cgroups: Fix systemd cgroup support

As github.com/containerd/cgroups doesn't support scope units which are essential in some cases lets create the cgroups manually and load it trough the cgroups api This is currently done only when there's single sandbox cgroup (sandbox_cgroup_only=true), otherwise we set it as static cgroup path as it used to be (until a proper soultion for overhead cgroup under systemd will be suggested) Fixes: #2868 Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
2025-12-24 01:24:26 +01:00 · 2021-11-02 16:57:25 +02:00
parent b34ed403c5
commit bcf181b7ee
135 changed files with 22391 additions and 5 deletions
--- a/src/runtime/virtcontainers/sandbox.go
+++ b/src/runtime/virtcontainers/sandbox.go
@@ -654,7 +654,7 @@ func (s *Sandbox) createCgroups() error {
 	// Depending on the SandboxCgroupOnly value, this cgroup
 	// will either hold all the pod threads (SandboxCgroupOnly is true)
 	// or only the virtual CPU ones (SandboxCgroupOnly is false).
-	s.sandboxCgroup, err = cgroups.NewSandboxCgroup(cgroupPath, &resources)
+	s.sandboxCgroup, err = cgroups.NewSandboxCgroup(cgroupPath, &resources, s.config.SandboxCgroupOnly)
 	if err != nil {
 		return fmt.Errorf("Could not create the sandbox cgroup %v", err)
 	}
@@ -671,6 +671,8 @@ func (s *Sandbox) createCgroups() error {
 		// We're creating an overhead cgroup, with no constraints. Everything but
 		// the vCPU threads will eventually make it there.
 		overheadCgroup, err := cgroups.NewCgroup(fmt.Sprintf("/%s/%s", cgroupKataOverheadPath, s.id), &specs.LinuxResources{})
+		// TODO: support systemd cgroups overhead cgroup
+		// https://github.com/kata-containers/kata-containers/issues/2963
 		if err != nil {
 			return err
 		}