From 8fcb19a5a04921daa001b401014590fe62ede2fe Mon Sep 17 00:00:00 2001
From: Alessandro Puccetti <alessandro@kinvolk.io>
Date: Tue, 26 Jul 2016 17:17:59 +0200
Subject: [PATCH] stage1: disabling cgroup namespace in systemd-nspawn

If the kernel has the cgroup namespace enabled, systemd v232 will use it
by default. This was introduced by https://github.com/systemd/systemd/pull/3809
and it will cause problems in rkt when cgns is enabled and cgroup-v1 is used.
For more information see https://github.com/systemd/systemd/pull/3589#discussion_r70277625.
This patch tells systemd-nspawn not to use cgroup namespace using
the environment variable introduced by https://github.com/systemd/systemd/pull/3809.
---
 stage1/init/init.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/stage1/init/init.go b/stage1/init/init.go
index dd23063ebe..065959ce70 100644
--- a/stage1/init/init.go
+++ b/stage1/init/init.go
@@ -398,6 +398,14 @@ func getArgsEnv(p *stage1commontypes.Pod, flavor string, debug bool, n *networki
 	}
 
 	env = append(env, "SYSTEMD_NSPAWN_CONTAINER_SERVICE=rkt")
+	// TODO (alepuccetti) remove this line when rkt will use cgroup namespace
+	// If the kernel has the cgroup namespace enabled, systemd v232 will use it by default.
+	// This was introduced by https://github.com/systemd/systemd/pull/3809 and it will cause
+	// problems in rkt when cgns is enabled and cgroup-v1 is used. For more information see
+	// https://github.com/systemd/systemd/pull/3589#discussion_r70277625.
+	// The following line tells systemd-nspawn not to use cgroup namespace using the environment variable
+	// introduced by https://github.com/systemd/systemd/pull/3809.
+	env = append(env, "SYSTEMD_NSPAWN_USE_CGNS=no")
 
 	if len(privateUsers) > 0 {
 		args = append(args, "--private-users="+privateUsers)