Fix cgroups

cmd/urunc/create.go

@@ -29,6 +29,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli/v3"
 	m "github.com/urunc-dev/urunc/internal/metrics"
+	"github.com/urunc-dev/urunc/pkg/cgroup"
 	"github.com/urunc-dev/urunc/pkg/unikontainers"
 	"golang.org/x/sys/unix"
 )
@@ -259,6 +260,16 @@ func createUnikontainer(cmd *cli.Command, uruncCfg *unikontainers.UruncConfig) (
 		return err
 	}
 
+	// Setup cgroups
+	err = setupCgroups(cmd, unikontainer, containerPid)
+	if err != nil {
+		// Clean up on cgroup creation failure
+		if unikontainer.CgroupMgr != nil {
+			_ = unikontainer.CgroupMgr.Delete()
+		}
+		return fmt.Errorf("failed to setup cgroups: %w", err)
+	}
+
 	// execute CreateRuntime hooks
 	err = unikontainer.ExecuteHooks("CreateRuntime")
 	if err != nil {
@@ -278,6 +289,51 @@ func createUnikontainer(cmd *cli.Command, uruncCfg *unikontainers.UruncConfig) (
 	return err
 }
 
+// setupCgroups creates and configures cgroups for the container
+func setupCgroups(cmd *cli.Command, u *unikontainers.Unikontainer, pid int) error {
+	// Check if cgroups are disabled
+	if u.Spec.Linux == nil || u.Spec.Linux.CgroupsPath == "" {
+		logrus.Debug("Cgroups disabled or no cgroup path specified")
+		return nil
+	}
+
+	// Check if systemd cgroup driver is enabled
+	useSystemd := cmd.Bool("systemd-cgroup")
+
+	// Create cgroup manager config
+	cgroupCfg := cgroup.Config{
+		CgroupPath:        u.Spec.Linux.CgroupsPath,
+		ContainerID:       u.State.ID,
+		Resources:         u.Spec.Linux.Resources,
+		SandboxCgroupOnly: u.UruncCfg.Cgroup.SandboxCgroupOnly,
+		OverheadPath:      u.UruncCfg.Cgroup.OverheadPath,
+		UseSystemd:        useSystemd,
+	}
+
+	// Create cgroup manager
+	cgroupMgr, err := cgroup.NewManager(cgroupCfg)
+	if err != nil {
+		return fmt.Errorf("failed to create cgroup manager: %w", err)
+	}
+
+	// Create cgroups and add reexec process
+	if err := cgroupMgr.Create(context.Background(), u.Spec.Linux.Resources, pid, useSystemd); err != nil {
+		return fmt.Errorf("failed to create cgroups: %w", err)
+	}
+
+	// Store manager in unikontainer
+	u.CgroupMgr = cgroupMgr
+
+	logrus.WithFields(logrus.Fields{
+		"cgroup_path":         u.Spec.Linux.CgroupsPath,
+		"sandbox_cgroup_only": u.UruncCfg.Cgroup.SandboxCgroupOnly,
+		"use_systemd":         useSystemd,
+		"pid":                 pid,
+	}).Info("Cgroups created successfully")
+
+	return nil
+}
+
 func createReexecCmd(initSock *os.File, logPipe *os.File) *exec.Cmd {
 	selfPath := "/proc/self/exe"
 	reexecCommand := &exec.Cmd{

cmd/urunc/start.go

@@ -19,6 +19,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"time"
 
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli/v3"
@@ -111,5 +112,16 @@ func startUnikontainer(cmd *cli.Command) error {
 		return err
 	}
 
+	if unikontainer.CgroupMgr != nil && unikontainer.CgroupMgr.UsingSplitPolicy() {
+		vmmPid := unikontainer.State.Pid
+		time.Sleep(200 * time.Millisecond)
+
+		if err := unikontainer.CgroupMgr.MoveVCPUThreads(vmmPid); err != nil {
+			logrus.WithError(err).Warn("Failed to move vCPU threads to sandbox cgroup")
+		} else {
+			logrus.Info("Successfully moved vCPU threads to sandbox cgroup")
+		}
+	}
+
 	return unikontainer.ExecuteHooks("Poststart")
 }

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/BurntSushi/toml v1.5.0
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
 	github.com/cavaliergopher/cpio v1.0.1
+	github.com/containerd/cgroups/v3 v3.1.0
 	github.com/containerd/containerd v1.7.29
 	github.com/creack/pty v1.1.24
 	github.com/elastic/go-seccomp-bpf v1.6.0
@@ -32,7 +33,6 @@ require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Microsoft/hcsshim v0.13.0 // indirect
 	github.com/cilium/ebpf v0.20.0 // indirect
-	github.com/containerd/cgroups/v3 v3.1.0 // indirect
 	github.com/containerd/console v1.0.5 // indirect
 	github.com/containerd/containerd/api v1.10.0 // indirect
 	github.com/containerd/continuity v0.4.5 // indirect