Use alternative method for systemd v248

saville · saville · commit 995a0b713a03 · 2024-11-12T11:50:01.000-07:00
diff --git a/buildrunner/docker/runner.py b/buildrunner/docker/runner.py
@@ -174,16 +174,18 @@ def start(
         security_opt = None
         command = shell
         tmpfs = {}
+        cgroupns = None
         if systemd:
             # If we are running in a systemd context, the following 3 settings are necessary to
             # allow services to run.
-            volumes[
-                "/sys/fs/cgroup"
-            ] = f"/sys/fs/cgroup:{'rw' if systemd_v248 else 'ro'}"
-            security_opt = ["seccomp=unconfined"]
-            command = "/usr/sbin/init"
             if systemd_v248:
+                volumes["/sys/fs/cgroup/buildrunner.scope"] = "/sys/fs/cgroup:rw"
                 tmpfs["/run"] = ""
+                cgroupns = "host"
+            else:
+                volumes["/sys/fs/cgroup"] = "/sys/fs/cgroup:ro"
+            security_opt = ["seccomp=unconfined"]
+            command = "/usr/sbin/init"
 
         if volumes:
             for key, value in volumes.items():
@@ -219,6 +221,7 @@ def start(
             "user": user,
             "working_dir": working_dir,
             "hostname": hostname,
+            "cgroupns": cgroupns,
             "host_config": self.docker_client.create_host_config(
                 binds=_binds,
                 links=links,
