From b5f3a8cb399f5e78d2e88eb0cdaa489545de23eb Mon Sep 17 00:00:00 2001 From: Xuewei Niu Date: Fri, 13 Oct 2023 17:20:41 +0800 Subject: [PATCH] agent: Fix container launching failure with systemd cgroup FSManager of systemd cgroup manager is responsible for setting up cgroup path. The container launching will be failed if the FSManager is in read-only mode. Signed-off-by: Xuewei Niu --- src/agent/rustjail/src/cgroups/fs/mod.rs | 12 +++++------- src/agent/rustjail/src/cgroups/systemd/manager.rs | 2 +- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/src/agent/rustjail/src/cgroups/fs/mod.rs b/src/agent/rustjail/src/cgroups/fs/mod.rs index 9913e945ee..f601f06069 100644 --- a/src/agent/rustjail/src/cgroups/fs/mod.rs +++ b/src/agent/rustjail/src/cgroups/fs/mod.rs @@ -1104,15 +1104,13 @@ impl Manager { }) } - /// Create a cgroupfs manager without creating any cgroups. - /// A typical case is for systemd cgroup: Systemd manager retains a - /// cgroupfs manager to read cgroup information only. Writing cgroup - /// rules is done by the systemd. That is, the cgroupfs manager runs in - /// read-only mode. - pub fn new_read_only(cpath: &str) -> Result { + /// Create a cgroupfs manager for systemd cgroup. + /// The device cgroup is disabled in systemd cgroup, given that it is + /// implemented by eBPF. + pub fn new_systemd(cpath: &str) -> Result { let (paths, mounts) = Self::get_paths_and_mounts(cpath).context("Get paths and mounts")?; - let cg = load_cgroup(cgroups::hierarchies::auto(), cpath); + let cg = new_cgroup(cgroups::hierarchies::auto(), cpath)?; Ok(Self { paths, diff --git a/src/agent/rustjail/src/cgroups/systemd/manager.rs b/src/agent/rustjail/src/cgroups/systemd/manager.rs index 07e1ecb80d..b4974d2bb7 100644 --- a/src/agent/rustjail/src/cgroups/systemd/manager.rs +++ b/src/agent/rustjail/src/cgroups/systemd/manager.rs @@ -113,7 +113,7 @@ impl Manager { let (parent_slice, unit_name) = cgroups_path.parse()?; let cpath = parent_slice + "/" + &unit_name; - let fs_manager = FsManager::new_read_only(cpath.as_str())?; + let fs_manager = FsManager::new_systemd(cpath.as_str())?; Ok(Manager { paths: fs_manager.paths.clone(),