[Bug]: youki hangs when linux.cgroupsPath points to a frozen cgroup #3233
Description
Bug Description
If config.json’s linux.cgroupsPath points to a pre-frozen cgroup and you run youki run, youki appears to hang .
In contrast, runc detects this case and fails with an error, but it seems youki doesn’t have an equivalent check.
Steps to Reproduce
Create a frozen cgroup:
REL=/runc-cgroups-integration-test/test-cgroup-$$
CG=/sys/fs/cgroup$REL
sudo mkdir -p "$CG"
echo 1 | sudo tee "$CG/cgroup.freeze" >/dev/null
cat "$CG/cgroup.events"
populated 0
frozen 1
Update config.json’s cgroupsPath:
ls
config.json
jq '.linux.cgroupsPath = "'$REL'"' config.json | sudo tee config.json >/dev/null
It should look like this:
"linux": {
...
"cgroupsPath": "/runc-cgroups-integration-test/test-cgroup-4069"
}
When starting youki, you can see it stalls mid-run:
./youki run -b tutorial/ container
DEBUG youki: started by user 0 with ArgsOs { inner: ["./youki", "run", "-b", "tutorial/", "container"] }
DEBUG libcontainer::user_ns: this container does NOT create a new user namespace
DEBUG libcontainer::container::init_builder: container directory will be "/run/youki/container"
DEBUG libcontainer::container::container: Save container status: Container { state: State { oci_version: "v1.0.2", id: "container", status: Creating, pid: None, bundle: "/home/ubuntu/workspace/youki/tutorial", annotations: Some({}), created: None, creator: None, use_systemd: false, clean_up_intel_rdt_subdirectory: None }, root: "/run/youki/container" } in "/run/youki/container"
DEBUG libcontainer::user_ns: this container does NOT create a new user namespace
DEBUG libcontainer::notify_socket: create notify listener socket_path="/run/youki/container/notify.sock"
DEBUG libcontainer::notify_socket: the cwd to create the notify socket cwd="/home/ubuntu/workspace/youki"
INFO libcgroups::common: cgroup manager V2 will be used
DEBUG libcontainer::process::cpu_affinity: affinity: 0x3
With runc, container creation fails like this:
runc run -b tutorial/ container
ERRO[0000] runc run failed: container's cgroup unexpectedly frozen
Expectation
Fail fast on run and on create if linux.cgroupsPath points to a cgroup that is already frozen.
The above describes cgroup v2, but we want the same behavior for non-v2 (e.g., cgroup v1) as well.
Return a non-zero exit code and print a clear error similar to runc:
container's cgroup unexpectedly frozen
https://github.com/opencontainers/runc/blob/main/tests/integration/cgroups.bats#L518
System and Setup Info
No response