Explore: Fixes to run garden with cgroups v2

- NOTE: This isn't everything! Just enough to run `gnd` on a really modified diego-cell instance. There are still failing tests in these packages: gqt ./gqt gqt_cleanup ./gqt_cleanup gqt_setup ./gqt_setup nerd ./rundmc/runcontainerd/nerd throttle ./throttle - In general, it seems like cgroups v2 does not require us to mount the cgroup or subelements (like `devices` `blkio`) in order to actually use the cgroup - We also needed to apply a patch from a PR to the lastest runC source code in order to avoid the failure on `runc exec` - Looks like it tried to read cgroups.procs but those don't always exist when runc is running in a threaded-mode. - See this PR for more context: - opencontainers/runc#4168 [#187184163](https://www.pivotaltracker.com/story/show/187184163) Signed-off-by: Maria Shaldybin <maria.shaldybin@broadcom.com>
cloudfoundry · Mar 8, 2024 · a11a929 · a11a929
1 parent 2b4a734
commit a11a929
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 21 deletions.
diff --git a/cmd/dadoo/dadoo_linux_test.go b/cmd/dadoo/dadoo_linux_test.go
@@ -13,10 +13,7 @@ import (
 	"time"
 
 	"code.cloudfoundry.org/garden"
-	"code.cloudfoundry.org/guardian/rundmc"
-	"code.cloudfoundry.org/guardian/rundmc/cgroups"
 	"code.cloudfoundry.org/guardian/rundmc/goci"
-	"code.cloudfoundry.org/lager/v3/lagertest"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/onsi/gomega/gbytes"
@@ -913,10 +910,10 @@ func mustOpen(path string) *os.File {
 	return r
 }
 
-func setupCgroups(cgroupsRoot string) error {
-	logger := lagertest.NewTestLogger("test")
+// func setupCgroups(cgroupsRoot string) error {
+// 	logger := lagertest.NewTestLogger("test")
 
-	starter := cgroups.NewStarter(logger, mustOpen("/proc/cgroups"), mustOpen("/proc/self/cgroup"), cgroupsRoot, "garden", []specs.LinuxDeviceCgroup{}, rundmc.IsMountPoint, false)
+// 	starter := cgroups.NewStarter(logger, mustOpen("/proc/cgroups"), mustOpen("/proc/self/cgroup"), cgroupsRoot, "garden", []specs.LinuxDeviceCgroup{}, rundmc.IsMountPoint, false)
 
-	return starter.Start()
-}
+// 	return starter.Start()
+// }
diff --git a/cmd/dadoo/dadoo_suite_test.go b/cmd/dadoo/dadoo_suite_test.go
@@ -5,7 +5,6 @@ package main_test
 import (
 	"encoding/json"
 	"os"
-	"path/filepath"
 	"strings"
 	"syscall"
 	"testing"
@@ -34,8 +33,8 @@ func TestDadoo(t *testing.T) {
 			return nil
 		}
 
-		cgroupsRoot = filepath.Join(os.TempDir(), "dadoo-cgroups")
-		Expect(setupCgroups(cgroupsRoot)).To(Succeed())
+		// cgroupsRoot = filepath.Join(os.TempDir(), "dadoo-cgroups")
+		//Expect(setupCgroups(cgroupsRoot)).To(Succeed())
 
 		bins["dadoo_bin_path"], err = gexec.Build("code.cloudfoundry.org/guardian/cmd/dadoo", "-mod=vendor")
 		Expect(err).NotTo(HaveOccurred())
@@ -76,8 +75,8 @@ func TestDadoo(t *testing.T) {
 			}
 		}
 
-		Expect(syscall.Unmount(cgroupsRoot, 0)).To(Succeed())
-		Expect(os.Remove(cgroupsRoot)).To(Succeed())
+		// Expect(syscall.Unmount(cgroupsRoot, 0)).To(Succeed())
+		// Expect(os.Remove(cgroupsRoot)).To(Succeed())
 	})
 
 	BeforeEach(func() {

diff --git a/guardiancmd/command_linux.go b/guardiancmd/command_linux.go
@@ -231,7 +231,7 @@ func privilegedMounts() []specs.Mount {
 func unprivilegedMounts() []specs.Mount {
 	return []specs.Mount{
 		{Destination: "/proc", Type: "proc", Source: "proc", Options: []string{"nosuid", "noexec", "nodev"}},
-		{Destination: "/sys/fs/cgroup", Type: "cgroup", Source: "cgroup", Options: []string{"ro", "nosuid", "noexec", "nodev"}},
+		// {Destination: "/sys/fs/cgroup", Type: "cgroup", Source: "cgroup", Options: []string{"ro", "nosuid", "noexec", "nodev"}},
 	}
 }
 

diff --git a/throttle/enforcer_linux_test.go b/throttle/enforcer_linux_test.go
@@ -214,12 +214,16 @@ func readCPUShares(cgroupPath string) int {
 }
 
 func mountCPUcgroup(cgroupRoot string) {
-	Expect(syscall.Mount("cgroup", cgroupRoot, "tmpfs", uintptr(0), "mode=0755")).To(Succeed())
+	// cgroups v2
+	Expect(syscall.Mount("cgroup", cgroupRoot, "cgroup2", uintptr(0), "mode=0755")).To(Succeed())
 
-	cpuCgroup := filepath.Join(cgroupRoot, "cpu")
-	Expect(os.MkdirAll(cpuCgroup, 0755)).To(Succeed())
+	// cgroups v1
+	// Expect(syscall.Mount("cgroup", cgroupRoot, "tmpfs", uintptr(0), "mode=0755")).To(Succeed())
+
+	// cpuCgroup := filepath.Join(cgroupRoot, "cpu")
+	// Expect(os.MkdirAll(cpuCgroup, 0755)).To(Succeed())
 
-	Expect(syscall.Mount("cgroup", cpuCgroup, "cgroup", uintptr(0), "cpu,cpuacct")).To(Succeed())
+	//Expect(syscall.Mount("cgroup", cpuCgroup, "cgroup2", uintptr(0), "cpu,cpuacct")).To(Succeed())
 }
 
 func umountCgroups(cgroupRoot string) {

diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go