From e1a8b52f3a6c601221ebc50d5c4f8bbea9455db3 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Tue, 16 May 2023 12:27:46 -0700
Subject: [PATCH 1/2] tests/int/cgroups: filter out rdma

Filter out rdma controller since systemd is unable to delegate it.
Similar to commits 05272718f4ec414d and 601cf5825f6cf7cd4c360.

(cherry picked from commit e83ca5191304963b66f6a917d119ac6c1fb5ef8d)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 tests/integration/cgroups.bats | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats
index 7fd2e30affa..589e3d8f878 100644
--- a/tests/integration/cgroups.bats
+++ b/tests/integration/cgroups.bats
@@ -49,8 +49,8 @@ function setup() {
 			if [ "$(id -u)" = "0" ]; then
 				check_cgroup_value "cgroup.controllers" "$(cat /sys/fs/cgroup/machine.slice/cgroup.controllers)"
 			else
-				# Filter out hugetlb and misc as systemd is unable to delegate them.
-				check_cgroup_value "cgroup.controllers" "$(sed -e 's/ hugetlb//' -e 's/ misc//' </sys/fs/cgroup/user.slice/user-"$(id -u)".slice/cgroup.controllers)"
+				# Filter out controllers that systemd is unable to delegate.
+				check_cgroup_value "cgroup.controllers" "$(sed 's/ \(hugetlb\|misc\|rdma\)//g' </sys/fs/cgroup/user.slice/user-"$(id -u)".slice/cgroup.controllers)"
 			fi
 		else
 			check_cgroup_value "cgroup.controllers" "$(cat /sys/fs/cgroup/cgroup.controllers)"

From d375351b79b9a339801bd690ebf3d26aeaa0ac61 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Mon, 8 Aug 2022 16:11:17 -0700
Subject: [PATCH 2/2] ci/cirrus: enable rootless tests on cs9

We were not running localrootlessintegration test on CentOS Stream 9
because of some failures fixed by previous commits.

Enable rootless integration with both systemd and fs drivers.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 78d31a49411392f79209d8337361745e87562a39)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 .cirrus.yml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/.cirrus.yml b/.cirrus.yml
index 6ad738e35af..6c67763dc54 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -111,6 +111,11 @@ task:
     centos-stream-9)
       dnf config-manager --set-enabled crb # for glibc-static
       dnf -y install epel-release epel-next-release # for fuse-sshfs
+      # Delegate all cgroup v2 controllers to rootless user via --systemd-cgroup.
+      # The default (since systemd v252) is "pids memory cpu".
+      mkdir -p /etc/systemd/system/user@.service.d
+      printf "[Service]\nDelegate=yes\n" > /etc/systemd/system/user@.service.d/delegate.conf
+      systemctl daemon-reload
       ;;
     esac
     # Work around dnf mirror failures by retrying a few times.
@@ -170,13 +175,19 @@ task:
   integration_fs_script: |
     ssh -tt localhost "make -C /home/runc localintegration"
   integration_systemd_rootless_script: |
-    echo "SKIP: integration_systemd_rootless_script requires cgroup v2"
+    case $DISTRO in
+    centos-7|centos-stream-8)
+      echo "SKIP: integration_systemd_rootless_script requires cgroup v2"
+      ;;
+    *)
+      ssh -tt localhost "make -C /home/runc localrootlessintegration RUNC_USE_SYSTEMD=yes"
+    esac
   integration_fs_rootless_script: |
     case $DISTRO in
     centos-7)
       echo "SKIP: FIXME: integration_fs_rootless_script is skipped because of EPERM on writing cgroup.procs"
         ;;
-    centos-stream-8)
+    *)
       ssh -tt localhost "make -C /home/runc localrootlessintegration"
       ;;
     esac