From 544fee5fdaf3c79b6464ed52671073f219d4f479 Mon Sep 17 00:00:00 2001 From: flouthoc Date: Thu, 4 Sep 2025 23:00:02 -0700 Subject: [PATCH] Revert "cgroup: do not create a sub-cgroup by default" --- crun.1 | 24 +++++++++++------------- crun.1.md | 21 ++++++++++----------- src/libcrun/cgroup-systemd.c | 2 +- 3 files changed, 22 insertions(+), 25 deletions(-) diff --git a/crun.1 b/crun.1 index 7f2b1e7b09..0ca94941d0 100644 --- a/crun.1 +++ b/crun.1 @@ -577,28 +577,26 @@ chown -R the_user.the_user /sys/fs/cgroup/systemd .EE .SH \fBrun.oci.systemd.subgroup=SUBGROUP\fR -This configuration option allows you to define a sub-cgroup that will -be created under a systemd-managed cgroup for your container. - -.PP -When SUBGROUP is specified, the complete cgroup path will follow this -structure: +Override the name for the systemd sub cgroup created under the systemd +scope, so the final cgroup will be like: .EX /sys/fs/cgroup/$PATH/$SUBGROUP .EE .PP -If \fBSUBGROUP\fR is set to \fBcontainer\fR, a typical path could be: +When it is set to the empty string, a sub cgroup is not created. -.EX -/sys/fs/cgroup/system.slice/foo-352700.scope/container -.EE +.PP +If not specified, it defaults to \fBcontainer\fR on cgroup v2, and to \fB""\fR +on cgroup v1. .PP -If \fBSUBGROUP\fR is set to an empty string, no sub-cgroup will be -created. By default, this option is not configured, meaning no -sub-cgroup is created unless explicitly set. +e.g. + +.EX +/sys/fs/cgroup//system.slice/foo-352700.scope/container +.EE .SH \fBrun.oci.delegate-cgroup=DELEGATED-CGROUP\fR If the \fBrun.oci.systemd.subgroup\fR annotation is specified, yet another diff --git a/crun.1.md b/crun.1.md index 619f17438f..d1e136d9a4 100644 --- a/crun.1.md +++ b/crun.1.md @@ -489,25 +489,24 @@ chown -R the_user.the_user /sys/fs/cgroup/systemd ## `run.oci.systemd.subgroup=SUBGROUP` -This configuration option allows you to define a sub-cgroup that will -be created under a systemd-managed cgroup for your container. - -When SUBGROUP is specified, the complete cgroup path will follow this -structure: +Override the name for the systemd sub cgroup created under the systemd +scope, so the final cgroup will be like: ``` /sys/fs/cgroup/$PATH/$SUBGROUP ``` -If `SUBGROUP` is set to `container`, a typical path could be: +When it is set to the empty string, a sub cgroup is not created. + +If not specified, it defaults to `container` on cgroup v2, and to `""` +on cgroup v1. + +e.g. + ``` -/sys/fs/cgroup/system.slice/foo-352700.scope/container +/sys/fs/cgroup//system.slice/foo-352700.scope/container ``` -If `SUBGROUP` is set to an empty string, no sub-cgroup will be -created. By default, this option is not configured, meaning no -sub-cgroup is created unless explicitly set. - ## `run.oci.delegate-cgroup=DELEGATED-CGROUP` If the `run.oci.systemd.subgroup` annotation is specified, yet another diff --git a/src/libcrun/cgroup-systemd.c b/src/libcrun/cgroup-systemd.c index ce52648d58..8a4a92b13e 100644 --- a/src/libcrun/cgroup-systemd.c +++ b/src/libcrun/cgroup-systemd.c @@ -1987,7 +1987,7 @@ find_systemd_subgroup (string_map *annotations) return annotation; } - return NULL; + return "container"; } static int