Fix running tests under Docker/Podman and cgroup v2

For "make integration", the tests are run inside a Docker/Podman
container. Problem is, if cgroup v2 is used, the in-container
/sys/fs/cgroup/cgroup.subtree_control is empty.

The added script, used as Docker entrypoint, moves the current process
into a sub-cgroup, and then adds all controllers in top-level
cgroup.subtree_control.

Signed-off-by: Kir Kolyshkin <[email protected]>

Author: kolyshkin

Dockerfile

@@ -63,3 +63,7 @@ ENV PKG_CONFIG_PATH=/opt/libseccomp/lib/pkgconfig
 RUN git config --global --add safe.directory /go/src/github.com/opencontainers/runc
 
 WORKDIR /go/src/github.com/opencontainers/runc
+
+# Fixup for cgroup v2.
+COPY script/prepare-cgroup-v2.sh /
+ENTRYPOINT [ "/prepare-cgroup-v2.sh" ]

script/prepare-cgroup-v2.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+#
+# This script is used from ../Dockerfile as the ENTRYPOINT. It sets up cgroup
+# delegation for cgroup v2 to make sure runc tests can be properly run inside
+# a container.
+
+# Only do this for cgroup v2.
+if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
+	set -x
+	# Move the current process to a sub-cgroup.
+	mkdir /sys/fs/cgroup/init
+	echo 0 >/sys/fs/cgroup/init/cgroup.procs
+	# Enable all controllers.
+	sed 's/\b\w/+\0/g' <"/sys/fs/cgroup/cgroup.controllers" >"/sys/fs/cgroup/cgroup.subtree_control"
+fi
+
+exec "$@"