From 137e80cd865efe51aa3ef0323fd6b0a014b7b9de Mon Sep 17 00:00:00 2001
From: Rowan Thorpe <rowan@rowanthorpe.com>
Date: Sun, 25 Apr 2021 21:49:53 +0300
Subject: [PATCH] Handle cgroup v1/2/hybrid in check-config.sh more
 explicitly/accurately

Problem:
 In check-config.sh assumptions are made about cgroups v1/v2/hybrid,
 causes false-negative on pure V2 system.

Solution:
 In check-config.sh implement the same validation as found in
 ./pkg/agent/run.go -> validate(), validateCgroupsV1(), validateCgroupsV2()
 [ which use containerd/cgroups:utils.go -> Mode() ]

Signed-off-by: Rowan Thorpe <rowan@rowanthorpe.com>
---
 contrib/util/check-config.sh | 59 ++++++++++++++++++++++++++++--------
 1 file changed, 47 insertions(+), 12 deletions(-)

diff --git a/contrib/util/check-config.sh b/contrib/util/check-config.sh
index bd9568b6e74..51109e53243 100755
--- a/contrib/util/check-config.sh
+++ b/contrib/util/check-config.sh
@@ -304,19 +304,54 @@ echo
 
 echo 'Generally Necessary:'
 
+cgroupV2FsType='63677270'
+cgroupFsType="$(stat --file-system --format=%t /sys/fs/cgroup 2>/dev/null || :)"
+cgroupHybridFsType="$(stat --file-system --format=%t /sys/fs/cgroup/unified 2>/dev/null || :)"
+
 echo -n '- '
-cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)"
-cgroupDir="$(dirname "$cgroupSubsystemDir")"
-if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [  -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then
-  wrap_good 'cgroup hierarchy' "properly mounted [$cgroupDir]"
-else
-  if [ "$cgroupSubsystemDir" ]; then
-    wrap_bad 'cgroup hierarchy' "single mountpoint! [$cgroupSubsystemDir]"
-  else
-    wrap_bad 'cgroup hierarchy' 'nonexistent??'
-  fi
-  echo "    $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)"
-fi
+case "${cgroupFsType}:${cgroupHybridFsType}" in
+  '':*)
+    cgroupVariant='Nonexistent'
+    ;;
+  ${cgroupV2FsType}:*)
+    cgroupVariant='V2'
+    ;;
+  *:${cgroupV2FsType})
+    cgroupVariant='Hybrid'
+    ;;
+  *)
+    cgroupVariant='V1'
+    ;;
+esac
+
+case "${cgroupVariant}" in
+  Nonexistent)
+    wrap_bad 'cgroup hierarchy' "cgroups ${cgroupVariant}"
+    ;;
+  *)
+    case "${cgroupVariant}" in
+      V2)
+        cgroupMatch='cpu|cpuset|memory'
+        cgroupMatchNum=3
+        cgroupFile='/sys/fs/cgroup/cgroup.controllers'
+        ;;
+      *)
+        cgroupMatch='cpuset|memory'
+        cgroupMatchNum=2
+        cgroupFile='/proc/self/cgroup'
+        ;;
+    esac
+    if [ "$(tr -s ' ' '\n' <"${cgroupFile}" 2>/dev/null | grep -Ec "^(${cgroupMatch})\$")" -eq ${cgroupMatchNum} ]; then
+      cgroupStatus='good'
+    else
+      cgroupStatus='bad'
+    fi
+    wrap_${cgroupStatus} 'cgroup hierarchy' "cgroups ${cgroupVariant} mounted, ${cgroupMatch} controllers status: ${cgroupStatus}"
+    if [ "x${cgroupStatus}" = 'xbad' ]; then
+      warning '    (for cgroups V1/Hybrid on non-Systemd init see https://github.com/tianon/cgroupfs-mount)'
+    fi
+    ;;
+esac
 
 if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = 'Y' ]; then
   echo -n '- '