From 9492c45d06c204c7cdfcae47efd17944cd233c7b Mon Sep 17 00:00:00 2001
From: Fupan Li <fupan.lfp@antgroup.com>
Date: Fri, 24 Jan 2025 18:55:50 +0800
Subject: [PATCH] runtime-rs: load the cgroup path correctly

When the sandbox api was enabled, the pause container would
be removed and sandbox start api only pass an empty bundle
directory, which means there's no oci spec file under it, thus
the cgroup config couldn't get the cgroup path from pause container's
oci spec. So we should set a default cgroup path for sandbox api
case.

In the future, we can promote containerd to pass the cgroup path during
the sandbox start phase.

Signed-off-by: Fupan Li <fupan.lfp@antgroup.com>
---
 .../crates/resource/src/cgroups/mod.rs        | 30 ++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/src/runtime-rs/crates/resource/src/cgroups/mod.rs b/src/runtime-rs/crates/resource/src/cgroups/mod.rs
index 96548f4f34..47b56f9b0b 100644
--- a/src/runtime-rs/crates/resource/src/cgroups/mod.rs
+++ b/src/runtime-rs/crates/resource/src/cgroups/mod.rs
@@ -29,6 +29,7 @@ use tokio::sync::RwLock;
 use crate::ResourceUpdateOp;
 
 const OS_ERROR_NO_SUCH_PROCESS: i32 = 3;
+const SANDBOXED_CGROUP_PATH: &str = "kata_sandboxed_pod";
 
 pub struct CgroupArgs {
     pub sid: String,
@@ -44,20 +45,21 @@ pub struct CgroupConfig {
 impl CgroupConfig {
     fn new(sid: &str, toml_config: &TomlConfig) -> Result<Self> {
         let overhead_path = utils::gen_overhead_path(sid);
-        let spec = load_oci_spec()?;
-        let path = spec
-            .linux()
-            .clone()
-            .and_then(|linux| linux.cgroups_path().clone())
-            .map(|path| {
-                // The trim of '/' is important, because cgroup_path is a relative path.
-                path.display()
-                    .to_string()
-                    .trim_start_matches('/')
-                    .to_string()
-            })
-            .unwrap_or_default();
-
+        let path = if let Ok(spec) = load_oci_spec() {
+            spec.linux()
+                .clone()
+                .and_then(|linux| linux.cgroups_path().clone())
+                .map(|path| {
+                    // The trim of '/' is important, because cgroup_path is a relative path.
+                    path.display()
+                        .to_string()
+                        .trim_start_matches('/')
+                        .to_string()
+                })
+                .unwrap_or_default()
+        } else {
+            format!("{}/{}", SANDBOXED_CGROUP_PATH, sid)
+        };
         Ok(Self {
             path,
             overhead_path,