Merge pull request #9302 from giuseppe/cgroup-split-v1

utils: takes the longest path on cgroup v1
2025-10-25 02:04:43 +08:00 · 2021-02-11 17:46:37 -05:00
parent b38b1433b3 660a06f2f7
commit 1b284a298c
3 changed files with 49 additions and 10 deletions
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@ -619,6 +619,13 @@ func SkipIfNotRootless(reason string) {
 	}
 }

+func SkipIfNotSystemd(manager, reason string) {
+	checkReason(reason)
+	if manager != "systemd" {
+		ginkgo.Skip("[notSystemd]: " + reason)
+	}
+}
+
 func SkipIfNotFedora() {
 	info := GetHostDistributionInfo()
 	if info.Distribution != "fedora" {
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@ -1191,6 +1191,37 @@ USER mail`
 		Expect(found).To(BeTrue())
 	})

+	It("podman run with cgroups=split", func() {
+		SkipIfNotSystemd(podmanTest.CgroupManager, "do not test --cgroups=split if not running on systemd")
+		SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users")
+		SkipIfRemote("--cgroups=split cannot be used in remote mode")
+
+		container := podmanTest.Podman([]string{"run", "--rm", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"})
+		container.WaitWithDefaultTimeout()
+		Expect(container.ExitCode()).To(Equal(0))
+		lines := container.OutputToStringArray()
+
+		cgroup := ""
+		for _, line := range lines {
+			parts := strings.SplitN(line, ":", 3)
+			if !CGROUPSV2 {
+				// ignore unified on cgroup v1
+				// both runc and crun do not set it.
+				if parts[1] == "" {
+					continue
+				}
+			}
+			if parts[2] == "/" {
+				continue
+			}
+			if cgroup == "" {
+				cgroup = parts[2]
+				continue
+			}
+			Expect(cgroup).To(Equal(parts[2]))
+		}
+	})
+
 	It("podman run with cgroups=disabled runs without cgroups", func() {
 		SkipIfRootless("FIXME:  I believe this should work but need to fix this test")
 		SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users")
--- a/utils/utils_supported.go
+++ b/utils/utils_supported.go
@ -81,16 +81,9 @@ func getCgroupProcess(procFile string) (string, error) {
 			cgroup = line[3:]
 			break
 		}
-		// root cgroup, skip it
-		if parts[2] == "/" {
-			continue
+		if len(parts[2]) > len(cgroup) {
+			cgroup = parts[2]
 		}
-		// The process must have the same cgroup path for all controllers
-		// The OCI runtime spec file allow us to specify only one path.
-		if cgroup != "/" && cgroup != parts[2] {
-			return "", errors.Errorf("cgroup configuration not supported, the process is in two different cgroups")
-		}
-		cgroup = parts[2]
 	}
 	if cgroup == "/" {
 		return "", errors.Errorf("could not find cgroup mount in %q", procFile)
@ -150,6 +143,11 @@ func moveUnderCgroup(cgroup, subtree string, processes []uint32) error {
 			// If it is not using unified mode, the cgroup v2 hierarchy is
 			// usually mounted under /sys/fs/cgroup/unified
 			cgroupRoot = filepath.Join(cgroupRoot, "unified")
+
+			// Ignore the unified mount if it doesn't exist
+			if _, err := os.Stat(cgroupRoot); err != nil && os.IsNotExist(err) {
+				continue
+			}
 		} else if parts[1] != "" {
 			// Assume the controller is mounted at /sys/fs/cgroup/$CONTROLLER.
 			controller := strings.TrimPrefix(parts[1], "name=")
@ -161,7 +159,7 @@ func moveUnderCgroup(cgroup, subtree string, processes []uint32) error {
 			parentCgroup = parts[2]
 		}
 		newCgroup := filepath.Join(cgroupRoot, parentCgroup, subtree)
-		if err := os.Mkdir(newCgroup, 0755); err != nil && !os.IsExist(err) {
+		if err := os.MkdirAll(newCgroup, 0755); err != nil && !os.IsExist(err) {
 			return err
 		}

@ -183,6 +181,9 @@ func moveUnderCgroup(cgroup, subtree string, processes []uint32) error {
 				return err
 			}
 			for _, pid := range bytes.Split(processesData, []byte("\n")) {
+				if len(pid) == 0 {
+					continue
+				}
 				if _, err := f.Write(pid); err != nil {
 					logrus.Warnf("Cannot move process %s to cgroup %q", string(pid), newCgroup)
 				}