youki icon indicating copy to clipboard operation
youki copied to clipboard
verified publisher icon containers

Handle frozen cgroup properly when creating container

Open wyhao31 opened this issue 7 months ago • 2 comments

Description

  • Added get_freezer_state in CgroupManager trait. Similar to GetFreezerState in https://github.com/opencontainers/cgroups/blob/6a793b6ea778415b3c0f7a3d2efdb70c786fad92/cgroups.go#L76
  • Implemented get_freezer_state for v1/v2/systemd in libcgroups crate.
    • For v2/systemd, reused the existing read_freezer_state function with some small change.
    • For v1, it's a little bit tricky. I referenced the implementation from https://github.com/opencontainers/cgroups/blob/6a793b6ea778415b3c0f7a3d2efdb70c786fad92/fs/freezer.go#L114.
  • Added cgroup frozen check in container_intermediate_process.

Type of Change

  • [x] Bug fix (non-breaking change that fixes an issue)
  • [ ] New feature (non-breaking change that adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] Documentation update
  • [ ] Refactoring (no functional changes)
  • [ ] Performance improvement
  • [ ] Test updates
  • [ ] CI/CD related changes
  • [ ] Other (please describe):

Testing

  • [ ] Added new unit tests
  • [ ] Added new integration tests
  • [x] Ran existing test suite I have run unit tests locally.
  • [x] Tested manually (please provide steps) Tested using the reproduce steps mentioned in the issue(#3233).
$ sudo ./youki run -b tutorial/ container
ERROR libcontainer::process::container_main_process: failed to run intermediate process cgroup error: container's cgroup unexpectedly frozen
ERROR libcontainer::container::builder_impl: failed to run container process intermediate process error cgroup error: container's cgroup unexpectedly frozen
ERROR youki: error in executing command: failed to create container: intermediate process error cgroup error: container's cgroup unexpectedly frozen
run failed : failed to create container: intermediate process error cgroup error: container's cgroup unexpectedly frozen

Related Issues

Fixes #3233

Additional Context

wyhao31 avatar Sep 22 '25 06:09 wyhao31

@YJDoc2 Can you please add the label to this PR? There's a check failure due to missing label.

wyhao31 avatar Oct 05 '25 07:10 wyhao31

Thanks for your PR! I left some comments.

utam0k avatar Oct 17 '25 00:10 utam0k