From 7b498764002090fd53a7b839cedcd66f093b0bb9 Mon Sep 17 00:00:00 2001 From: Kevin Jilissen Date: Tue, 16 Sep 2025 18:13:13 +0200 Subject: [PATCH] Fix cgroup checks for containers So far, from what I've noticed, is that you can perfectly fine run processes with a cgroup line of 0::/. I've been playing around with a non-systemd distro to see how they behave. I picked Alpine, which uses OpenRC. When you open a shell, you are actually in the 0::/ cgroup. But, as soon as you launch it on boot using the init system, it assigns you a cgroups service is running. As time is limited, I assume that most init systems will assign a cgroup with prefix if you run a service when cgroups are enabled. Therefore, we now assume that we have an invalid configuration if the cgroup prefix is empty. --- judge/create_cgroups.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/judge/create_cgroups.in b/judge/create_cgroups.in index d6dc85daba..8e3ed7ad2f 100755 --- a/judge/create_cgroups.in +++ b/judge/create_cgroups.in @@ -34,8 +34,8 @@ You can try using cgroup V1 by adding systemd.unified_cgroup_hierarchy=0 to the if ! echo "+cpuset" >> /sys/fs/cgroup/cgroup.subtree_control; then cgroup_error_and_usage "Error: Cannot add +cpuset to cgroup.subtree_control; check kernel params." fi - if ! grep -q "slice" /proc/self/cgroup; then - cgroup_error_and_usage "Error: Cgroups not configured properly, missing systemd slice under /proc/self/cgroup. If running under docker, make sure to set cgroupns=host." + if grep -q ":/$" /proc/self/cgroup; then + cgroup_error_and_usage "Error: Cgroups not configured properly, missing cgroup hierarchy prefix under /proc/self/cgroup. If running in a container, make sure to set cgroupns=host." fi else # Trying cgroup V1: