I am currently deploying a docker container on Ubuntu 22.04 (Using Cgroup v2) with the following command:
docker run --name=testapp --cpuset-cpus=35,39 -it testapp
Is there any way at runtime I can ensure no Linux process can use cpus 35 and 39 except for my docker container above?
I believe for Cgroup v1 systems, one could use cset shielding to perform this task but the cset/cpuset Python app doesn't seem to work with Cgroup v2 currently.
The only way I can currently see a viable solution, is going into every process in /sys/fs/cgroup/system.slice (except for my docker container /sys/fs/cgroup/system.slice/docker-17321ee94...) and adding every cpu except for 35 and 39 into cpuset.cpus but this seems like a lot of work just to isolate one process/container.
I also understand the kernel boot param isolcpus can be used but that does not provide any runtime configuration which limits its usability