oci: config: default: add cgroupns to default set

With recent versions of runc, cgroupv2 configurations don't really work properly without cgroup namespaces (/sys/fs/cgroup mounts aren't remapped automatically the way they were with cgroupv1). Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
opencontainers · Sep 18, 2023 · fbc1339 · fbc1339
1 parent da96110
commit fbc1339
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -28,6 +28,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
   imported (with any `-dev` suffix stripped, as such a prefix causes havoc with
   verification tools -- ideally we would only ever use released versions of the
   spec but that's not always possible). #452
+- Add the `cgroup` namespace to the default configuration generated by `umoci
+  unpack` to make sure that our configuration plays nicely with `runc` when on
+  cgroupv2 systems.
 
 ### Fixed ###
 - In 0.4.7, a performance regression was introduced as part of the

diff --git a/oci/config/convert/default.go b/oci/config/convert/default.go
@@ -165,6 +165,9 @@ func Example() rspec.Spec {
 				},
 			},
 			Namespaces: []rspec.LinuxNamespace{
+				{
+					Type: "cgroup",
+				},
 				{
 					Type: "pid",
 				},