cros_sdk: drop cgroups usage

In the bad old days before pid namespaces existed in the kernel, we
had problems with cbuildbot/cros_sdk leaking processes.  However, we
were able to use cpuset cgroups to keep track of all processes that
we spawned, and then destroy any dangling ones on exit.  So we used
that in cbuildbot & cros_sdk to avoid leaks.

Now that we've had the pid namespace logic in the tree for 7 years,
we should be able to assume that people have this enabled in their
kernels (as all modern distros do).  If they're using a weird setup
that doesn't have it, then they probably don't have cgroups either,
and they can get the leaking process behavior.

This allows us to delete cgroups usage from here to simplify.  It
also avoids having to fix the cgroups code to work with the new v2
layout that newer systemd versions are using.

TEST=`cros_sdk` works w/cgroupsv2 & systemd host

Reviewed-by: Chris McDonald <>
Commit-Queue: Mike Frysinger <>
Tested-by: Mike Frysinger <>
Change-Id: I0e5eeda826638798abdc0ba80c313f4a154562ca
1 file changed
tree: ce73977ed641a66c1db9a96d0b2f8caab3a76e74
  1. .vscode/
  2. api/
  3. bin/
  4. bootstrap/
  5. cbuildbot/
  6. cidb/
  7. cli/
  8. config/
  9. contrib/
  10. cros/
  11. cros_bisect/
  12. docs/
  13. infra/
  14. lib/
  15. licensing/
  16. scripts/
  17. service/
  18. signing/
  19. ssh_keys/
  20. third_party/
  21. utils/
  22. venv/
  23. .dir-locals.el
  24. .env
  25. .gitignore
  26. .style.yapf
  27. .vpython
  30. codereview.settings
  33. OWNERS
  38. PRESUBMIT.cfg
  40. pylintrc
  41. README.chromium
  43. run_tests

Chromite Development: Starter Guide


This doc tries to give an overview and head start to anyone just starting out on Chromite development.


Before you get started on Chromite, we recommend that you go through ChromeOS developer guides at external (first) and then goto/chromeos-building for internal. The Gerrit starter guide may also be helpful. You should flash a built image on a test device (Ask around for one!).

Chromite was intended to be the unified codebase for anything related to building ChromeOS/ChromiumOS. Currently, it is the codebase responsible for several things including: building the OS from the requisite packages for the necessary board (parallel_emerge), driving the infrastructure build workflow (CBuildBot), hosting a Google App Engine App, and providing utility functions for various scripts scattered around ChromeOS repositories. It is written for the most part in Python with some Bash sprinkled in.

Directory Overview

You can use Code Search to lookup things in Chromite or ChromeOS in general. You can add a ChromeOS filter to only show files from CrOS repositories by going to CS Settings and adding a new Saved query: “package:^chromeos” named “chromeos”.


The Chromite API for the CI system. The API exposes a subset of the chromite functionality that needs to be strictly maintained as much as possible.


CBuildBot is the collection of entire code that runs on both the parent and the child build machines. It kicks off the individual stages in a particular build. It is a configurable bot that builds ChromeOS. More details on CBuildBot can be found in this tech talk (slides).


This folder contains configurations of the different builders in use. Each has its own set of stages to run usually called under RunStages function. Most builders used regularly are derived from SimpleBuilder class.


Each file here has implementations of stages in the build process grouped by similarity. Each stage usually has PerformStage as its primary function.


Additional documentation.


Code here is expected to be imported whenever necessary throughout Chromite.


Unlike lib, code in scripts will not and should not be imported anywhere. Instead they are executed as required in the build process. Each executable is linked to either or Some of these links are in chromite/bin. The wrapper figures out the directory of the executable script and the $PYTHONPATH. Finally, it invokes the correct Python installation by moving up the directory structure to find which git repo is making the call.


These files act as the centralized business logic for processes, utilizing lib for the implementation details. Any process that's implemented in chromite should generally have an entry point somewhere in a service such that it can be called from a script, the API, or anywhere else in lib where the process may be useful.


This folder contains all the third_party python libraries required by Chromite. You need a very strong reason to add any library to the current list. Please confirm with the owners beforehand.


This folder contains smaller, generic utility functionality that is not tied to any specific entities in the codebase that would make them more at home in a lib module.


This folder contains the chromite-specific infra repos.


There are smaller folders with miscellaneous functions like config, licencing, cidb, etc.

Testing your Chromite changes

Before any testing, you should check your code for lint errors with:

$ cros lint <filename>

Unit Tests

Every Python file in Chromite is accompanied by a corresponding file. More on unit tests here. Once written, the unit tests can be run using ./run_tests command in the Chromite directory. To test a specific file (say lib/, use

~/trunk/chromite $ ./run_tests lib/triage_lib_unittest

Run_tests without any argument runs all unit tests in Chromite. These unit tests are run in tryjobs, preCQ and CQ as well.

If you have to create a new Python file in Chromite, you should also create a {filename} in the same directory with all the unit tests. Also make a link called {filename}_unittest to /mnt/host/source/chromite/scripts/ See the other unittest files around if unclear.


You can also fire a build on a server (or even locally) to have an entire build happen similar to how it would in Commit Queue.

$ cros tryjob -g <gerrit-change-id> <trybot-config>
$ cros tryjob -h -> for help on more options

Add --hwtest to add hardware testing to your tryjob. You can use the link provided by the command to check the status of your tryjob. Alternatively, you can go to the CI UI tryjobs page and filter results by your email.


Once you mark your CL as Commit-Queue +1 on Chromium Gerrit, the PreCQ will pick up your change and fire few preset config runs as a precursor to CQ. Currently, it doesn’t include any hardware or VM testing (for now!).

Commit Queue

This is the final step in getting your change pushed. CQ is the most comprehensive of all tests. There are a multitude of CL's being validated in the same CQ. Once a CL is verified by CQ, it is merged into the codebase.

How does ChromeOS build work?

Refer to these talk slides on ChromeOS Build Overview.