runsc: allow to run rootless containers on cgroupV2

Before cl/402392291 and cl/402614820, it worked without any problem. In this case, we just ignore a cgroup configuration. We do the same thing, when we don't have permissions to create new cgroups on cgroupV1. PiperOrigin-RevId: 402913129
author: Andrei Vagin <avagin@google.com> 2021-10-13 13:48:43 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-10-13 13:51:18 -0700
commit: 82218937948bd59f8d20e44575405874d56f0ae7 (patch)
tree: 36d704cedc41e884e34a9c211a836c7eb18b2d0c /runsc
parent: b74bbe11e6da5f3ec00bafe4a93ab383bea78af1 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/runsc/container/container.go b/runsc/container/container.go
index 6a59df411..77a0f7eba 100644
--- a/runsc/container/container.go
+++ b/runsc/container/container.go
@@ -1278,7 +1278,10 @@ func (c *Container) setupCgroupForSubcontainer(conf *config.Config, spec *specs.
 // no cgroups was configured.
 func cgroupInstall(conf *config.Config, cg *cgroup.Cgroup, res *specs.LinuxResources) (*cgroup.Cgroup, error) {
 	// TODO(gvisor.dev/issue/3481): Remove when cgroups v2 is supported.
-	if !conf.Rootless && cgroup.IsOnlyV2() {
+	if cgroup.IsOnlyV2() {
+		if conf.Rootless {
+			return nil, nil
+		}
 		return nil, fmt.Errorf("cgroups V2 is not yet supported. Enable cgroups V1 and retry")
 	}
 	if err := cg.Install(res); err != nil {
author	Andrei Vagin <avagin@google.com>	2021-10-13 13:48:43 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-10-13 13:51:18 -0700
commit	82218937948bd59f8d20e44575405874d56f0ae7 (patch)
tree	36d704cedc41e884e34a9c211a836c7eb18b2d0c /runsc
parent	b74bbe11e6da5f3ec00bafe4a93ab383bea78af1 (diff)