From edad8f866d29895cd9206655ab1d99dbabcf3a7c Mon Sep 17 00:00:00 2001
From: Mrunal Patel <mpatel@redhat.com>
Date: Mon, 19 Dec 2016 15:01:27 -0800
Subject: [PATCH 1/3] Add configuration for specifying cgroup manager

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
---
 cmd/server/config.go | 6 ++++++
 cmd/server/main.go   | 7 +++++++
 server/config.go     | 4 ++++
 3 files changed, 17 insertions(+)

diff --git a/cmd/server/config.go b/cmd/server/config.go
index 0988976e..24db0c21 100644
--- a/cmd/server/config.go
+++ b/cmd/server/config.go
@@ -16,6 +16,7 @@ const (
 	pausePath           = "/usr/libexec/ocid/pause"
 	seccompProfilePath  = "/etc/ocid/seccomp.json"
 	apparmorProfileName = "ocid-default"
+	cgroupManager       = "cgroupfs"
 )
 
 var commentedConfigTemplate = template.Must(template.New("config").Parse(`
@@ -69,6 +70,10 @@ seccomp_profile = "{{ .SeccompProfile }}"
 # default for the runtime.
 apparmor_profile = "{{ .ApparmorProfile }}"
 
+# cgroup_manager is the cgroup management implementation to be used
+# for the runtime.
+cgroup_manager = "{{ .CgroupManager }}"
+
 # The "ocid.image" table contains settings pertaining to the
 # management of OCI images.
 [ocid.image]
@@ -102,6 +107,7 @@ func DefaultConfig() *server.Config {
 			SELinux:         selinux.SelinuxEnabled(),
 			SeccompProfile:  seccompProfilePath,
 			ApparmorProfile: apparmorProfileName,
+			CgroupManager:   cgroupManager,
 		},
 		ImageConfig: server.ImageConfig{
 			Pause:    pausePath,
diff --git a/cmd/server/main.go b/cmd/server/main.go
index 2f5a20dc..334dfecb 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -63,6 +63,9 @@ func mergeConfig(config *server.Config, ctx *cli.Context) error {
 	if ctx.GlobalIsSet("apparmor-profile") {
 		config.ApparmorProfile = ctx.GlobalString("apparmor-profile")
 	}
+	if ctx.GlobalIsSet("cgroup-manager") {
+		config.CgroupManager = ctx.GlobalString("cgroup-manager")
+	}
 	return nil
 }
 
@@ -150,6 +153,10 @@ func main() {
 			Name:  "selinux",
 			Usage: "enable selinux support",
 		},
+		cli.StringFlag{
+			Name:  "cgroup-manager",
+			Usage: "cgroup manager (cgroupfs or systemd)",
+		},
 	}
 
 	// remove once https://github.com/urfave/cli/pull/544 lands
diff --git a/server/config.go b/server/config.go
index 75e93aa3..20bd1663 100644
--- a/server/config.go
+++ b/server/config.go
@@ -72,6 +72,10 @@ type RuntimeConfig struct {
 	// ApparmorProfile is the apparmor profile name which is used as the
 	// default for the runtime.
 	ApparmorProfile string `toml:"apparmor_profile"`
+
+	// CgroupManager is the manager implementation name which is used to
+	// handle cgroups for containers.
+	CgroupManager string `toml:"cgroup_manager"`
 }
 
 // ImageConfig represents the "ocid.image" TOML config table.

From 5eab56e002f7c33f6e9f34b394df234e6c7e320c Mon Sep 17 00:00:00 2001
From: Mrunal Patel <mpatel@redhat.com>
Date: Mon, 19 Dec 2016 15:05:32 -0800
Subject: [PATCH 2/3] Pass cgroup manager to oci runtime manager

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
---
 oci/oci.go       | 24 +++++++++++++-----------
 server/server.go |  2 +-
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/oci/oci.go b/oci/oci.go
index ba7dada4..21d00220 100644
--- a/oci/oci.go
+++ b/oci/oci.go
@@ -34,24 +34,26 @@ const (
 )
 
 // New creates a new Runtime with options provided
-func New(runtimePath string, containerDir string, conmonPath string, conmonEnv []string) (*Runtime, error) {
+func New(runtimePath string, containerDir string, conmonPath string, conmonEnv []string, cgroupManager string) (*Runtime, error) {
 	r := &Runtime{
-		name:         filepath.Base(runtimePath),
-		path:         runtimePath,
-		containerDir: containerDir,
-		conmonPath:   conmonPath,
-		conmonEnv:    conmonEnv,
+		name:          filepath.Base(runtimePath),
+		path:          runtimePath,
+		containerDir:  containerDir,
+		conmonPath:    conmonPath,
+		conmonEnv:     conmonEnv,
+		cgroupManager: cgroupManager,
 	}
 	return r, nil
 }
 
 // Runtime stores the information about a oci runtime
 type Runtime struct {
-	name         string
-	path         string
-	containerDir string
-	conmonPath   string
-	conmonEnv    []string
+	name          string
+	path          string
+	containerDir  string
+	conmonPath    string
+	conmonEnv     []string
+	cgroupManager string
 }
 
 // syncInfo is used to return data from monitor process to daemon
diff --git a/server/server.go b/server/server.go
index 8f1ae391..cfa2e8e0 100644
--- a/server/server.go
+++ b/server/server.go
@@ -304,7 +304,7 @@ func New(config *Config) (*Server, error) {
 		return nil, err
 	}
 
-	r, err := oci.New(config.Runtime, config.ContainerDir, config.Conmon, config.ConmonEnv)
+	r, err := oci.New(config.Runtime, config.ContainerDir, config.Conmon, config.ConmonEnv, config.CgroupManager)
 	if err != nil {
 		return nil, err
 	}

From 6df58df215c246f7cb9d6da8d5f00a5d4ec1a580 Mon Sep 17 00:00:00 2001
From: Mrunal Patel <mpatel@redhat.com>
Date: Mon, 19 Dec 2016 15:06:27 -0800
Subject: [PATCH 3/3] Add support for systemd cgroups

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
---
 conmon/conmon.c            | 28 +++++++++++++++++++---------
 oci/oci.go                 |  6 +++++-
 server/container_create.go |  8 ++++++--
 server/sandbox_run.go      | 10 ++++++++--
 4 files changed, 38 insertions(+), 14 deletions(-)

diff --git a/conmon/conmon.c b/conmon/conmon.c
index aae3d104..e33dd7bf 100644
--- a/conmon/conmon.c
+++ b/conmon/conmon.c
@@ -48,8 +48,15 @@ static inline void closep(int *fd)
 	*fd = -1;
 }
 
+static inline void gstring_free_cleanup(GString **string)
+{
+	if (*string)
+		g_string_free(*string, TRUE);
+}
+
 #define _cleanup_free_ _cleanup_(freep)
 #define _cleanup_close_ _cleanup_(closep)
+#define _cleanup_gstring_ _cleanup_(gstring_free_cleanup)
 
 struct termios tty_orig;
 
@@ -68,6 +75,7 @@ static char *cid = NULL;
 static char *runtime_path = NULL;
 static char *bundle_path = NULL;
 static char *pid_file = NULL;
+static bool systemd_cgroup = false;
 static GOptionEntry entries[] =
 {
   { "terminal", 't', 0, G_OPTION_ARG_NONE, &terminal, "Terminal", NULL },
@@ -75,13 +83,13 @@ static GOptionEntry entries[] =
   { "runtime", 'r', 0, G_OPTION_ARG_STRING, &runtime_path, "Runtime path", NULL },
   { "bundle", 'b', 0, G_OPTION_ARG_STRING, &bundle_path, "Bundle path", NULL },
   { "pidfile", 'p', 0, G_OPTION_ARG_STRING, &pid_file, "PID file", NULL },
+  { "systemd-cgroup", 's', 0, G_OPTION_ARG_NONE, &systemd_cgroup, "Enable systemd cgroup manager", NULL },
   { NULL }
 };
 
 int main(int argc, char *argv[])
 {
 	int ret;
-	char cmd[CMD_SIZE];
 	char cwd[PATH_MAX];
 	char default_pid_file[PATH_MAX];
 	GError *err = NULL;
@@ -102,6 +110,7 @@ int main(int argc, char *argv[])
 	int len;
 	GError *error = NULL;
 	GOptionContext *context;
+	_cleanup_gstring_ GString *cmd = NULL;
 
 	/* Command line parameters */
 	context = g_option_context_new ("- conmon utility");
@@ -176,15 +185,16 @@ int main(int argc, char *argv[])
 	}
 
 	/* Create the container */
-	if (terminal) {
-		snprintf(cmd, CMD_SIZE,
-			 "%s create %s --bundle %s --pid-file %s --console %s",
-			 runtime_path, cid, bundle_path, pid_file, slname);
-	} else {
-		snprintf(cmd, CMD_SIZE, "%s create %s --bundle %s --pid-file %s",
-			 runtime_path, cid, bundle_path, pid_file);
+	cmd = g_string_new(runtime_path);
+	if (systemd_cgroup) {
+		g_string_append_printf(cmd, " --systemd-cgroup");
 	}
-	ret = system(cmd);
+	g_string_append_printf(cmd, " create %s --bundle %s --pid-file %s",
+			       cid, bundle_path, pid_file);
+	if (terminal) {
+		g_string_append_printf(cmd, " --console %s", slname);
+	}
+	ret = system(cmd->str);
 	if (ret != 0) {
 		nexit("Failed to create container");
 	}
diff --git a/oci/oci.go b/oci/oci.go
index 21d00220..1fa7f4e1 100644
--- a/oci/oci.go
+++ b/oci/oci.go
@@ -104,7 +104,11 @@ func (r *Runtime) CreateContainer(c *Container) error {
 	}
 	defer parentPipe.Close()
 
-	args := []string{"-c", c.name}
+	var args []string
+	if r.cgroupManager == "systemd" {
+		args = append(args, "-s")
+	}
+	args = append(args, "-c", c.name)
 	args = append(args, "-r", r.path)
 	args = append(args, "-b", c.bundlePath)
 	args = append(args, "-p", filepath.Join(c.bundlePath, "pidfile"))
diff --git a/server/container_create.go b/server/container_create.go
index 6ed46281..ccdc224a 100644
--- a/server/container_create.go
+++ b/server/container_create.go
@@ -252,8 +252,12 @@ func (s *Server) createSandboxContainer(containerID string, containerName string
 		}
 
 		if sb.cgroupParent != "" {
-			// NOTE: we only support cgroupfs for now, discussion happens in issue #270.
-			specgen.SetLinuxCgroupsPath(sb.cgroupParent + "/" + containerID)
+			if s.config.CgroupManager == "systemd" {
+				cgPath := sb.cgroupParent + ":" + "ocid" + ":" + containerID
+				specgen.SetLinuxCgroupsPath(cgPath)
+			} else {
+				specgen.SetLinuxCgroupsPath(sb.cgroupParent + "/" + containerID)
+			}
 		}
 
 		capabilities := linux.GetSecurityContext().GetCapabilities()
diff --git a/server/sandbox_run.go b/server/sandbox_run.go
index 498e6a3d..468e5526 100644
--- a/server/sandbox_run.go
+++ b/server/sandbox_run.go
@@ -245,8 +245,14 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 	// setup cgroup settings
 	cgroupParent := req.GetConfig().GetLinux().GetCgroupParent()
 	if cgroupParent != "" {
-		// NOTE: we only support cgroupfs for now, discussion happens in issue #270.
-		g.SetLinuxCgroupsPath(cgroupParent + "/" + containerID)
+		if s.config.CgroupManager == "systemd" {
+			cgPath := sb.cgroupParent + ":" + "ocid" + ":" + containerID
+			g.SetLinuxCgroupsPath(cgPath)
+
+		} else {
+			g.SetLinuxCgroupsPath(sb.cgroupParent + "/" + containerID)
+
+		}
 		sb.cgroupParent = cgroupParent
 	}