Merge pull request #4374 from giuseppe/create-cgroupns-by-default-on-cgroupsv2

namespaces: by default create cgroupns on cgroups v2

2 files changed, 18 insertions, 0 deletions

diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go
index 9d1033b93..78b55bb2a 100644
--- a/pkg/namespaces/namespaces.go
+++ b/pkg/namespaces/namespaces.go
@@ -25,6 +25,11 @@ func (n CgroupMode) IsHost() bool {
 	return n == hostType
 }
 
+// IsDefaultValue indicates whether the cgroup namespace has the default value.
+func (n CgroupMode) IsDefaultValue() bool {
+	return n == ""
+}
+
 // IsNS indicates a cgroup namespace passed in by path (ns:<path>)
 func (n CgroupMode) IsNS() bool {
 	return strings.HasPrefix(string(n), nsType)
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 86d701f7e..33e9ec076 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -631,6 +631,19 @@ func addIpcNS(config *CreateConfig, g *generate.Generator) error {
 
 func addCgroupNS(config *CreateConfig, g *generate.Generator) error {
 	cgroupMode := config.CgroupMode
+
+	if cgroupMode.IsDefaultValue() {
+		// If the value is not specified, default to "private" on cgroups v2 and "host" on cgroups v1.
+		unified, err := cgroups.IsCgroup2UnifiedMode()
+		if err != nil {
+			return err
+		}
+		if unified {
+			cgroupMode = "private"
+		} else {
+			cgroupMode = "host"
+		}
+	}
 	if cgroupMode.IsNS() {
 		return g.AddOrReplaceLinuxNamespace(string(spec.CgroupNamespace), NS(string(cgroupMode)))
 	}