The last three result in a hard failure of kubelet. There may be other files as well.
Based on snappy-debug output, it looks like it's opening these files with the "r" flag, but I imagine it may need write access to some of these as well. I'm not sure.
For some context, kubelet is the main process that runs on each node in a Kubernetes cluster. Its main purpose is to orchestrate Docker containers, and it looks like it's using cgroups for tight control over the utilization of hardware resources.
Working on creating a confined snap for kubelet. We're seeing a lot of errors trying to open files relating to cgroups:
/proc/self/cgroup cgroup/ cpu,cpuacct/ cpu.shares cgroup/ cpu,cpuacct/ cpu.cfs_ period_ us cgroup/ cpu,cpuacct/ cpu.cfs_ quota_us cgroup/ memory/ memory. limit_in_ bytes cgroup/ memory/ memory. soft_limit_ in_bytes cgroup/ blkio cgroup/ memory cgroup/ cpuset
/sys/fs/
/sys/fs/
/sys/fs/
/sys/fs/
/sys/fs/
/sys/fs/
/sys/fs/
/sys/fs/
The last three result in a hard failure of kubelet. There may be other files as well.
Based on snappy-debug output, it looks like it's opening these files with the "r" flag, but I imagine it may need write access to some of these as well. I'm not sure.
For some context, kubelet is the main process that runs on each node in a Kubernetes cluster. Its main purpose is to orchestrate Docker containers, and it looks like it's using cgroups for tight control over the utilization of hardware resources.