runc icon indicating copy to clipboard operation
runc copied to clipboard

Published 20 hours ago verified publisher icon opencontainers

Add check for CONFIG_CGROUP_BPF in check-config.sh

Open dharmicksai opened this issue 3 years ago • 3 comments

cgroup v2 requires CONFIG_CGROUP_BPF kernel option to be set else runc can not start containers.

check-config.sh script checks if the CONFIG_CGROUP_BPF option is set. As this is available from kernel 4.15 a version gaurd is included to check CONFIG_CGROUP_BPF. The check is present under Optional Features.

Closes https://github.com/opencontainers/runc/issues/3547

Signed-off-by: dharmicksai [email protected]

dharmicksai avatar Aug 22 '22 16:08 dharmicksai

I have added the version guard to make sure the kernel version is at least 4.15 before checking for CONFIG_CGROUP_BPF The check is under Optional Features as it is required only when cgroup v2 is used.

dharmicksai avatar Aug 26 '22 16:08 dharmicksai

I have added the version guard to make sure the kernel version is at least 4.15 before checking for CONFIG_CGROUP_BPF

Thanks!

The check is under Optional Features as it is required only when cgroup v2 is used.

To my mind, this setting is not at all needed when cgroup v1 is used, and is required when cgroup v2 is used.

So maybe it makes sense to do something like

diff --git a/script/check-config.sh b/script/check-config.sh
index ec8bc63a..bc5a1d61 100755
--- a/script/check-config.sh
+++ b/script/check-config.sh
@@ -177,15 +177,17 @@ wrap_color "info: reading kernel config from $CONFIG ..." white
 echo
 
 echo 'Generally Necessary:'
-
+cgroup=''
 echo -n '- '
 if [ "$(stat -f -c %t /sys/fs/cgroup 2>/dev/null)" = "63677270" ]; then
        wrap_good 'cgroup hierarchy' 'cgroupv2'
+       cgroup=v2
 else
        cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)"
        cgroupDir="$(dirname "$cgroupSubsystemDir")"
        if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then
                wrap_good 'cgroup hierarchy' 'properly mounted' "[$cgroupDir]"
+               cgroup=v1
        else
                if [ "$cgroupSubsystemDir" ]; then
                        wrap_bad 'cgroup hierarchy' 'single mountpoint!' "[$cgroupSubsystemDir]"

and later, in "Generally necessary section", do

if [ "$cgroup" = "v2" ] && ! kernel_lt 4_15; then
  check_flags CONFIG_CGROUP_BPF
fi

(The above code is totally untested)

kolyshkin avatar Sep 03 '22 00:09 kolyshkin

Now the script also checks if cgroup v2 is being used before checking for the CONFIG_CGROUP_BPF option. The check is present in the "Generally necessary section"

dharmicksai avatar Sep 05 '22 14:09 dharmicksai