fix(snix/build): Don't enable cgroup namespace in oci build.

While we want it long term, disabing it for now as it causes runc startup failure when it runs inside nested cgroup namespaces. Change-Id: I121f1d79c6a02e68e7883e0edeba7f57627c20ed Reviewed-on: https://cl.snix.dev/c/snix/+/30236 Reviewed-by: Florian Klink <flokli@flokli.de> Tested-by: besadii
2025-03-21 16:19:38 +00:00 · 2025-03-21 16:19:38 +00:00 · 2bedbfdb18
commit 2bedbfdb18
parent 357004b20d
1 changed files with 4 additions and 1 deletions
--- a/snix/build/src/oci/spec.rs
+++ b/snix/build/src/oci/spec.rs
@ -172,7 +172,10 @@ fn configure_linux(
            LinuxNamespaceType::Ipc,
            LinuxNamespaceType::Uts,
            LinuxNamespaceType::Mount,
-            LinuxNamespaceType::Cgroup,
+            // We want to create a cgroup namespace in the future to be able to trace resource usage
+            // For now it's disabled as it causes issues in cases where the host machine is running in a
+            // messed up cgroup
+            // LinuxNamespaceType::Cgroup,
        ];
        if !allow_network {
            namespace_types.push(LinuxNamespaceType::Network)