From f2512de82dc91cfb742a4f4df934bdb4fcad482d Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Sun, 25 Feb 2024 09:10:51 +0800 Subject: [PATCH] core: refuse cgroupv1 unless SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE Also, add a 30s sleep even if cgroup v1 is forced. Closes #30852 --- src/core/main.c | 12 +++++++++++- src/shared/mount-setup.c | 3 +++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/core/main.c b/src/core/main.c index 20937e565f4..be6d07b333c 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -3017,11 +3017,21 @@ int main(int argc, char *argv[]) { } if (!skip_setup) { + /* Before we actually start deleting cgroup v1 code, make it harder to boot + * in cgroupv1 mode first. See also #30852. */ + r = mount_cgroup_legacy_controllers(loaded_policy); if (r < 0) { - error_message = "Failed to mount cgroup v1 hierarchy"; + if (r == -ERFKILL) + error_message = "Refusing to run under cgroup v1, SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 not specified on kernel command line"; + else + error_message = "Failed to mount cgroup v1 hierarchy"; goto finish; } + if (r > 0) { + log_full(LOG_CRIT, "Legacy cgroup v1 support selected. This is no longer supported. Will proceed anyway after 30s."); + (void) usleep_safe(30 * USEC_PER_SEC); + } } /* The efivarfs is now mounted, let's lock down the system token. */ diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c index 03690518c03..3c0132fd086 100644 --- a/src/shared/mount-setup.c +++ b/src/shared/mount-setup.c @@ -518,6 +518,9 @@ int mount_cgroup_legacy_controllers(bool loaded_policy) { if (!cg_is_legacy_wanted()) return 0; + if (!cg_is_legacy_force_enabled()) + return -ERFKILL; + FOREACH_ARRAY(mp, cgroupv1_mount_table, ELEMENTSOF(cgroupv1_mount_table)) { r = mount_one(mp, loaded_policy); if (r < 0) -- 2.47.3