toolbox: Force systemd-nspawn to use unified hierarchy Because the toolbox image doesn't have systemd installed, systemd-nspawn assumes it must run in legacy cgroup v1 mode instead of in cgroup v2 mode. This results in both cgroup v1 and v2 being used on an instance, regardless of the systemd.unified_cgroup_hierarchy setting. This default behavior was fixed in https://github.com/systemd/systemd/commit/d89ee0fcf983ae765aab9629349225ca036482f1, but applying that systemd patch could technically break users. As a mitigation for existing COS milestones, we can set SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=yes for the systemd-nspawn call to force toolbox to spawn with the unified v2 hierarchy, if possible. We can defer applying the systemd patch to COS 125 and above. BUG=b/406594194,b/407615979 TEST=presubmit, run modified toolbox script and ensure that it does not result in hybrid cgroups, run modified toolbox on an instance using hybrid cgroups and ensure that it doesn't error RELEASE_NOTE=Modified toolbox to use unified cgroup hierarchy mode instead of hybrid mode when possible. cos-patch: bug Change-Id: Ic4834396055cbea6fcfb8d464c089db4adc4d243
diff --git a/toolbox b/toolbox index 787ce9d..61c4061 100755 --- a/toolbox +++ b/toolbox
@@ -97,7 +97,10 @@ sudo touch ${osrelease} fi -sudo SYSTEMD_NSPAWN_SHARE_SYSTEM=1 systemd-nspawn \ +sudo \ + SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=yes \ + SYSTEMD_NSPAWN_SHARE_SYSTEM=1 \ + systemd-nspawn \ --directory="${machinepath}" \ --capability=all \ --resolv-conf="replace-host" \