From 01a8539ef0ddfe26ada529d42febc222bf0c2f8d Mon Sep 17 00:00:00 2001
From: Lokesh Mandvekar <lsm5@redhat.com>
Date: Tue, 6 Feb 2024 16:14:25 +0530
Subject: [PATCH] Warn if cgroups-v1

Podman v5 will not support cgroups-v1. This commit will print a warning
if it detects a cgroups-v1 system. The warning can be hidden by setting
envvar `PODMAN_CGROUPSV1_WARNING`.

This warning is patched out for RHEL 9 builds as cgroups-v1 will still
be supported on RHEL 9 systems.

Resolves: https://issues.redhat.com/browse/RUN-1957

[NO NEW TESTS NEEDED]

Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
Co-authored-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
---
 .cirrus.yml                  | 3 +++
 contrib/cirrus/lib.sh        | 2 +-
 libpod/runtime.go            | 9 +++++++++
 rpm/podman.spec              | 5 +++++
 test/system/120-load.bats    | 5 +++++
 test/system/252-quadlet.bats | 5 +++++
 6 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/.cirrus.yml b/.cirrus.yml
index 621948c3e0..3cf4c0e752 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -123,6 +123,9 @@ build_task:
               DISTRO_NV: ${DEBIAN_NAME}
               VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME}
               CI_DESIRED_RUNTIME: runc
+              CI_DESIRED_NETWORK: netavark
+              # Ignore cgroups-v1 warnings on debian
+              PODMAN_IGNORE_CGROUPSV1_WARNING: true
     env:
         TEST_FLAVOR: build
     # NOTE: The default way Cirrus-CI clones is *NOT* compatible with
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index e1dd10570d..0fa72e20ec 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -95,7 +95,7 @@ EPOCH_TEST_COMMIT="$CIRRUS_BASE_SHA"
 # contexts, such as host->container or root->rootless user
 #
 # List of envariables which must be EXACT matches
-PASSTHROUGH_ENV_EXACT='CGROUP_MANAGER|DEST_BRANCH|DISTRO_NV|GOCACHE|GOPATH|GOSRC|OCI_RUNTIME|ROOTLESS_USER|SCRIPT_BASE|SKIP_USERNS|EC2_INST_TYPE|PODMAN_DB|STORAGE_FS'
+PASSTHROUGH_ENV_EXACT='CGROUP_MANAGER|DEST_BRANCH|DISTRO_NV|GOCACHE|GOPATH|GOSRC|NETWORK_BACKEND|OCI_RUNTIME|PODMAN_IGNORE_CGROUPSV1_WARNING|ROOTLESS_USER|SCRIPT_BASE|SKIP_USERNS|EC2_INST_TYPE|PODMAN_DB|STORAGE_FS'
 
 # List of envariable patterns which must match AT THE BEGINNING of the name.
 PASSTHROUGH_ENV_ATSTART='CI|LANG|LC_|TEST'
diff --git a/libpod/runtime.go b/libpod/runtime.go
index e30455da5f..3195742e70 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -393,6 +393,15 @@ func makeRuntime(runtime *Runtime) (retErr error) {
 	runtime.mergeDBConfig(dbConfig)
 
 	unified, _ := cgroups.IsCgroup2UnifiedMode()
+	// DELETE ON RHEL9
+	if !unified {
+		_, ok := os.LookupEnv("PODMAN_IGNORE_CGROUPSV1_WARNING")
+		if !ok {
+			logrus.Warn("Using cgroups-v1 which is deprecated in favor of cgroups-v2 with Podman v5 and will be removed in a future version. Set environment variable `PODMAN_IGNORE_CGROUPSV1_WARNING` to hide this warning.")
+		}
+	}
+	// DELETE ON RHEL9
+
 	if unified && rootless.IsRootless() && !systemd.IsSystemdSessionValid(rootless.GetRootlessUID()) {
 		// If user is rootless and XDG_RUNTIME_DIR is found, podman will not proceed with /tmp directory
 		// it will try to use existing XDG_RUNTIME_DIR
diff --git a/rpm/podman.spec b/rpm/podman.spec
index e5e233858d..d305f8df48 100644
--- a/rpm/podman.spec
+++ b/rpm/podman.spec
@@ -211,6 +211,11 @@ when `%{_bindir}/%{name}sh` is set as a login shell or set as os.Args[0].
 %autosetup -Sgit -n %{name}-%{version_no_tilde}
 sed -i 's;@@PODMAN@@\;$(BINDIR);@@PODMAN@@\;%{_bindir};' Makefile
 
+# cgroups-v1 is supported on rhel9
+%if 0%{?rhel} == 9
+sed -i '/DELETE ON RHEL9/,/DELETE ON RHEL9/d' libpod/runtime.go
+%endif
+
 # These changes are only meant for copr builds
 %if %{defined copr_build}
 # podman --version should show short sha
diff --git a/test/system/120-load.bats b/test/system/120-load.bats
index df4df99ba5..0372ac090e 100644
--- a/test/system/120-load.bats
+++ b/test/system/120-load.bats
@@ -88,6 +88,11 @@ verify_iid_and_name() {
         skip "impossible due to pitfalls in our SSH implementation"
     fi
 
+    # See https://github.com/containers/podman/pull/21431
+    if [[ -n "$PODMAN_IGNORE_CGROUPSV1_WARNING" ]]; then
+        skip "impossible to test due to pitfalls in our SSH implementation"
+    fi
+
     # The testing is the same whether we're root or rootless; all that
     # differs is the destination (not-me) username.
     if is_rootless; then
diff --git a/test/system/252-quadlet.bats b/test/system/252-quadlet.bats
index 8139c32ccf..1dda5518d2 100644
--- a/test/system/252-quadlet.bats
+++ b/test/system/252-quadlet.bats
@@ -153,6 +153,11 @@ Notify=yes
 LogDriver=passthrough
 EOF
 
+    # FIXME: Temporary until podman fully removes cgroupsv1 support; see #21431
+    if [[ -n "$PODMAN_IGNORE_CGROUPSV1_WARNING" ]]; then
+        skip "Way too complicated to test under cgroupsv1, and not worth the effort"
+    fi
+
     run_quadlet "$quadlet_file"
     service_setup $QUADLET_SERVICE_NAME