ignition, machine: delegate cpu,io cgroup controllers to machine's default users

Makes sure that ignition setups up systemd config so cgroup controllers
like `cpu, io` are also delegated to `non-root` along with `memory,
pid`.

This allows general users of `podman` on `macOS` and `podman-remote` to
do operations which are dependent on `cpu, io` cgroup controllers.

[NO TESTS NEEDED]
[NO NEW TESTS NEEDED]
We don't have a CI infra to test this, please pull the tree and run
`podman info` inside the machine to confirm.

Signed-off-by: Aditya R <arajan@redhat.com>

1 files changed, 22 insertions, 0 deletions

diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index ca6abd48c..206c9144f 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -248,6 +248,10 @@ netns="bridge"
 machine_enabled=true
 `
 
+	delegateConf := `[Service]
+Delegate=memory pids cpu io
+`
+
 	// Add a fake systemd service to get the user socket rolling
 	files = append(files, File{
 		Node: Node{
@@ -280,6 +284,24 @@ machine_enabled=true
 			Mode: intToPtr(0744),
 		},
 	})
+
+	// Set delegate.conf so cpu,io subsystem is delegated to non-root users as well for cgroupv2
+	// by default
+	files = append(files, File{
+		Node: Node{
+			Group: getNodeGrp("root"),
+			Path:  "/etc/systemd/system/user@.service.d/delegate.conf",
+			User:  getNodeUsr("root"),
+		},
+		FileEmbedded1: FileEmbedded1{
+			Append: nil,
+			Contents: Resource{
+				Source: encodeDataURLPtr(delegateConf),
+			},
+			Mode: intToPtr(0644),
+		},
+	})
+
 	// Add a file into linger
 	files = append(files, File{
 		Node: Node{