toolbox: Force systemd-nspawn to use unified hierarchy
Because the toolbox image doesn't have systemd installed, systemd-nspawn
assumes it must run in legacy cgroup v1 mode instead of in cgroup v2
mode. This results in both cgroup v1 and v2 being used on an instance,
regardless of the systemd.unified_cgroup_hierarchy setting. This default
behavior was fixed in
https://github.com/systemd/systemd/commit/d89ee0fcf983ae765aab9629349225ca036482f1,
but applying that systemd patch could technically break users.
As a mitigation for existing COS milestones, we can set
SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=yes for the systemd-nspawn call to
force toolbox to spawn with the unified v2 hierarchy, if possible. We
can defer applying the systemd patch to COS 125 and above.
BUG=b/406594194,b/407615979
TEST=presubmit, run modified toolbox script and ensure that it does not
result in hybrid cgroups, run modified toolbox on an instance using
hybrid cgroups and ensure that it doesn't error
RELEASE_NOTE=Modified toolbox to use unified cgroup hierarchy mode instead of hybrid mode when possible.
Change-Id: Ic4834396055cbea6fcfb8d464c089db4adc4d243
diff --git a/toolbox b/toolbox
index 787ce9d..61c4061 100755
--- a/toolbox
+++ b/toolbox
@@ -97,7 +97,10 @@
sudo touch ${osrelease}
fi
-sudo SYSTEMD_NSPAWN_SHARE_SYSTEM=1 systemd-nspawn \
+sudo \
+ SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=yes \
+ SYSTEMD_NSPAWN_SHARE_SYSTEM=1 \
+ systemd-nspawn \
--directory="${machinepath}" \
--capability=all \
--resolv-conf="replace-host" \
