From 42b1175eda071c0e9121e1d64345928384a93df1 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 27 Apr 2021 17:56:41 +0900 Subject: [PATCH] hack/dind: fix cgroup v2 evacuation with `docker run --init` Evacuate all the processes in `/sys/fs/cgroup/cgroup.procs`, not just PID 1. Before: ```console $ docker run --rm --privileged --init $(docker build -q .) cat /sys/fs/cgroup/cgroup.subtree_control sed: couldn't flush stdout: Device or resource busy ``` After: ```console $ docker run --rm --privileged --init $(docker build -q .) cat /sys/fs/cgroup/cgroup.subtree_control cpuset cpu io memory hugetlb pids rdma ``` Fix docker-library/docker issue 308 Signed-off-by: Akihiro Suda --- hack/dind | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hack/dind b/hack/dind index 9d3d28e8f7..087270a7a8 100755 --- a/hack/dind +++ b/hack/dind @@ -27,10 +27,11 @@ fi # cgroup v2: enable nesting if [ -f /sys/fs/cgroup/cgroup.controllers ]; then - # move the init process (PID 1) from the root group to the /init group, + # move the processes from the root group to the /init group, # otherwise writing subtree_control fails with EBUSY. + # An error during moving non-existent process (i.e., "cat") is ignored. mkdir -p /sys/fs/cgroup/init - echo 1 > /sys/fs/cgroup/init/cgroup.procs + xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || : # enable controllers sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \ > /sys/fs/cgroup/cgroup.subtree_control