From b8f6a12d01e753fed4a1377ad912ae6191817d18 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 6 Sep 2023 17:29:23 +0200
Subject: [PATCH] libpod: create the cgroup pod before containers

When a container is created and it is part of a pod, we ensure the pod
cgroup exists so limits can be applied on the pod cgroup.

Closes: https://github.com/containers/podman/issues/19175

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/container_internal.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 1e665d27e5..4098296b5f 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1028,6 +1028,19 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error {
 	shutdown.Inhibit()
 	defer shutdown.Uninhibit()
 
+	// If the container is part of a pod, make sure the pod cgroup is created before the container
+	// so the limits can be applied.
+	if c.PodID() != "" {
+		pod, err := c.runtime.LookupPod(c.PodID())
+		if err != nil {
+			return err
+		}
+
+		if _, err := c.runtime.platformMakePod(pod, &pod.config.ResourceLimits); err != nil {
+			return err
+		}
+	}
+
 	// With the spec complete, do an OCI create
 	if _, err = c.ociRuntime.CreateContainer(c, nil); err != nil {
 		return err