agent: Fix container launching failure with systemd cgroup

FSManager of systemd cgroup manager is responsible for setting up cgroup
path. The container launching will be failed if the FSManager is in
read-only mode.

Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>

src/agent/rustjail/src/cgroups/fs/mod.rs

@@ -1104,15 +1104,13 @@ impl Manager {
         })
     }
 
-    /// Create a cgroupfs manager without creating any cgroups.
-    /// A typical case is for systemd cgroup: Systemd manager retains a
-    /// cgroupfs manager to read cgroup information only. Writing cgroup
-    /// rules is done by the systemd. That is, the cgroupfs manager runs in
-    /// read-only mode.
-    pub fn new_read_only(cpath: &str) -> Result<Self> {
+    /// Create a cgroupfs manager for systemd cgroup.
+    /// The device cgroup is disabled in systemd cgroup, given that it is
+    /// implemented by eBPF.
+    pub fn new_systemd(cpath: &str) -> Result<Self> {
         let (paths, mounts) = Self::get_paths_and_mounts(cpath).context("Get paths and mounts")?;
 
-        let cg = load_cgroup(cgroups::hierarchies::auto(), cpath);
+        let cg = new_cgroup(cgroups::hierarchies::auto(), cpath)?;
 
         Ok(Self {
             paths,

src/agent/rustjail/src/cgroups/systemd/manager.rs

@@ -113,7 +113,7 @@ impl Manager {
         let (parent_slice, unit_name) = cgroups_path.parse()?;
         let cpath = parent_slice + "/" + &unit_name;
 
-        let fs_manager = FsManager::new_read_only(cpath.as_str())?;
+        let fs_manager = FsManager::new_systemd(cpath.as_str())?;
 
         Ok(Manager {
             paths: fs_manager.paths.clone(),