Fix running tests under Docker/Podman and cgroup v2

For "make integration", the tests are run inside a Docker/Podman container. Problem is, if cgroup v2 is used, the in-container /sys/fs/cgroup/cgroup.subtree_control is empty. The added script, used as Docker entrypoint, moves the current process into a sub-cgroup, and then adds all controllers in top-level cgroup.subtree_control. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
opencontainers · Aug 3, 2023 · 3738044 · 3738044
1 parent a736028
commit 3738044
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -63,3 +63,7 @@ ENV PKG_CONFIG_PATH=/opt/libseccomp/lib/pkgconfig
 RUN git config --global --add safe.directory /go/src/github.com/opencontainers/runc
 
 WORKDIR /go/src/github.com/opencontainers/runc
+
+# Fixup for cgroup v2.
+COPY script/prepare-cgroup-v2.sh /
+ENTRYPOINT [ "/prepare-cgroup-v2.sh" ]
diff --git a/script/prepare-cgroup-v2.sh b/script/prepare-cgroup-v2.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+#
+# This script is used from ../Dockerfile as the ENTRYPOINT. It sets up cgroup
+# delegation for cgroup v2 to make sure runc tests can be properly run inside
+# a container.
+
+# Only do this for cgroup v2.
+if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
+	set -x
+	# Move the current process to a sub-cgroup.
+	mkdir /sys/fs/cgroup/init
+	echo 0 > /sys/fs/cgroup/init/cgroup.procs
+	# Enable all controllers.
+	sed -e 's/ / +/g' -e 's/^/+/' <"/sys/fs/cgroup/cgroup.controllers" >"/sys/fs/cgroup/cgroup.subtree_control"
+fi
+
+exec "$@"