From 17ce567c6827abdcd517699bc07e82ccf48f7619 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 29 Apr 2021 21:08:23 +0200
Subject: cgroup: always honor --cgroup-parent with cgroupfs

if --cgroup-parent is specified, always honor it without doing any
detection whether cgroups are supported or not.

Closes: https://github.com/containers/podman/issues/10173

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/container_internal_linux.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'libpod/container_internal_linux.go')

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index f4762b5ff..f6045f881 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2224,8 +2224,19 @@ func (c *Container) getOCICgroupPath() (string, error) {
 	}
 	cgroupManager := c.CgroupManager()
 	switch {
-	case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)) || c.config.NoCgroups:
+	case c.config.NoCgroups:
 		return "", nil
+	case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)):
+		if c.config.CgroupParent == CgroupfsDefaultCgroupParent {
+			// old versions of podman were setting the CgroupParent to CgroupfsDefaultCgroupParent
+			// by default.  Avoid breaking these versions and check whether the cgroup parent is
+			// set to the default and in this case enable the old behavior.  It should not be a real
+			// problem because the default CgroupParent is usually owned by root so rootless users
+			// cannot access it.
+			// This check might be lifted in a future version of Podman.
+			return "", nil
+		}
+		return c.config.CgroupParent, nil
 	case c.config.CgroupsMode == cgroupSplit:
 		if c.config.CgroupParent != "" {
 			return c.config.CgroupParent, nil
-- 
cgit v1.2.3-54-g00ecf