hack/dind: fix cgroup v2 evacuation with docker run --init

Evacuate all the processes in `/sys/fs/cgroup/cgroup.procs`, not just PID 1. Before: ```console $ docker run --rm --privileged --init $(docker build -q .) cat /sys/fs/cgroup/cgroup.subtree_control sed: couldn't flush stdout: Device or resource busy ``` After: ```console $ docker run --rm --privileged --init $(docker build -q .) cat /sys/fs/cgroup/cgroup.subtree_control cpuset cpu io memory hugetlb pids rdma ``` Fix docker-library/docker issue 308 Signed-off-by: Akihiro Suda <[email protected]>
WAGO · Apr 28, 2021 · 42b1175 · 42b1175
1 parent bac9062
commit 42b1175
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/hack/dind b/hack/dind
@@ -27,10 +27,11 @@ fi
 
 # cgroup v2: enable nesting
 if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
-	# move the init process (PID 1) from the root group to the /init group,
+	# move the processes from the root group to the /init group,
 	# otherwise writing subtree_control fails with EBUSY.
+	# An error during moving non-existent process (i.e., "cat") is ignored.
 	mkdir -p /sys/fs/cgroup/init
-	echo 1 > /sys/fs/cgroup/init/cgroup.procs
+	xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || :
 	# enable controllers
 	sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
 		> /sys/fs/cgroup/cgroup.subtree_control