podman6: Remove cgroupsv1 support

Signed-off-by: Lokesh Mandvekar <[email protected]>

Author: lsm5

cmd/podman/containers/unpause.go

@@ -2,7 +2,6 @@ package containers
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"os"
 	"strings"
@@ -12,9 +11,7 @@ import (
 	"github.com/containers/podman/v5/cmd/podman/utils"
 	"github.com/containers/podman/v5/cmd/podman/validate"
 	"github.com/containers/podman/v5/pkg/domain/entities"
-	"github.com/containers/podman/v5/pkg/rootless"
 	"github.com/spf13/cobra"
-	"go.podman.io/common/pkg/cgroups"
 	"go.podman.io/common/pkg/completion"
 )
 
@@ -88,18 +85,9 @@ func init() {
 }
 
 func unpause(_ *cobra.Command, args []string) error {
-	var (
-		errs utils.OutputErrors
-	)
+	var errs utils.OutputErrors
 	args = utils.RemoveSlash(args)
 
-	if rootless.IsRootless() && !registry.IsRemote() {
-		cgroupv2, _ := cgroups.IsCgroup2UnifiedMode()
-		if !cgroupv2 {
-			return errors.New("unpause is not supported for cgroupv1 rootless containers")
-		}
-	}
-
 	for _, cidFile := range unpauseCidFiles {
 		content, err := os.ReadFile(cidFile)
 		if err != nil {

go.mod

@@ -192,3 +192,5 @@ require (
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	tags.cncf.io/container-device-interface/specs-go v1.0.0 // indirect
 )
+
+replace go.podman.io/common => github.com/lsm5/container-libs/common podman6-no-cgv1

go.sum

@@ -3,7 +3,6 @@
 package libpod
 
 import (
-	"errors"
 	"fmt"
 	"io/fs"
 	"os"
@@ -30,9 +29,7 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-var (
-	bindOptions = []string{define.TypeBind, "rprivate"}
-)
+var bindOptions = []string{define.TypeBind, "rprivate"}
 
 func (c *Container) mountSHM(shmOptions string) error {
 	contextType := "context"
@@ -267,11 +264,6 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
 		g.AddMount(tmpfsMnt)
 	}
 
-	unified, err := cgroups.IsCgroup2UnifiedMode()
-	if err != nil {
-		return err
-	}
-
 	hasCgroupNs := false
 	for _, ns := range c.config.Spec.Linux.Namespaces {
 		if ns.Type == spec.CgroupNamespace {
@@ -280,69 +272,25 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
 		}
 	}
 
-	if unified {
-		g.RemoveMount("/sys/fs/cgroup")
+	g.RemoveMount("/sys/fs/cgroup")
 
-		var systemdMnt spec.Mount
-		if hasCgroupNs {
-			systemdMnt = spec.Mount{
-				Destination: "/sys/fs/cgroup",
-				Type:        "cgroup",
-				Source:      "cgroup",
-				Options:     []string{"private", "rw"},
-			}
-		} else {
-			systemdMnt = spec.Mount{
-				Destination: "/sys/fs/cgroup",
-				Type:        define.TypeBind,
-				Source:      "/sys/fs/cgroup",
-				Options:     []string{define.TypeBind, "private", "rw"},
-			}
+	var systemdMnt spec.Mount
+	if hasCgroupNs {
+		systemdMnt = spec.Mount{
+			Destination: "/sys/fs/cgroup",
+			Type:        "cgroup",
+			Source:      "cgroup",
+			Options:     []string{"private", "rw"},
 		}
-		g.AddMount(systemdMnt)
 	} else {
-		hasSystemdMount := MountExists(mounts, "/sys/fs/cgroup/systemd")
-		if hasCgroupNs && !hasSystemdMount {
-			return errors.New("cgroup namespace is not supported with cgroup v1 and systemd mode")
-		}
-		mountOptions := []string{define.TypeBind, "rprivate"}
-
-		if !hasSystemdMount {
-			skipMount := hasSystemdMount
-			var statfs unix.Statfs_t
-			if err := unix.Statfs("/sys/fs/cgroup/systemd", &statfs); err != nil {
-				if errors.Is(err, os.ErrNotExist) {
-					// If the mount is missing on the host, we cannot bind mount it so
-					// just skip it.
-					skipMount = true
-				}
-				mountOptions = append(mountOptions, "nodev", "noexec", "nosuid")
-			} else {
-				if statfs.Flags&unix.MS_NODEV == unix.MS_NODEV {
-					mountOptions = append(mountOptions, "nodev")
-				}
-				if statfs.Flags&unix.MS_NOEXEC == unix.MS_NOEXEC {
-					mountOptions = append(mountOptions, "noexec")
-				}
-				if statfs.Flags&unix.MS_NOSUID == unix.MS_NOSUID {
-					mountOptions = append(mountOptions, "nosuid")
-				}
-				if statfs.Flags&unix.MS_RDONLY == unix.MS_RDONLY {
-					mountOptions = append(mountOptions, "ro")
-				}
-			}
-			if !skipMount {
-				systemdMnt := spec.Mount{
-					Destination: "/sys/fs/cgroup/systemd",
-					Type:        define.TypeBind,
-					Source:      "/sys/fs/cgroup/systemd",
-					Options:     mountOptions,
-				}
-				g.AddMount(systemdMnt)
-				g.AddLinuxMaskedPaths("/sys/fs/cgroup/systemd/release_agent")
-			}
+		systemdMnt = spec.Mount{
+			Destination: "/sys/fs/cgroup",
+			Type:        define.TypeBind,
+			Source:      "/sys/fs/cgroup",
+			Options:     []string{define.TypeBind, "private", "rw"},
 		}
 	}
+	g.AddMount(systemdMnt)
 
 	return nil
 }
@@ -385,16 +333,12 @@ func isRootlessCgroupSet(cgroup string) bool {
 }
 
 func (c *Container) expectPodCgroup() (bool, error) {
-	unified, err := cgroups.IsCgroup2UnifiedMode()
-	if err != nil {
-		return false, err
-	}
 	cgroupManager := c.CgroupManager()
 	switch {
 	case c.config.NoCgroups:
 		return false, nil
 	case cgroupManager == config.SystemdCgroupsManager:
-		return !rootless.IsRootless() || unified, nil
+		return true, nil
 	case cgroupManager == config.CgroupfsCgroupsManager:
 		return !rootless.IsRootless(), nil
 	default:
@@ -404,10 +348,6 @@ func (c *Container) expectPodCgroup() (bool, error) {
 
 // Get cgroup path in a format suitable for the OCI spec
 func (c *Container) getOCICgroupPath() (string, error) {
-	unified, err := cgroups.IsCgroup2UnifiedMode()
-	if err != nil {
-		return "", err
-	}
 	cgroupManager := c.CgroupManager()
 	switch {
 	case c.config.NoCgroups:
@@ -425,7 +365,7 @@ func (c *Container) getOCICgroupPath() (string, error) {
 		systemdCgroups := fmt.Sprintf("%s:libpod:%s", path.Base(c.config.CgroupParent), c.ID())
 		logrus.Debugf("Setting Cgroups for container %s to %s", c.ID(), systemdCgroups)
 		return systemdCgroups, nil
-	case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)):
+	case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager)):
 		if c.config.CgroupParent == "" || !isRootlessCgroupSet(c.config.CgroupParent) {
 			return "", nil
 		}

libpod/container_internal_linux.go

@@ -30,14 +30,8 @@ func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error {
 		return fmt.Errorf("getting Seccomp profile path: %w", err)
 	}
 
-	// Cgroups version
-	unified, err := cgroups.IsCgroup2UnifiedMode()
-	if err != nil {
-		return fmt.Errorf("reading cgroups mode: %w", err)
-	}
-
 	// Get Map of all available controllers
-	availableControllers, err := cgroups.AvailableControllers(nil, unified)
+	availableControllers, err := cgroups.AvailableControllers()
 	if err != nil {
 		return fmt.Errorf("getting available cgroup controllers: %w", err)
 	}
@@ -55,12 +49,6 @@ func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error {
 	}
 	info.Slirp4NetNS = define.SlirpInfo{}
 
-	cgroupVersion := "v1"
-	if unified {
-		cgroupVersion = "v2"
-	}
-	info.CgroupsVersion = cgroupVersion
-
 	slirp4netnsPath := r.config.Engine.NetworkCmdPath
 	if slirp4netnsPath == "" {
 		slirp4netnsPath, _ = r.config.FindHelperBinary(slirp4netns.BinaryName, true)

libpod/info_linux.go

@@ -12,21 +12,10 @@ import (
 	"github.com/containers/podman/v5/pkg/rootless"
 	"github.com/containers/podman/v5/pkg/systemd"
 	"github.com/sirupsen/logrus"
-	"go.podman.io/common/pkg/cgroups"
 )
 
 func checkCgroups2UnifiedMode(runtime *Runtime) {
-	unified, _ := cgroups.IsCgroup2UnifiedMode()
-	// DELETE ON RHEL9
-	if !unified {
-		_, ok := os.LookupEnv("PODMAN_IGNORE_CGROUPSV1_WARNING")
-		if !ok {
-			logrus.Warn("Using cgroups-v1 which is deprecated in favor of cgroups-v2 with Podman v5 and will be removed in a future version. Set environment variable `PODMAN_IGNORE_CGROUPSV1_WARNING` to hide this warning.")
-		}
-	}
-	// DELETE ON RHEL9
-
-	if unified && rootless.IsRootless() && !systemd.IsSystemdSessionValid(rootless.GetRootlessUID()) {
+	if rootless.IsRootless() && !systemd.IsSystemdSessionValid(rootless.GetRootlessUID()) {
 		// If user is rootless and XDG_RUNTIME_DIR is found, podman will not proceed with /tmp directory
 		// it will try to use existing XDG_RUNTIME_DIR
 		// if current user has no write access to XDG_RUNTIME_DIR we will fail later

libpod/runtime_linux.go

@@ -122,7 +122,7 @@ func (p *Pod) removePodCgroup() error {
 		// hard - instead, just log errors.
 		conmonCgroupPath := filepath.Join(p.state.CgroupPath, "conmon")
 		conmonCgroup, err := cgroups.Load(conmonCgroupPath)
-		if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless {
+		if err != nil && err != cgroups.ErrCgroupDeleted {
 			return fmt.Errorf("retrieving pod %s conmon cgroup: %w", p.ID(), err)
 		}
 		if err == nil {
@@ -131,7 +131,7 @@ func (p *Pod) removePodCgroup() error {
 			}
 		}
 		cgroup, err := cgroups.Load(p.state.CgroupPath)
-		if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless {
+		if err != nil && err != cgroups.ErrCgroupDeleted {
 			return fmt.Errorf("retrieving pod %s cgroup: %w", p.ID(), err)
 		}
 		if err == nil {

libpod/runtime_pod_linux.go

@@ -20,7 +20,6 @@ import (
 	"github.com/containers/podman/v5/pkg/util"
 	"github.com/sirupsen/logrus"
 	flag "github.com/spf13/pflag"
-	"go.podman.io/common/pkg/cgroups"
 	"go.podman.io/storage/pkg/idtools"
 	"go.podman.io/storage/types"
 )
@@ -182,14 +181,6 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo
 
 	if fs.Changed("cgroup-manager") {
 		options = append(options, libpod.WithCgroupManager(cfg.ContainersConf.Engine.CgroupManager))
-	} else {
-		unified, err := cgroups.IsCgroup2UnifiedMode()
-		if err != nil {
-			return nil, err
-		}
-		if rootless.IsRootless() && !unified {
-			options = append(options, libpod.WithCgroupManager("cgroupfs"))
-		}
 	}
 
 	// TODO flag to set libpod static dir?