2021-09-27 19:44:11 +00:00
|
|
|
// +build linux,cgo
|
|
|
|
|
|
|
|
package cmds
|
|
|
|
|
|
|
|
import (
|
|
|
|
"os"
|
|
|
|
|
2021-10-01 18:13:25 +00:00
|
|
|
"github.com/containerd/containerd/pkg/userns"
|
2021-09-27 19:44:11 +00:00
|
|
|
"github.com/pkg/errors"
|
|
|
|
"github.com/rootless-containers/rootlesskit/pkg/parent/cgrouputil"
|
|
|
|
)
|
|
|
|
|
2021-10-08 19:47:20 +00:00
|
|
|
// EvacuateCgroup2 will handle evacuating the root cgroup in order to enable subtree_control,
|
|
|
|
// if running as pid 1 without rootless support.
|
|
|
|
func EvacuateCgroup2() error {
|
|
|
|
if os.Getpid() == 1 && !userns.RunningInUserNS() {
|
2021-10-01 18:13:25 +00:00
|
|
|
// The root cgroup has to be empty to enable subtree_control, so evacuate it by placing
|
|
|
|
// ourselves in the init cgroup.
|
|
|
|
if err := cgrouputil.EvacuateCgroup2("init"); err != nil {
|
|
|
|
return errors.Wrap(err, "failed to evacuate root cgroup")
|
|
|
|
}
|
2021-09-27 19:44:11 +00:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|