snap-confine: fallback gracefully on a cgroup v2 only system

On a cgroup v2 only system we cannot use certain features like freezer or pid cgroups yet. In order to not die() when we run on such systems this PR implements detection and skipping of those. This will have to be done "properly" but for now it ensures that snaps continue to run on cgroup v2 only systems. 

2 files changed, 23 insertions, 0 deletions

diff --git a/cmd/libsnap-confine-private/cgroup-support.c b/cmd/libsnap-confine-private/cgroup-support.c
index 03dc4b160f..c61d516a47 100644
--- a/cmd/libsnap-confine-private/cgroup-support.c
+++ b/cmd/libsnap-confine-private/cgroup-support.c
@@ -25,6 +25,7 @@
 #include <string.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <sys/vfs.h>
 #include <unistd.h>
 
 #include "cleanup-funcs.h"
@@ -66,3 +67,18 @@ void sc_cgroup_create_and_join(const char *parent, const char *name, pid_t pid)
 }
 debug("moved process %ld to cgroup hierarchy %s/%s", (long)pid, parent, name);
 }
+
+static const char *cgroup_dir = "/sys/fs/cgroup";
+// from statfs(2)
+static const int CGROUP2_SUPER_MAGIC = 0x63677270;
+
+bool sc_cgroup_is_v2() {
+ struct statfs buf;
+
+ int err = statfs(cgroup_dir, &buf);
+ if (err == 0 && buf.f_type == CGROUP2_SUPER_MAGIC) {
+ fprintf(stderr, "WARNING: cgroup v2 is not fully supported yet\n");
+ return true;
+ }
+ return false;
+}
diff --git a/cmd/libsnap-confine-private/cgroup-support.h b/cmd/libsnap-confine-private/cgroup-support.h
index 33e5ccc90b..f7f0ebaf9b 100644
--- a/cmd/libsnap-confine-private/cgroup-support.h
+++ b/cmd/libsnap-confine-private/cgroup-support.h
@@ -19,6 +19,7 @@
 #define SC_CGROUP_SUPPORT_H
 
 #include <fcntl.h>
+#include <stdbool.h>
 
 /**
 * sc_cgroup_create_and_join joins, perhaps creating, a cgroup hierarchy.
@@ -30,4 +31,10 @@
 **/
 void sc_cgroup_create_and_join(const char *parent, const char *name, pid_t pid);
 
+/**
+ * sc_cgroup_is_v2() returns true if running on cgroups v2
+ *
+ **/
+bool sc_cgroup_is_v2(void);
+
 #endif