||
|
|
|
@ -304,6 +304,17 @@ public:
|
||||||
"id-count",
|
"id-count",
|
||||||
"The number of UIDs/GIDs to use for dynamic ID allocation."};
|
"The number of UIDs/GIDs to use for dynamic ID allocation."};
|
||||||
|
|
||||||
|
#if __linux__
|
||||||
|
Setting<bool> useCgroups{
|
||||||
|
this, false, "use-cgroups",
|
||||||
|
R"(
|
||||||
|
Whether to execute builds inside cgroups. Cgroups are
|
||||||
|
enabled automatically for derivations that require the
|
||||||
|
`uid-range` system feature.
|
||||||
|
)"
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
Setting<bool> impersonateLinux26{this, false, "impersonate-linux-26",
|
Setting<bool> impersonateLinux26{this, false, "impersonate-linux-26",
|
||||||
"Whether to impersonate a Linux 2.6 machine on newer kernels.",
|
"Whether to impersonate a Linux 2.6 machine on newer kernels.",
|
||||||
{"build-impersonate-linux-26"}};
|
{"build-impersonate-linux-26"}};
|
||||||
|
@ -592,10 +603,10 @@ public:
|
||||||
cache) must have a signature by a trusted key. A trusted key is one
|
cache) must have a signature by a trusted key. A trusted key is one
|
||||||
listed in `trusted-public-keys`, or a public key counterpart to a
|
listed in `trusted-public-keys`, or a public key counterpart to a
|
||||||
private key stored in a file listed in `secret-key-files`.
|
private key stored in a file listed in `secret-key-files`.
|
||||||
|
|
||||||
Set to `false` to disable signature checking and trust all
|
Set to `false` to disable signature checking and trust all
|
||||||
non-content-addressed paths unconditionally.
|
non-content-addressed paths unconditionally.
|
||||||
|
|
||||||
(Content-addressed paths are inherently trustworthy and thus
|
(Content-addressed paths are inherently trustworthy and thus
|
||||||
unaffected by this configuration option.)
|
unaffected by this configuration option.)
|
||||||
)"};
|
)"};
|
||||||
|
@ -681,7 +692,7 @@ public:
|
||||||
is `root`.
|
is `root`.
|
||||||
|
|
||||||
> **Warning**
|
> **Warning**
|
||||||
>
|
>
|
||||||
> Adding a user to `trusted-users` is essentially equivalent to
|
> Adding a user to `trusted-users` is essentially equivalent to
|
||||||
> giving that user root access to the system. For example, the user
|
> giving that user root access to the system. For example, the user
|
||||||
> can set `sandbox-paths` and thereby obtain read access to
|
> can set `sandbox-paths` and thereby obtain read access to
|
||||||
|
@ -771,13 +782,13 @@ public:
|
||||||
The program executes with no arguments. The program's environment
|
The program executes with no arguments. The program's environment
|
||||||
contains the following environment variables:
|
contains the following environment variables:
|
||||||
|
|
||||||
- `DRV_PATH`
|
- `DRV_PATH`
|
||||||
The derivation for the built paths.
|
The derivation for the built paths.
|
||||||
|
|
||||||
Example:
|
Example:
|
||||||
`/nix/store/5nihn1a7pa8b25l9zafqaqibznlvvp3f-bash-4.4-p23.drv`
|
`/nix/store/5nihn1a7pa8b25l9zafqaqibznlvvp3f-bash-4.4-p23.drv`
|
||||||
|
|
||||||
- `OUT_PATHS`
|
- `OUT_PATHS`
|
||||||
Output paths of the built derivation, separated by a space
|
Output paths of the built derivation, separated by a space
|
||||||
character.
|
character.
|
||||||
|
|
||||||
|
@ -815,7 +826,7 @@ public:
|
||||||
documentation](https://ec.haxx.se/usingcurl-netrc.html).
|
documentation](https://ec.haxx.se/usingcurl-netrc.html).
|
||||||
|
|
||||||
> **Note**
|
> **Note**
|
||||||
>
|
>
|
||||||
> This must be an absolute path, and `~` is not resolved. For
|
> This must be an absolute path, and `~` is not resolved. For
|
||||||
> example, `~/.netrc` won't resolve to your home directory's
|
> example, `~/.netrc` won't resolve to your home directory's
|
||||||
> `.netrc`.
|
> `.netrc`.
|
||||||
|
|
|
@ -23,7 +23,7 @@ makeTest ({
|
||||||
nix.binaryCaches = lib.mkForce [ ];
|
nix.binaryCaches = lib.mkForce [ ];
|
||||||
nix.extraOptions =
|
nix.extraOptions =
|
||||||
''
|
''
|
||||||
extra-experimental-features = nix-command auto-allocate-uids
|
extra-experimental-features = nix-command auto-allocate-uids cgroups
|
||||||
extra-system-features = uid-range
|
extra-system-features = uid-range
|
||||||
'';
|
'';
|
||||||
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
|
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
|
||||||
|
|
Loading…
Reference in a new issue