Merge release-20210208.0-82-g34e2cda9a (automated)

author: gVisor bot <gvisor-bot@google.com> 2021-02-23 00:02:30 +0000
committer: gVisor bot <gvisor-bot@google.com> 2021-02-23 00:02:30 +0000
commit: 9b511d5b59e06c72967f16f1e8ac23b99ce71560 (patch)
tree: 6afcc42dc5c650ff5586a7012268f195fe351e28 /runsc/container
parent: f98283501eed31a3bd941e5215a1453e16801ace (diff)
parent: 34e2cda9ad6a20861844776abfbb45052d20c3fa (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/runsc/container/container.go b/runsc/container/container.go
index aae64ae1c..40812efb8 100644
--- a/runsc/container/container.go
+++ b/runsc/container/container.go
@@ -230,7 +230,6 @@ func New(conf *config.Config, args Args) (*Container, error) {
 		if args.Spec.Linux.CgroupsPath == "" && !conf.TestOnlyAllowRunAsCurrentUserWithoutChroot {
 			args.Spec.Linux.CgroupsPath = "/" + args.ID
 		}
-
 		// Create and join cgroup before processes are created to ensure they are
 		// part of the cgroup from the start (and all their children processes).
 		cg, err := cgroup.New(args.Spec)
@@ -238,6 +237,10 @@ func New(conf *config.Config, args Args) (*Container, error) {
 			return nil, err
 		}
 		if cg != nil {
+			// TODO(gvisor.dev/issue/3481): Remove when cgroups v2 is supported.
+			if !conf.Rootless && cgroup.IsOnlyV2() {
+				return nil, fmt.Errorf("cgroups V2 is not yet supported. Enable cgroups V1 and retry")
+			}
 			// If there is cgroup config, install it before creating sandbox process.
 			if err := cg.Install(args.Spec.Linux.Resources); err != nil {
 				switch {
author	gVisor bot <gvisor-bot@google.com>	2021-02-23 00:02:30 +0000
committer	gVisor bot <gvisor-bot@google.com>	2021-02-23 00:02:30 +0000
commit	9b511d5b59e06c72967f16f1e8ac23b99ce71560 (patch)
tree	6afcc42dc5c650ff5586a7012268f195fe351e28 /runsc/container
parent	f98283501eed31a3bd941e5215a1453e16801ace (diff)
parent	34e2cda9ad6a20861844776abfbb45052d20c3fa (diff)