config: default to cgroupns="host" on cgroup v1

cgroupns="private" should be used only on cgroup v2. On cgroup v1 it would be a breaking change, and also we'd need to check whether the kernel supports cgroup namespaces. Signed-off-by: Giuseppe Scrivano <[email protected]> Signed-off-by: Daniel J Walsh <[email protected]>
containers · Apr 23, 2020 · d2ea2b9 · d2ea2b9
1 parent dc16555
commit d2ea2b9
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/pkg/config/default.go b/pkg/config/default.go
@@ -141,13 +141,18 @@ func DefaultConfig() (*Config, error) {
 		netns = "slirp4netns"
 	}
 
+	cgroupNS := "host"
+	if cgroup2, _ := cgroupv2.Enabled(); cgroup2 {
+		cgroupNS = "private"
+	}
+
 	return &Config{
 		Containers: ContainersConfig{
 			Devices:             []string{},
 			Volumes:             []string{},
 			Annotations:         []string{},
 			ApparmorProfile:     DefaultApparmorProfile,
-			CgroupNS:            "private",
+			CgroupNS:            cgroupNS,
 			DefaultCapabilities: DefaultCapabilities,
 			DefaultSysctls:      []string{},
 			DefaultUlimits:      getDefaultProcessLimits(),