From 2c30069c67acb21a3b974ff2561fabdccefd7352 Mon Sep 17 00:00:00 2001
From: Kang Chen <kongchen28@gmail.com>
Date: Mon, 27 Sep 2021 14:49:16 +0800
Subject: [PATCH] libct/cg/sd/v2: Destroy: remove cgroups recursively

Currently, we can create subcgroup in a rootless container with systemd cgroupv2 on centos8.
But after the container exited, the container cgroup and its subcgroup will not be removed.

Fix this by removing all directories recursively.

Fixes: https://github.com/opencontainers/runc/issues/3225

Signed-off-by: Kang Chen <kongchen28@gmail.com>

[kolyshkin: cherry picked from commit 7758d3fb028d6,
 changing the code to use cgroups.RemovePath().]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 libcontainer/cgroups/systemd/v2.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libcontainer/cgroups/systemd/v2.go b/libcontainer/cgroups/systemd/v2.go
index 8176ce5b2eb..55273b722c1 100644
--- a/libcontainer/cgroups/systemd/v2.go
+++ b/libcontainer/cgroups/systemd/v2.go
@@ -5,7 +5,6 @@ package systemd
 import (
 	"fmt"
 	"math"
-	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -307,9 +306,10 @@ func (m *unifiedManager) Destroy() error {
 		return err
 	}
 
-	// XXX this is probably not needed, systemd should handle it
-	err := os.Remove(m.path)
-	if err != nil && !os.IsNotExist(err) {
+	// systemd 239 do not remove sub-cgroups.
+	err := cgroups.RemovePath(m.path)
+	// cgroups.RemovePath has handled ErrNotExist
+	if err != nil {
 		return err
 	}