Check that cgroup is empty before deleting

[jseba]

The kernel will block an attempt to rmdir a cgroup path that still has running processes in it. Since the removal code uses the standard os.RemoveAll function, the Go runtime will helpfully fall back to an rm -rf-like removal algorithm if the cheap unlink/rmdir attempts fail.

Since cgroup files cannot be removed, the caller ends up with an unhelpful "unlinkat /sys/fs/cgroup/.../cgroup.events: operation not permitted" error message that doesn't actually give any actionable information because the original error was swallowed by the runtime.

This changes the Delete functions to detect cgroups with still running processes and return an error indicating that removal cannot be done.

Signed-off-by: Josh Seba [email protected]

[jseba]

If someone gets a chance to take a look at this again, I'd appreciate it! It bubbled up to the top of our ticket tracker to remind me to check on it. If there's any blockers let me know!