Unified CGroups

Problem introduced with change from systemd 241 to 247. Main change is to drop CGroup V1 support and switch by default to unified CGroup V2.

Lots of issues are reported, and lots of containerization software needs to be upgraded:

• Docker (CGroup V2 supported since v20.10)
• kubernetes
• LXC
• libpam_cgfs cannot be used with pure unified systems

Resources:

• The current adoption status of cgroup v2 in containers
• Unable to start an unprivileged container on fresh install of Fedora 31

Add kernel boot commandline argument: systemd.unified_cgroup_hierarchy=0

From: https://linuxcontainers.org/lxc/getting-started/

Running unprivileged containers as an unprivileged user only works if you delegate a cgroup in advance (the cgroup2 delegation model enforces this restriction, not liblxc). Use the following systemd command to delegate the cgroup:

systemd-run --unit=myshell --user --scope -p "Delegate=yes" lxc-start <container-name>