From 1bb310d88fc94e2d2c55a9bf302b416b855fea47 Mon Sep 17 00:00:00 2001 From: Seth Hoenig Date: Tue, 14 Feb 2023 11:50:10 -0600 Subject: [PATCH] cgutil: handle panic from runc helper method This PR wraps the cgroups.IsCgroup2UnifiedMode() helper method from runc in a defer/recover block because it might panic in some cases. Upstream fix in: https://github.com/opencontainers/runc/pull/3745 Closes #16179 --- .changelog/16180.txt | 3 +++ client/lib/cgutil/cgutil_linux.go | 14 +++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 .changelog/16180.txt diff --git a/.changelog/16180.txt b/.changelog/16180.txt new file mode 100644 index 00000000000..265d62404e7 --- /dev/null +++ b/.changelog/16180.txt @@ -0,0 +1,3 @@ +```release-note:bug +cgutil: handle panic coming from runc helper method +``` diff --git a/client/lib/cgutil/cgutil_linux.go b/client/lib/cgutil/cgutil_linux.go index 178b65b7b83..84ce6b4089c 100644 --- a/client/lib/cgutil/cgutil_linux.go +++ b/client/lib/cgutil/cgutil_linux.go @@ -18,7 +18,19 @@ import ( // cgroups.v1 // // This is a read-only value. -var UseV2 = cgroups.IsCgroup2UnifiedMode() +var UseV2 = safelyDetectUnifiedMode() + +// Currently it is possible for the runc utility function to panic +// https://github.com/opencontainers/runc/pull/3745 +func safelyDetectUnifiedMode() (result bool) { + defer func() { + if r := recover(); r != nil { + result = false + } + }() + result = cgroups.IsCgroup2UnifiedMode() + return +} // GetCgroupParent returns the mount point under the root cgroup in which Nomad // will create cgroups. If parent is not set, an appropriate name for the version