From 94e82121bf73c163d86d99fa37b0d64adf996fba Mon Sep 17 00:00:00 2001
From: "Jason T. Greene" <jason.greene@redhat.com>
Date: Fri, 20 May 2022 21:19:38 -0500
Subject: Support running podman under a root v2 cgroup

Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
---
 pkg/specgen/generate/validate.go | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'pkg')

diff --git a/pkg/specgen/generate/validate.go b/pkg/specgen/generate/validate.go
index 44c7818e7..a1affef31 100644
--- a/pkg/specgen/generate/validate.go
+++ b/pkg/specgen/generate/validate.go
@@ -1,6 +1,7 @@
 package generate
 
 import (
+	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -166,6 +167,14 @@ func verifyContainerResourcesCgroupV2(s *specgen.SpecGenerator) ([]string, error
 		if err != nil {
 			return warnings, err
 		}
+
+		if own == "/" {
+			// If running under the root cgroup try to create or reuse a "probe" cgroup to read memory values
+			own = "podman_probe"
+			_ = os.MkdirAll(filepath.Join("/sys/fs/cgroup", own), 0o755)
+			_ = ioutil.WriteFile("/sys/fs/cgroup/cgroup.subtree_control", []byte("+memory"), 0o644)
+		}
+
 		memoryMax := filepath.Join("/sys/fs/cgroup", own, "memory.max")
 		memorySwapMax := filepath.Join("/sys/fs/cgroup", own, "memory.swap.max")
 		_, errMemoryMax := os.Stat(memoryMax)
-- 
cgit v1.2.3-54-g00ecf