From ea36045fe12e773fcb18b2514700b4ed5c3f77b6 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 9 Apr 2020 10:39:33 -0700 Subject: [PATCH] cgroupv2: fix fs2 driver default path When the cgroupv2 fs driver is used without setting cgroupsPath, it picks up a path from /proc/self/cgroup. On a host with systemd, such a path can look like (examples from my machines): - /user.slice/user-1000.slice/session-4.scope - /user.slice/user-1000.slice/user@1000.service/gnome-launched-xfce4-terminal.desktop-4260.scope - /user.slice/user-1000.slice/user@1000.service/gnome-terminal-server.service This cgroup already contains processes in it, which prevents to enable controllers for a sub-cgroup (writing to cgroup.subtree_control fails with EBUSY or EOPNOTSUPP). Obviously, a parent cgroup (which does not contain tasks) should be used. Fixes opencontainers/runc/issues/2298 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs2/defaultpath.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libcontainer/cgroups/fs2/defaultpath.go b/libcontainer/cgroups/fs2/defaultpath.go index 3d1fec33..ab35e4b1 100644 --- a/libcontainer/cgroups/fs2/defaultpath.go +++ b/libcontainer/cgroups/fs2/defaultpath.go @@ -48,6 +48,11 @@ func defaultDirPath(c *configs.Cgroup) (string, error) { if err != nil { return "", err } + // The current user scope most probably has tasks in it already, + // making it impossible to enable controllers for its sub-cgroup. + // A parent cgroup (with no tasks in it) is what we need. + ownCgroup = filepath.Dir(ownCgroup) + return _defaultDirPath(UnifiedMountpoint, cgPath, cgParent, cgName, ownCgroup) }