From 64c3e35c8c5a678e4a8bcfa744d08f0043aa76d6 Mon Sep 17 00:00:00 2001
From: kaiyou <dev@kaiyou.fr>
Date: Mon, 3 Oct 2022 20:32:38 +0200
Subject: [PATCH] Move cgroup evacuation to util functions

---
 pkg/selfcontain/init.go  | 17 ++---------------
 pkg/selfcontain/utils.go | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/pkg/selfcontain/init.go b/pkg/selfcontain/init.go
index 8b94bf6..eeb2a64 100644
--- a/pkg/selfcontain/init.go
+++ b/pkg/selfcontain/init.go
@@ -25,24 +25,11 @@ func init() {
 		// Do not start the full featured runtime
 		runtime.GOMAXPROCS(1)
 		runtime.LockOSThread()
-		// Evacuate cgroups, which is required for many in-container cgroup
-		// use cases, since we are now at the root cgroup
-		// Libcontainer cgroup manager is not designed for evacuation and will
-		// fail in such a case, so we are using cgroupfs directly, which is
-		// explicitely available due to defaults, and simple since we are
-		// the only running process at the moment
-		err := os.Mkdir("/sys/fs/cgroup/selfcontain", 0o755)
-		if err != nil {
-			logrus.Fatal("could not create evacuation cgroup: ", err)
-		}
-		err = os.WriteFile("/sys/fs/cgroup/selfcon/cgroup.procs", []byte("0"), 0o755)
-		if err != nil {
-			logrus.Fatal("could not evacuate self: ", err)
-		}
 		// Run libcontainer initialization, which will fork/exec to the
 		// provided process executable, a.k.a ourselves
+		logrus.Debug("initializing self-contained app")
 		factory, _ := libcontainer.New("")
-		err = factory.StartInitialization()
+		err := factory.StartInitialization()
 		if err != nil {
 			logrus.Fatal("could not run self-contained app: ", err)
 		}
diff --git a/pkg/selfcontain/utils.go b/pkg/selfcontain/utils.go
index 6a6eb14..6c2a132 100644
--- a/pkg/selfcontain/utils.go
+++ b/pkg/selfcontain/utils.go
@@ -16,6 +16,7 @@ func RunFun(config *Config, f runnable) error {
 	for _, arg := range os.Args {
 		if arg == argRunFun {
 			logrus.Debug("we are running inside the container...")
+			Evacuate()
 			f()
 			return nil
 		}
@@ -44,3 +45,21 @@ func RunFun(config *Config, f runnable) error {
 	}()
 	return c.Run()
 }
+
+// Evacuate cgroups, which is required for many in-container use cases
+// Remaining in the root cgroup would prevent creating any domain sub-cgroup
+func Evacuate() {
+	// Libcontainer cgroup manager is not designed for evacuation and will
+	// fail in such a case, so we are using cgroupfs directly, which is
+	// explicitely available due to defaults, and simple since we are
+	// the only running process at the moment
+	logrus.Debug("evacuating self to /selfcontain")
+	err := os.Mkdir("/sys/fs/cgroup/selfcontain", 0o755)
+	if err != nil && !os.IsExist(err) {
+		logrus.Fatal("could not create evacuation cgroup: ", err)
+	}
+	err = os.WriteFile("/sys/fs/cgroup/selfcontain/cgroup.procs", []byte("0"), 0o755)
+	if err != nil {
+		logrus.Fatal("could not evacuate self: ", err)
+	}
+}
-- 
GitLab