From 82218937948bd59f8d20e44575405874d56f0ae7 Mon Sep 17 00:00:00 2001
From: Andrei Vagin <avagin@google.com>
Date: Wed, 13 Oct 2021 13:48:43 -0700
Subject: runsc: allow to run rootless containers on cgroupV2

Before cl/402392291 and cl/402614820, it worked without any problem.

In this case, we just ignore a cgroup configuration. We do the same thing,
when we don't have permissions to create new cgroups on cgroupV1.

PiperOrigin-RevId: 402913129
---
 runsc/container/container.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/runsc/container/container.go b/runsc/container/container.go
index 6a59df411..77a0f7eba 100644
--- a/runsc/container/container.go
+++ b/runsc/container/container.go
@@ -1278,7 +1278,10 @@ func (c *Container) setupCgroupForSubcontainer(conf *config.Config, spec *specs.
 // no cgroups was configured.
 func cgroupInstall(conf *config.Config, cg *cgroup.Cgroup, res *specs.LinuxResources) (*cgroup.Cgroup, error) {
 	// TODO(gvisor.dev/issue/3481): Remove when cgroups v2 is supported.
-	if !conf.Rootless && cgroup.IsOnlyV2() {
+	if cgroup.IsOnlyV2() {
+		if conf.Rootless {
+			return nil, nil
+		}
 		return nil, fmt.Errorf("cgroups V2 is not yet supported. Enable cgroups V1 and retry")
 	}
 	if err := cg.Install(res); err != nil {
-- 
cgit v1.2.3