From c06173bae3630cd1f953e69c4dd8df98904892a5 Mon Sep 17 00:00:00 2001
Message-Id: <c06173bae3630cd1f953e69c4dd8df98904892a5@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Mon, 1 Jul 2019 17:08:24 +0200
Subject: [PATCH] util: vircgroupv2: stop enabling missing controllers with
 systemd
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Because of a systemd delegation policy [1] we should not write to any
cgroups files owned by systemd which in case of cgroups v2 includes
'cgroups.subtree_control'.

systemd will enable controllers automatically for us to have them
available for VM cgroups.

[1] <https://github.com/systemd/systemd/blob/master/docs/CGROUP_DELEGATION.md>

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 62dd4d25a2bc5ee33ed22728dc79a5da99906748)

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1689297

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Message-Id: <273d20b3ced7f8b3ea0cc761cff25601f03e318f.1561993100.git.phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
 src/util/vircgroup.c        | 2 +-
 src/util/vircgroupbackend.h | 3 +++
 src/util/vircgroupv2.c      | 5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index a7fb595bce..3c99934b25 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -1075,7 +1075,7 @@ virCgroupEnableMissingControllers(char *path,
                          &tmp) < 0)
             goto cleanup;
 
-        if (virCgroupMakeGroup(parent, tmp, true, VIR_CGROUP_NONE) < 0) {
+        if (virCgroupMakeGroup(parent, tmp, true, VIR_CGROUP_SYSTEMD) < 0) {
             virCgroupFree(&tmp);
             goto cleanup;
         }
diff --git a/src/util/vircgroupbackend.h b/src/util/vircgroupbackend.h
index a825dc4be7..2b5be21a76 100644
--- a/src/util/vircgroupbackend.h
+++ b/src/util/vircgroupbackend.h
@@ -35,6 +35,9 @@ typedef enum {
                                        * attaching tasks
                                        */
     VIR_CGROUP_THREAD = 1 << 1, /* cgroup v2 handles threads differently */
+    VIR_CGROUP_SYSTEMD = 1 << 2, /* with systemd and cgroups v2 we cannot
+                                  * manually enable controllers that systemd
+                                  * doesn't know how to delegate */
 } virCgroupBackendFlags;
 
 typedef enum {
diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
index b0ed889cc8..749efa199b 100644
--- a/src/util/vircgroupv2.c
+++ b/src/util/vircgroupv2.c
@@ -394,6 +394,11 @@ virCgroupV2MakeGroup(virCgroupPtr parent ATTRIBUTE_UNUSED,
     VIR_AUTOFREE(char *) path = NULL;
     int controller;
 
+    if (flags & VIR_CGROUP_SYSTEMD) {
+        VIR_DEBUG("Running with systemd so we should not create cgroups ourselves.");
+        return 0;
+    }
+
     VIR_DEBUG("Make group %s", group->path);
 
     controller = virCgroupV2GetAnyController(group);
-- 
2.22.0