From 5f724728f9e2622c61aed29dd26ad0de6e62f674 Mon Sep 17 00:00:00 2001 From: Mark Yen Date: Tue, 3 Oct 2023 16:58:10 -0700 Subject: [PATCH] Don't support cgroupns on cgroups v1 Fixes #4108 Signed-off-by: Mark Yen (cherry picked from commit d48bf06e18c22f8304f6066b60fa560452dbd71f) Signed-off-by: Justin Chadwell --- executor/oci/spec_unix.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/executor/oci/spec_unix.go b/executor/oci/spec_unix.go index 97e95e9834b2..4cf13d3928fc 100644 --- a/executor/oci/spec_unix.go +++ b/executor/oci/spec_unix.go @@ -149,9 +149,13 @@ func getTracingSocket() string { func cgroupNamespaceSupported() bool { cgroupNSOnce.Do(func() { - if _, err := os.Stat("/proc/self/ns/cgroup"); !os.IsNotExist(err) { - supportsCgroupNS = true + if _, err := os.Stat("/proc/self/ns/cgroup"); os.IsNotExist(err) { + return } + if _, err := os.Stat("/sys/fs/cgroup/cgroup.subtree_control"); os.IsNotExist(err) { + return + } + supportsCgroupNS = true }) return supportsCgroupNS }