diff --git a/src/agent/rustjail/src/cgroups/fs/mod.rs b/src/agent/rustjail/src/cgroups/fs/mod.rs index 9913e945ee..f601f06069 100644 --- a/src/agent/rustjail/src/cgroups/fs/mod.rs +++ b/src/agent/rustjail/src/cgroups/fs/mod.rs @@ -1104,15 +1104,13 @@ impl Manager { }) } - /// Create a cgroupfs manager without creating any cgroups. - /// A typical case is for systemd cgroup: Systemd manager retains a - /// cgroupfs manager to read cgroup information only. Writing cgroup - /// rules is done by the systemd. That is, the cgroupfs manager runs in - /// read-only mode. - pub fn new_read_only(cpath: &str) -> Result { + /// Create a cgroupfs manager for systemd cgroup. + /// The device cgroup is disabled in systemd cgroup, given that it is + /// implemented by eBPF. + pub fn new_systemd(cpath: &str) -> Result { let (paths, mounts) = Self::get_paths_and_mounts(cpath).context("Get paths and mounts")?; - let cg = load_cgroup(cgroups::hierarchies::auto(), cpath); + let cg = new_cgroup(cgroups::hierarchies::auto(), cpath)?; Ok(Self { paths, diff --git a/src/agent/rustjail/src/cgroups/systemd/manager.rs b/src/agent/rustjail/src/cgroups/systemd/manager.rs index 07e1ecb80d..b4974d2bb7 100644 --- a/src/agent/rustjail/src/cgroups/systemd/manager.rs +++ b/src/agent/rustjail/src/cgroups/systemd/manager.rs @@ -113,7 +113,7 @@ impl Manager { let (parent_slice, unit_name) = cgroups_path.parse()?; let cpath = parent_slice + "/" + &unit_name; - let fs_manager = FsManager::new_read_only(cpath.as_str())?; + let fs_manager = FsManager::new_systemd(cpath.as_str())?; Ok(Manager { paths: fs_manager.paths.clone(),