nspawn: use mixed cgroup hierarchy only when container has new systemd

systemd-soon-to-be-released-232 is able to deal with the mixed hierarchy.
So make an educated guess, and use the mixed hierarchy in that case.

Tested by running the host with mixed hierarchy (i.e. simply using a recent
kernel with systemd from git), and booting first a container with older systemd,
and then one with a newer systemd.

Fixes #4008.

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 12d6eab8bea47d3a62a420a157b17c6722127300..a775d1ac4f3c08d65e99679a32df07acb038125c 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -316,7 +316,7 @@ static int custom_mounts_prepare(void) {
         return 0;
 }
 
-static int detect_unified_cgroup_hierarchy(void) {
+static int detect_unified_cgroup_hierarchy(const char *directory) {
         const char *e;
         int r, all_unified, systemd_unified;
 
@@ -344,9 +344,16 @@ static int detect_unified_cgroup_hierarchy(void) {
         /* Otherwise inherit the default from the host system */
         if (all_unified > 0)
                 arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_ALL;
-        else if (systemd_unified > 0)
-                arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_SYSTEMD;
-        else
+        else if (systemd_unified > 0) {
+                /* mixed cgroup hierarchy support was added in 232 */
+                r = systemd_installation_has_version(directory, 232);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to determine systemd version in container: %m");
+                if (r > 0)
+                        arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_SYSTEMD;
+                else
+                        arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_NONE;
+        } else
                 arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_NONE;
 
         return 0;
@@ -1125,10 +1132,6 @@ static int parse_argv(int argc, char *argv[]) {
 
         arg_caps_retain = (arg_caps_retain | plus | (arg_private_network ? 1ULL << CAP_NET_ADMIN : 0)) & ~minus;
 
-        r = detect_unified_cgroup_hierarchy();
-        if (r < 0)
-                return r;
-
         e = getenv("SYSTEMD_NSPAWN_CONTAINER_SERVICE");
         if (e)
                 arg_container_service_name = e;
@@ -2970,6 +2973,10 @@ static int outer_child(
         if (r < 0)
                 return r;
 
+        r = detect_unified_cgroup_hierarchy(directory);
+        if (r < 0)
+                return r;
+
         if (arg_userns_mode != USER_NAMESPACE_NO) {
                 /* Let the parent know which UID shift we read from the image */
                 l = send(uid_shift_socket, &arg_uid_shift, sizeof(arg_uid_shift), MSG_NOSIGNAL);