Skip to content

Implement shim/extension in containerd v2 APIs. #11554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 26 additions & 2 deletions WORKSPACE
Original file line number Diff line number Diff line change
@@ -2649,6 +2649,22 @@ go_repository(
version = "v1.6.36",
)

go_repository(
name = "com_github_containerd_containerd_api",
build_file_proto_mode = "disable",
importpath = "github.com/containerd/containerd/api",
sum = "h1:hVTNJKR8fMc/2Tiw60ZRijntNMd1U+JVMyTRdsD2bS0=",
version = "v1.8.0",
)

go_repository(
name = "com_github_containerd_containerd_v2",
build_file_proto_mode = "disable",
importpath = "github.com/containerd/containerd/v2",
sum = "h1:GmH/tRBlTvrXOLwSpWE2vNAm8+MqI6nmxKpKBNKY8Wc=",
version = "v2.0.2",
)

go_repository(
name = "com_github_cenkalti_backoff",
importpath = "github.com/cenkalti/backoff",
@@ -2803,6 +2819,13 @@ go_repository(
version = "v27.3.0+incompatible",
)

go_repository(
name = "com_github_moby_sys_userns",
importpath = "github.com/moby/sys/userns",
sum = "h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=",
version = "v0.1.0",
)

go_repository(
name = "com_github_docker_docker",
importpath = "github.com/docker/docker",
@@ -2997,9 +3020,10 @@ go_repository(

go_repository(
name = "com_github_containerd_ttrpc",
build_file_proto_mode = "disable_global",
importpath = "github.com/containerd/ttrpc",
sum = "h1:GbtyLRxb0gOLR0TYQWt3O6B0NvT8tMdorEHqIQo/lWI=",
version = "v1.1.0",
sum = "h1:qIrroQvuOL9HQ1X6KHe2ohc7p+HP/0VE6XPU7elJRqQ=",
version = "v1.2.7",
)

go_repository(
76 changes: 39 additions & 37 deletions go.mod
Original file line number Diff line number Diff line change
@@ -7,11 +7,13 @@ require (
github.com/bazelbuild/rules_go v0.44.2
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/cilium/ebpf v0.12.3
github.com/containerd/cgroups v1.0.4
github.com/containerd/console v1.0.3
github.com/containerd/containerd v1.6.36
github.com/containerd/fifo v1.0.0
github.com/containerd/go-runc v1.0.0
github.com/containerd/cgroups v1.1.0
github.com/containerd/console v1.0.4
github.com/containerd/containerd v1.7.23
github.com/containerd/containerd/api v1.8.0
github.com/containerd/containerd/v2 v2.0.2
github.com/containerd/fifo v1.1.0
github.com/containerd/go-runc v1.1.0
github.com/containerd/typeurl v1.0.2
github.com/coreos/go-systemd/v22 v22.5.0
github.com/godbus/dbus/v5 v5.1.0
@@ -22,80 +24,80 @@ require (
github.com/kr/pty v1.1.5
github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a
github.com/mohae/deepcopy v0.0.0-20170308212314-bb9b5e7adda9
github.com/opencontainers/runtime-spec v1.1.0-rc.1
github.com/opencontainers/runtime-spec v1.2.0
github.com/sirupsen/logrus v1.9.3
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
github.com/vishvananda/netlink v1.1.1-0.20211118161826-650dca95af54
github.com/vishvananda/netlink v1.3.0
golang.org/x/mod v0.21.0
golang.org/x/sync v0.8.0
golang.org/x/sys v0.26.0
golang.org/x/time v0.7.0
golang.org/x/tools v0.26.0
google.golang.org/protobuf v1.33.0
k8s.io/api v0.23.16
k8s.io/apimachinery v0.23.16
k8s.io/client-go v0.23.16
google.golang.org/protobuf v1.35.1
k8s.io/api v0.31.2
k8s.io/apimachinery v0.31.2
k8s.io/client-go v0.31.2
)

require (
github.com/Microsoft/go-winio v0.6.0 // indirect
github.com/Microsoft/hcsshim v0.9.12 // indirect
github.com/containerd/continuity v0.3.0 // indirect
github.com/containerd/errdefs v0.1.0 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/Microsoft/hcsshim v0.12.9 // indirect
github.com/containerd/continuity v0.4.4 // indirect
github.com/containerd/errdefs v1.0.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/ttrpc v1.1.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/containerd/ttrpc v1.2.7 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-units v0.4.0 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/gogo/googleapis v1.4.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/mock v1.7.0-rc.1 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/go-github/v56 v56.0.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/uuid v1.3.1 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/hanwen/go-fuse/v2 v2.3.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.15.9 // indirect
github.com/klauspost/compress v1.17.11 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/sys/mountinfo v0.6.2 // indirect
github.com/moby/sys/signal v0.6.0 // indirect
github.com/moby/sys/user v0.1.0 // indirect
github.com/moby/sys/mountinfo v0.7.2 // indirect
github.com/moby/sys/signal v0.7.1 // indirect
github.com/moby/sys/user v0.3.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
github.com/opencontainers/selinux v1.10.1 // indirect
github.com/opencontainers/selinux v1.11.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
github.com/vishvananda/netns v0.0.4 // indirect
go.opencensus.io v0.24.0 // indirect
golang.org/x/crypto v0.28.0 // indirect
golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 // indirect
golang.org/x/exp v0.0.0-20231214170342-aacd6d4b4611 // indirect
golang.org/x/net v0.30.0 // indirect
golang.org/x/oauth2 v0.23.0 // indirect
golang.org/x/term v0.25.0 // indirect
golang.org/x/text v0.19.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230920204549-e6e6cdab5c13 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect
google.golang.org/grpc v1.59.0 // indirect
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0 // indirect
google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
google.golang.org/grpc v1.67.1 // indirect
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
gotest.tools/v3 v3.4.0 // indirect
honnef.co/go/tools v0.5.1 // indirect
k8s.io/klog/v2 v2.30.0 // indirect
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect
sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.2.0 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
77 changes: 77 additions & 0 deletions go.sum

Large diffs are not rendered by default.

20 changes: 20 additions & 0 deletions pkg/shim/BUILD
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
load("//tools:defs.bzl", "go_library")

package(
default_applicable_licenses = ["//:license"],
default_visibility = [":users"],
licenses = ["notice"],
)

package_group(
name = "users",
packages = [
"//...",
"//cloud/kubernetes/node/snapshot/...",
],
)

go_library(
name = "shim",
srcs = ["config.go"],
)
23 changes: 23 additions & 0 deletions pkg/shim/config.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
// Copyright 2025 The gVisor Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Package shim provides the configuration for the gVisor shim.
package shim

// RestoreConfig is the configuration for a restore request.
type RestoreConfig struct {
ImagePath string
Direct bool
Background bool
}
1 change: 1 addition & 0 deletions pkg/shim/v1/extension/BUILD
Original file line number Diff line number Diff line change
@@ -10,6 +10,7 @@ go_library(
srcs = ["extension.go"],
visibility = ["//visibility:public"],
deps = [
"//pkg/shim",
"@com_github_containerd_containerd//pkg/process:go_default_library",
"@com_github_containerd_containerd//runtime/v2/task:go_default_library",
],
13 changes: 4 additions & 9 deletions pkg/shim/v1/extension/extension.go
Original file line number Diff line number Diff line change
@@ -18,6 +18,8 @@ package extension
import (
"context"

"gvisor.dev/gvisor/pkg/shim"

"github.com/containerd/containerd/pkg/process"
"github.com/containerd/containerd/runtime/v2/task"
)
@@ -30,21 +32,14 @@ var NewExtension func(ctx context.Context, next TaskServiceExt, req *task.Create
// task.StartRequest with restore functionality.
type RestoreRequest struct {
Start task.StartRequest
Conf RestoreConfig
Conf shim.RestoreConfig
}

// Process extends process.Process with extra restore functionality.
type Process interface {
process.Process
// Restore restores the container from a snapshot.
Restore(context.Context, *RestoreConfig) error
}

// RestoreConfig is the configuration for a restore request.
type RestoreConfig struct {
ImagePath string
Direct bool
Background bool
Restore(context.Context, *shim.RestoreConfig) error
}

// TaskServiceExt extends TaskRequest with extra functionality required by the shim.
1 change: 1 addition & 0 deletions pkg/shim/v1/proc/BUILD
Original file line number Diff line number Diff line change
@@ -25,6 +25,7 @@ go_library(
deps = [
"//pkg/atomicbitops",
"//pkg/cleanup",
"//pkg/shim",
"//pkg/shim/v1/extension",
"//pkg/shim/v1/runsccmd",
"//pkg/shim/v1/utils",
3 changes: 2 additions & 1 deletion pkg/shim/v1/proc/deleted_state.go
Original file line number Diff line number Diff line change
@@ -22,6 +22,7 @@ import (
"github.com/containerd/console"
"github.com/containerd/errdefs"
runc "github.com/containerd/go-runc"
"gvisor.dev/gvisor/pkg/shim"
"gvisor.dev/gvisor/pkg/shim/v1/extension"
)

@@ -31,7 +32,7 @@ func (*deletedState) Resize(console.WinSize) error {
return fmt.Errorf("cannot resize a deleted container/process")
}

func (*deletedState) Start(context.Context, *extension.RestoreConfig) error {
func (*deletedState) Start(context.Context, *shim.RestoreConfig) error {
return fmt.Errorf("cannot start a deleted container/process")
}

4 changes: 2 additions & 2 deletions pkg/shim/v1/proc/exec.go
Original file line number Diff line number Diff line change
@@ -33,7 +33,7 @@ import (
specs "github.com/opencontainers/runtime-spec/specs-go"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/cleanup"
"gvisor.dev/gvisor/pkg/shim/v1/extension"
"gvisor.dev/gvisor/pkg/shim"
"gvisor.dev/gvisor/pkg/shim/v1/runsccmd"
)

@@ -276,7 +276,7 @@ func (e *execProcess) start(ctx context.Context) error {
return nil
}

func (e *execProcess) Restore(context.Context, *extension.RestoreConfig) error {
func (e *execProcess) Restore(context.Context, *shim.RestoreConfig) error {
return fmt.Errorf("cannot restore an exec'd process")
}

10 changes: 5 additions & 5 deletions pkg/shim/v1/proc/exec_state.go
Original file line number Diff line number Diff line change
@@ -20,12 +20,12 @@ import (
"fmt"

"github.com/containerd/console"
"gvisor.dev/gvisor/pkg/shim/v1/extension"
"gvisor.dev/gvisor/pkg/shim"
)

type execState interface {
Resize(console.WinSize) error
Start(context.Context, *extension.RestoreConfig) error
Start(context.Context, *shim.RestoreConfig) error
Delete(context.Context) error
Kill(context.Context, uint32, bool) error
SetExited(int)
@@ -56,7 +56,7 @@ func (s *execCreatedState) Resize(ws console.WinSize) error {
return s.p.resize(ws)
}

func (s *execCreatedState) Start(ctx context.Context, restoreConf *extension.RestoreConfig) error {
func (s *execCreatedState) Start(ctx context.Context, restoreConf *shim.RestoreConfig) error {
if restoreConf != nil {
return fmt.Errorf("cannot restore an exec'd process")
}
@@ -103,7 +103,7 @@ func (s *execRunningState) Resize(ws console.WinSize) error {
return s.p.resize(ws)
}

func (s *execRunningState) Start(context.Context, *extension.RestoreConfig) error {
func (s *execRunningState) Start(context.Context, *shim.RestoreConfig) error {
return fmt.Errorf("cannot start a running process")
}

@@ -141,7 +141,7 @@ func (s *execStoppedState) Resize(console.WinSize) error {
return fmt.Errorf("cannot resize a stopped container")
}

func (s *execStoppedState) Start(context.Context, *extension.RestoreConfig) error {
func (s *execStoppedState) Start(context.Context, *shim.RestoreConfig) error {
return fmt.Errorf("cannot start a stopped process")
}

5 changes: 3 additions & 2 deletions pkg/shim/v1/proc/init.go
Original file line number Diff line number Diff line change
@@ -36,6 +36,7 @@ import (
runc "github.com/containerd/go-runc"
specs "github.com/opencontainers/runtime-spec/specs-go"
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/shim"
"gvisor.dev/gvisor/pkg/shim/v1/extension"
"gvisor.dev/gvisor/pkg/shim/v1/runsccmd"
"gvisor.dev/gvisor/pkg/shim/v1/utils"
@@ -229,7 +230,7 @@ func (p *Init) Start(ctx context.Context) error {
return p.initState.Start(ctx, nil /* restoreConf */)
}

func (p *Init) start(ctx context.Context, restoreConf *extension.RestoreConfig) error {
func (p *Init) start(ctx context.Context, restoreConf *shim.RestoreConfig) error {
var cio runc.IO
if !p.Sandbox {
cio = p.io
@@ -265,7 +266,7 @@ func (p *Init) start(ctx context.Context, restoreConf *extension.RestoreConfig)
}

// Restore restores the container from a snapshot.
func (p *Init) Restore(ctx context.Context, conf *extension.RestoreConfig) error {
func (p *Init) Restore(ctx context.Context, conf *shim.RestoreConfig) error {
p.mu.Lock()
defer p.mu.Unlock()

9 changes: 5 additions & 4 deletions pkg/shim/v1/proc/init_state.go
Original file line number Diff line number Diff line change
@@ -23,6 +23,7 @@ import (
runc "github.com/containerd/go-runc"
"golang.org/x/sys/unix"

"gvisor.dev/gvisor/pkg/shim"
"gvisor.dev/gvisor/pkg/shim/v1/extension"
)

@@ -50,7 +51,7 @@ func (s stateTransition) String() string {
type initState interface {
// Start starts the process. If RestoreConfig is provided, the process is
// restored using the checkpoint image provided in the config.
Start(context.Context, *extension.RestoreConfig) error
Start(context.Context, *shim.RestoreConfig) error
Delete(context.Context) error
Exec(context.Context, string, *ExecConfig) (extension.Process, error)
State(ctx context.Context) (string, error)
@@ -80,7 +81,7 @@ func (s *createdState) transition(transition stateTransition) {
}
}

func (s *createdState) Start(ctx context.Context, restoreConf *extension.RestoreConfig) error {
func (s *createdState) Start(ctx context.Context, restoreConf *shim.RestoreConfig) error {
if err := s.p.start(ctx, restoreConf); err != nil {
// Containerd doesn't allow deleting container in created state.
// However, for gVisor, a non-root container in created state can
@@ -149,7 +150,7 @@ func (s *runningState) transition(transition stateTransition) {
}
}

func (s *runningState) Start(context.Context, *extension.RestoreConfig) error {
func (s *runningState) Start(context.Context, *shim.RestoreConfig) error {
return fmt.Errorf("cannot start a running container")
}

@@ -199,7 +200,7 @@ func (s *stoppedState) transition(transition stateTransition) {
}
}

func (s *stoppedState) Start(context.Context, *extension.RestoreConfig) error {
func (s *stoppedState) Start(context.Context, *shim.RestoreConfig) error {
return fmt.Errorf("cannot start a stopped container")
}

16 changes: 16 additions & 0 deletions pkg/shim/v2/extension/BUILD
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
load("//tools:defs.bzl", "go_library")

package(
default_applicable_licenses = ["//:license"],
licenses = ["notice"],
)

go_library(
name = "extension",
srcs = ["extension.go"],
deps = [
"//pkg/shim",
"@com_github_containerd_containerd_api//runtime/task/v3:go_default_library",
"@com_github_containerd_containerd_v2//cmd/containerd-shim-runc-v2/process:go_default_library",
],
)
50 changes: 50 additions & 0 deletions pkg/shim/v2/extension/extension.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
// Copyright 2025 The gVisor Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Package extension provides an extension to the shim.
package extension

import (
"context"

"gvisor.dev/gvisor/pkg/shim"

task "github.com/containerd/containerd/api/runtime/task/v3"
"github.com/containerd/containerd/v2/cmd/containerd-shim-runc-v2/process"
)

// NewExtension registers an extension constructor. It may return nil, nil to indicate that the
// extension should not handle this task request. Returning an error will fail the task request.
var NewExtension func(ctx context.Context, next TaskServiceExt, req *task.CreateTaskRequest) (TaskServiceExt, error)

// RestoreRequest is a request to restore a container. It extends
// task.StartRequest with restore functionality.
type RestoreRequest struct {
Start task.StartRequest
Conf shim.RestoreConfig
}

// Process extends process.Process with extra restore functionality.
type Process interface {
process.Process
// Restore restores the container from a snapshot.
Restore(context.Context, *shim.RestoreConfig) error
}

// TaskServiceExt extends TaskRequest with extra functionality required by the shim.
type TaskServiceExt interface {
task.TTRPCTaskService
Cleanup(ctx context.Context) (*task.DeleteResponse, error)
Restore(ctx context.Context, req *RestoreRequest) (*task.StartResponse, error)
}

Unchanged files with check annotations Beta

"github.com/containerd/containerd/namespaces"
"github.com/containerd/containerd/runtime/v2/shim"
taskapi "github.com/containerd/containerd/runtime/v2/task"

Check failure on line 26 in pkg/shim/v1/service.go

GitHub Actions / generate

no required module provides package github.com/containerd/containerd/runtime/v2/task; to add it:
"github.com/containerd/containerd/sys"
"github.com/containerd/errdefs"
"github.com/containerd/log"
"fmt"
"sync"
"github.com/containerd/cgroups"

Check failure on line 26 in pkg/shim/v1/runsc/epoll.go

GitHub Actions / generate

missing go.sum entry for module providing package github.com/containerd/cgroups (imported by gvisor.dev/gvisor/pkg/shim/v1/runsc); to add:
"github.com/containerd/containerd/events"
"github.com/containerd/containerd/runtime"
"golang.org/x/sys/unix"
"github.com/BurntSushi/toml"
"github.com/containerd/cgroups"
cgroupsstats "github.com/containerd/cgroups/stats/v1"

Check failure on line 30 in pkg/shim/v1/runsc/service.go

GitHub Actions / generate

missing go.sum entry for module providing package github.com/containerd/cgroups/stats/v1 (imported by gvisor.dev/gvisor/pkg/shim/v1/runsc); to add:
cgroupsv2 "github.com/containerd/cgroups/v2"
cgroupsv2stats "github.com/containerd/cgroups/v2/stats"

Check failure on line 32 in pkg/shim/v1/runsc/service.go

GitHub Actions / generate

missing go.sum entry for module providing package github.com/containerd/cgroups/v2/stats (imported by gvisor.dev/gvisor/pkg/shim/v1/runsc); to add:
"github.com/containerd/console"
"github.com/containerd/containerd/api/events"
"github.com/containerd/containerd/api/types/task"
"context"
"fmt"
cgroupsv2 "github.com/containerd/cgroups/v2"

Check failure on line 25 in pkg/shim/v1/runsc/oom_v2.go

GitHub Actions / generate

missing go.sum entry for module providing package github.com/containerd/cgroups/v2 (imported by gvisor.dev/gvisor/pkg/shim/v1/runsc); to add:
"github.com/containerd/containerd/runtime"
"github.com/containerd/containerd/runtime/v2/shim"
"github.com/sirupsen/logrus"