From f01923376d04459dd6eac8584d5af8531c1d96de Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 10 Jan 2019 11:21:46 +0100
Subject: [PATCH] systemd: fix setting kernel memory limit

since commit df3fa115f97407713ec6ebe37a5ccf13b81dafd2 it is not
possible to set a kernel memory limit when using the systemd cgroups
backend as we use cgroup.Apply twice.

Skip enabling kernel memory if there are already tasks in the cgroup.

Without this patch, runc fails with:

container_linux.go:344: starting container process caused
"process_linux.go:311: applying cgroup configuration for process
caused \"failed to set memory.kmem.limit_in_bytes, because either
tasks have already joined this cgroup or it has children\""

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libcontainer/cgroups/systemd/apply_systemd.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libcontainer/cgroups/systemd/apply_systemd.go b/libcontainer/cgroups/systemd/apply_systemd.go
index 726ed38a..e8defe3a 100644
--- a/libcontainer/cgroups/systemd/apply_systemd.go
+++ b/libcontainer/cgroups/systemd/apply_systemd.go
@@ -5,6 +5,7 @@ package systemd
 import (
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"math"
 	"os"
 	"path/filepath"
@@ -590,6 +591,15 @@ func setKernelMemory(c *configs.Cgroup) error {
 	if err := os.MkdirAll(path, 0755); err != nil {
 		return err
 	}
+	// do not try to enable the kernel memory if we already have
+	// tasks in the cgroup.
+	content, err := ioutil.ReadFile(filepath.Join(path, "tasks"))
+	if err != nil {
+		return err
+	}
+	if len(content) > 0 {
+		return nil
+	}
 	return fs.EnableKernelMemoryAccounting(path)
 }