containers · lsm5 · Nov 3, 2025 · Nov 3, 2025 · Nov 5, 2025 · Nov 5, 2025
diff --git a/cmd/podman/containers/unpause.go b/cmd/podman/containers/unpause.go
@@ -2,7 +2,6 @@ package containers
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"os"
 	"strings"
@@ -12,9 +11,7 @@ import (
 	"github.com/containers/podman/v6/cmd/podman/utils"
 	"github.com/containers/podman/v6/cmd/podman/validate"
 	"github.com/containers/podman/v6/pkg/domain/entities"
-	"github.com/containers/podman/v6/pkg/rootless"
 	"github.com/spf13/cobra"
-	"go.podman.io/common/pkg/cgroups"
 	"go.podman.io/common/pkg/completion"
 )
 
@@ -93,13 +90,6 @@ func unpause(_ *cobra.Command, args []string) error {
 	)
 	args = utils.RemoveSlash(args)
 
-	if rootless.IsRootless() && !registry.IsRemote() {
-		cgroupv2, _ := cgroups.IsCgroup2UnifiedMode()
-		if !cgroupv2 {
-			return errors.New("unpause is not supported for cgroupv1 rootless containers")
-		}
-	}
-
 	for _, cidFile := range unpauseCidFiles {
 		content, err := os.ReadFile(cidFile)
 		if err != nil {

diff --git a/cmd/podman/root.go b/cmd/podman/root.go
@@ -248,6 +248,8 @@ func setupRemoteConnection(podmanConfig *entities.PodmanConfig) string {
 func persistentPreRunE(cmd *cobra.Command, args []string) error {
 	logrus.Debugf("Called %s.PersistentPreRunE(%s)", cmd.Name(), strings.Join(os.Args, " "))
 
+	checkSupportedCgroups()
+
 	// Help, completion and commands with subcommands are special cases, no need for more setup
 	// Completion cmd is used to generate the shell scripts
 	if cmd.Name() == "help" || cmd.Name() == "completion" || cmd.HasSubCommands() {

diff --git a/cmd/podman/root_cgroups_linux.go b/cmd/podman/root_cgroups_linux.go
@@ -0,0 +1,18 @@
+//go:build linux
+
+package main
+
+import (
+	"github.com/sirupsen/logrus"
+	"go.podman.io/common/pkg/cgroups"
+)
+
+func checkSupportedCgroups() {
+	unified, err := cgroups.IsCgroup2UnifiedMode()
+	if err != nil {
+		logrus.Fatalf("Error determining cgroups mode")
+	}
+	if !unified {
+		logrus.Fatalf("Cgroups v1 not supported")
+	}
+}
diff --git a/cmd/podman/root_cgroups_unsupported.go b/cmd/podman/root_cgroups_unsupported.go
@@ -0,0 +1,7 @@
+//go:build !linux
+
+package main
+
+func checkSupportedCgroups() {
+	// NOP on Non Linux
+}
diff --git a/cmd/podman/system/service_abi_linux.go b/cmd/podman/system/service_abi_linux.go
@@ -3,7 +3,6 @@
 package system
 
 import (
-	"github.com/containers/podman/v6/pkg/rootless"
 	"github.com/sirupsen/logrus"
 	"go.podman.io/common/pkg/cgroups"
 	"go.podman.io/common/pkg/servicereaper"
@@ -15,11 +14,6 @@ func maybeStartServiceReaper() {
 }
 
 func maybeMoveToSubCgroup() {
-	cgroupv2, _ := cgroups.IsCgroup2UnifiedMode()
-	if rootless.IsRootless() && !cgroupv2 {
-		logrus.Warnf("Running 'system service' in rootless mode without cgroup v2, containers won't survive a 'system service' restart")
-	}
-
 	if err := cgroups.MaybeMoveToSubCgroup(); err != nil {
 		// it is a best effort operation, so just print the
 		// error for debugging purposes.

diff --git a/docs/source/locale/ja/LC_MESSAGES/markdown.po b/docs/source/locale/ja/LC_MESSAGES/markdown.po
@@ -26352,16 +26352,9 @@ msgstr ""
 msgid "Display a live stream of one or more containers' resource usage statistics"
 msgstr ""
 
-#: ../../source/markdown/podman-stats.1.md:15
-msgid ""
-"Note:  Podman stats does not work in rootless environments that use "
-"CGroups V1. Podman stats relies on CGroup information for statistics, and"
-" CGroup v1 is not supported for rootless use cases."
-msgstr ""
-
 #: ../../source/markdown/podman-stats.1.md:19
 msgid ""
-"Note: Rootless environments that use CGroups V2 are not able to report "
+"Note: Rootless environments are not able to report "
 "statistics about their networking usage."
 msgstr ""
 
@@ -26481,10 +26474,6 @@ msgstr ""
 msgid "Network Output"
 msgstr ""
 
-#: ../../source/markdown/podman-stats.1.md:1
-msgid ".PerCPU"
-msgstr ""
-
 #: ../../source/markdown/podman-stats.1.md:1
 msgid "CPU time consumed by all tasks [1]"
 msgstr ""
@@ -26521,10 +26510,6 @@ msgstr ""
 msgid "Same as UpTime"
 msgstr ""
 
-#: ../../source/markdown/podman-stats.1.md:64
-msgid "[1] Cgroups V1 only"
-msgstr ""
-
 #: ../../source/markdown/podman-stats.1.md:68
 msgid "**--interval**, **-i**=*seconds*"
 msgstr ""

diff --git a/docs/source/markdown/podman-stats.1.md.in b/docs/source/markdown/podman-stats.1.md.in
@@ -11,11 +11,7 @@ podman\-stats - Display a live stream of one or more container's resource usage
 ## DESCRIPTION
 Display a live stream of one or more containers' resource usage statistics
 
-Note:  Podman stats does not work in rootless environments that use cgroups v1.
-Podman stats relies on cgroup information for statistics, and cgroup v1 is not
-supported for rootless use cases.
-
-Note: Rootless environments that use cgroups v2 are not able to report statistics
+Note: Rootless environments are not able to report statistics
 about their networking usage.
 
 ## OPTIONS
@@ -52,15 +48,12 @@ Valid placeholders for the Go template are listed below:
 | .Name               | Container Name                                   |
 | .NetIO              | Network IO                                       |
 | .Network ...        | Network I/O, separated by network interface      |
-| .PerCPU             | CPU time consumed by all tasks [1]               |
 | .PIDs               | Number of PIDs                                   |
 | .PIDS               | Number of PIDs (yes, we know this is a dup)      |
 | .SystemNano         | Current system datetime, nanoseconds since epoch |
 | .Up                 | Duration (CPUNano), in human-readable form       |
 | .UpTime             | Same as Up                                       |
 
-[1] Cgroups V1 only
-
 When using a Go template, precede the format with `table` to print headers.
 
 #### **--interval**, **-i**=*seconds*

diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md
@@ -34,7 +34,6 @@ The CDI spec directory path (may be set multiple times). Default path is `/etc/c
 The CGroup manager to use for container cgroups. Supported values are __cgroupfs__ or __systemd__. Default is _systemd_ unless overridden in the containers.conf file.
 
 Note: Setting this flag can cause certain commands to break when called on containers previously created by the other CGroup manager type.
-Note: CGroup manager is not supported in rootless mode when using CGroups Version V1.
 
 #### **--config**
 Location of config file. Mainly for docker compatibility, only the authentication parts of the config are supported.

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
@@ -41,7 +41,6 @@ import (
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/sirupsen/logrus"
 	"go.podman.io/common/libnetwork/etchosts"
-	"go.podman.io/common/pkg/cgroups"
 	"go.podman.io/common/pkg/chown"
 	"go.podman.io/common/pkg/config"
 	"go.podman.io/common/pkg/hooks"
@@ -1361,41 +1360,25 @@ func (c *Container) waitForHealthy(ctx context.Context) error {
 }
 
 // Whether a container should use `all` when stopping
-func (c *Container) stopWithAll() (bool, error) {
+func (c *Container) stopWithAll() bool {
 	// If the container is running in a PID Namespace, then killing the
 	// primary pid is enough to kill the container.  If it is not running in
 	// a pid namespace then the OCI Runtime needs to kill ALL processes in
 	// the container's cgroup in order to make sure the container is stopped.
 	all := !c.hasNamespace(spec.PIDNamespace)
 	// We can't use --all if Cgroups aren't present.
-	// Rootless containers with Cgroups v1 and NoCgroups are both cases
-	// where this can happen.
-	if all {
-		if c.config.NoCgroups {
-			all = false
-		} else if rootless.IsRootless() {
-			// Only do this check if we need to
-			unified, err := cgroups.IsCgroup2UnifiedMode()
-			if err != nil {
-				return false, err
-			}
-			if !unified {
-				all = false
-			}
-		}
+	// Rootless containers with NoCgroups is a case where this can happen.
+	if all && c.config.NoCgroups {
+		all = false
 	}
-
-	return all, nil
+	return all
 }
 
 // Internal, non-locking function to stop container
 func (c *Container) stop(timeout uint) error {
 	logrus.Debugf("Stopping ctr %s (timeout %d)", c.ID(), timeout)
 
-	all, err := c.stopWithAll()
-	if err != nil {
-		return err
-	}
+	all := c.stopWithAll()
 
 	// OK, the following code looks a bit weird but we have to make sure we can stop
 	// containers with the restart policy always, to do this we have to set
@@ -1502,7 +1485,7 @@ func (c *Container) waitForConmonToExitAndSave() error {
 				// could open a pidfd on container PID1 before
 				// this to get the real exit code... But I'm not
 				// that dedicated.
-				all, _ := c.stopWithAll()
+				all := c.stopWithAll()
 				if err := c.ociRuntime.StopContainer(c, 0, all); err != nil {
 					logrus.Errorf("Error stopping container %s after Conmon exited prematurely: %v", c.ID(), err)
 				}
@@ -1559,16 +1542,6 @@ func (c *Container) pause() error {
 		return fmt.Errorf("cannot pause without using Cgroups: %w", define.ErrNoCgroups)
 	}
 
-	if rootless.IsRootless() {
-		cgroupv2, err := cgroups.IsCgroup2UnifiedMode()
-		if err != nil {
-			return fmt.Errorf("failed to determine cgroupversion: %w", err)
-		}
-		if !cgroupv2 {
-			return fmt.Errorf("can not pause containers on rootless containers with cgroup V1: %w", define.ErrNoCgroups)
-		}
-	}
-
 	if c.state.HCUnitName != "" {
 		if err := c.removeTransientFiles(context.Background(),
 			c.config.StartupHealthCheckConfig != nil && !c.state.StartupHCPassed,