we don't ignore cgroup2 mountpoints

[cyphar]

From systemd/systemd#4670:

$ ../runc -v
runc version 1.0.0-rc2
commit: 8893fa693bf9bf29e5a156369bc51b887df43924
spec: 1.0.0-rc2-dev

# "legacy"-mode
$ grep cgroup /proc/self/mountinfo
24 17 0:22 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755
25 24 0:23 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
27 24 0:25 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,blkio
28 24 0:26 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,cpuset
29 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,memory
30 24 0:28 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,pids
31 24 0:29 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,net_cls,net_prio
32 24 0:30 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,perf_event
33 24 0:31 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,cpu,cpuacct
34 24 0:32 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,hugetlb
35 24 0:33 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,freezer
36 24 0:34 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,devices

# works fine
$ sudo ../runc run cont
/ # exit

$ mkdir -p /tmp/v2
$ sudo mount -t cgroup2 cgroup2 /tmp/v2/

$ sudo ../runc run cont
container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\\"cgroup\\\" to rootfs \\\"/home/vagrant/runc/cont/rootfs\\\" at \\\"/sys/fs/cgroup\\\" caused \\\"no subsystem for mount\\\"\""

$ sudo umount /tmp/v2

# works fine again
$ sudo ../runc run cont

This happens because of the quite-dodgy getCgroupMountsHelper code.

[ronin13]

I hate the same problem few days back (and got the cryptic error of 'no subsytem for mount'.) and in my case cgroup2 was mounted on /mnt. Regarding getCgroupMountsHelper. I did look around there and see that we are parsing mountinfo manually in many places, whereas in libcontainer github.com/docker/docker/pkg/mount is used. Are we thinking of unifying and using pkg/mount (which provides a cleaner interface), or may be like a go-binding of libmount (which is maintained by util-linux who maintain mount as well).