From 6f2b027b381192b9f5eb0e28e0fa8f36195d0e85 Mon Sep 17 00:00:00 2001
From: Aditya R <arajan@redhat.com>
Date: Fri, 28 Jan 2022 14:46:22 +0530
Subject: [PATCH] ignition, machine: delegate cpu,io cgroup controllers to
 machine's default users

Makes sure that ignition setups up systemd config so cgroup controllers
like `cpu, io` are also delegated to `non-root` along with `memory,
pid`.

This allows general users of `podman` on `macOS` and `podman-remote` to
do operations which are dependent on `cpu, io` cgroup controllers.

[NO TESTS NEEDED]
[NO NEW TESTS NEEDED]
We don't have a CI infra to test this, please pull the tree and run
`podman info` inside the machine to confirm.

Signed-off-by: Aditya R <arajan@redhat.com>
---
 pkg/machine/ignition.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index ca6abd48c8..206c9144f2 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -246,6 +246,10 @@ netns="bridge"
 `
 	rootContainers := `[engine]
 machine_enabled=true
+`
+
+	delegateConf := `[Service]
+Delegate=memory pids cpu io
 `
 
 	// Add a fake systemd service to get the user socket rolling
@@ -280,6 +284,24 @@ machine_enabled=true
 			Mode: intToPtr(0744),
 		},
 	})
+
+	// Set delegate.conf so cpu,io subsystem is delegated to non-root users as well for cgroupv2
+	// by default
+	files = append(files, File{
+		Node: Node{
+			Group: getNodeGrp("root"),
+			Path:  "/etc/systemd/system/user@.service.d/delegate.conf",
+			User:  getNodeUsr("root"),
+		},
+		FileEmbedded1: FileEmbedded1{
+			Append: nil,
+			Contents: Resource{
+				Source: encodeDataURLPtr(delegateConf),
+			},
+			Mode: intToPtr(0644),
+		},
+	})
+
 	// Add a file into linger
 	files = append(files, File{
 		Node: Node{