Use alternative method for systemd v248

adobe · Nov 12, 2024 · ad50426 · ad50426
1 parent b936491
commit ad50426
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/buildrunner/docker/runner.py b/buildrunner/docker/runner.py
@@ -174,16 +174,18 @@ def start(
         security_opt = None
         command = shell
         tmpfs = {}
+        cgroupns = None
         if systemd:
             # If we are running in a systemd context, the following 3 settings are necessary to
             # allow services to run.
-            volumes[
-                "/sys/fs/cgroup"
-            ] = f"/sys/fs/cgroup:{'rw' if systemd_v248 else 'ro'}"
-            security_opt = ["seccomp=unconfined"]
-            command = "/usr/sbin/init"
             if systemd_v248:
+                volumes["/sys/fs/cgroup/buildrunner.scope"] = "/sys/fs/cgroup:rw"
                 tmpfs["/run"] = ""
+                cgroupns = "host"
+            else:
+                volumes["/sys/fs/cgroup"] = "/sys/fs/cgroup:ro"
+            security_opt = ["seccomp=unconfined"]
+            command = "/usr/sbin/init"
 
         if volumes:
             for key, value in volumes.items():
@@ -231,6 +233,7 @@ def start(
                 cap_add=cap_add,
                 privileged=privileged,
                 tmpfs=tmpfs,
+                cgroupns=cgroupns,
             ),
         }
         if entrypoint: