From 8dc2464b03a1c4183e0a6264cbe3f99b2f65687f Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 12 Jan 2022 16:52:38 +0100
Subject: libpod: refine check for empty pod cgroup

rootless containers do not use cgroups on cgroupv1 or if using
cgroupfs, so improve the check to account for such configuration.

Closes: https://github.com/containers/podman/issues/10800
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2028243

[NO NEW TESTS NEEDED] it requires rebooting and the rundir on a non
tmpfs file system.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/container_internal_linux.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'libpod/container_internal_linux.go')

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 28d961e4b..b814021e8 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2728,6 +2728,24 @@ func isRootlessCgroupSet(cgroup string) bool {
 	return cgroup != CgroupfsDefaultCgroupParent && filepath.Dir(cgroup) != CgroupfsDefaultCgroupParent
 }
 
+func (c *Container) expectPodCgroup() (bool, error) {
+	unified, err := cgroups.IsCgroup2UnifiedMode()
+	if err != nil {
+		return false, err
+	}
+	cgroupManager := c.CgroupManager()
+	switch {
+	case c.config.NoCgroups:
+		return false, nil
+	case cgroupManager == config.SystemdCgroupsManager:
+		return !rootless.IsRootless() || unified, nil
+	case cgroupManager == config.CgroupfsCgroupsManager:
+		return !rootless.IsRootless(), nil
+	default:
+		return false, errors.Wrapf(define.ErrInvalidArg, "invalid cgroup mode %s requested for pods", cgroupManager)
+	}
+}
+
 // Get cgroup path in a format suitable for the OCI spec
 func (c *Container) getOCICgroupPath() (string, error) {
 	unified, err := cgroups.IsCgroup2UnifiedMode()
-- 
cgit v1.2.3-54-g00ecf