runsc/container: ignore cgroup EBUSY errors in rootless mode

[prattmic]

When runsc is running inside of an existing container, writing to /sys/fs/cgroup/cgroup.subtree_control fails with EBUSY because the cgroup is not empty.

It is likely a more general bug that we fail here, but in rootless mode cgroups aren't required anyways, so we can workaround the issue by simply ignoring it in rootless mode.

For #8111.

[prattmic]

I don't think this will have any impact there since they are getting EINVAL and this CL ignores only EBUSY. But it could be related to the same underlying issue? I'm not sure.

One major difference is that their issue is 'rare', while mine is 100% reproducible, because my cgroup.procs always has contents prior to runsc running.

[manninglucas]

Looks like runc just ignores errors in this situation instead of erroring out like we for the reason you mentioned (could be rootless or containerized). I think a better solution here is to just imitate runc instead of adding a special case around Install(). I will follow up with a PR

[avagin]

What rootless mode do you mean? In case of --rootless, we ignore cgroup errors. If you are talking about true rootless containers, I don't think that we need to ignore cgroup errors. As for /sys/fs/cgroup/cgroup.subtree_control, we can read it to check that it has all required controlers.

[prattmic]

I am referring to runsc --rootless run.

The context of this is inclusion of gVisor "integration" benchmarks in Go's benchmarking suite. I don't think we particularly care about whether these are "true rootless containers", we just don't want to need root to run benchmarks.

[avagin]

@prattmic I think you can use the --ignore-cgroups in this case.

[github-actions]

A friendly reminder that this PR had no activity for 120 days.

[github-actions]

This PR has been closed due to lack of activity.