exec: don't panic on rootless raw_exec tasks (#26401)

the executor dies, leaving an orphaned process still running. the panic fix: * don't `panic()` * and return an empty, but non-nil, func on cgroup error feature fix: * allow non-root agent to proceed with exec when cgroups are off
2026-01-06 18:35:44 +03:00 · 2025-08-04 13:58:35 -04:00
parent 9859f4a140
commit 7c633f8109
4 changed files with 38 additions and 24 deletions
--- a/drivers/shared/executor/executor.go
+++ b/drivers/shared/executor/executor.go
@@ -5,6 +5,7 @@ package executor

 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -49,6 +50,9 @@ var (
 	// The statistics the basic executor exposes
 	ExecutorBasicMeasuredMemStats = []string{"RSS", "Swap"}
 	ExecutorBasicMeasuredCpuStats = []string{"System Mode", "User Mode", "Percent"}
+
+	// ErrCgroupMustBeSet occurs if a cgroup is not provided when expected
+	ErrCgroupMustBeSet = errors.New("cgroup must be set")
 )

 // Executor is the interface which allows a driver to launch and supervise
@@ -441,7 +445,7 @@ func (e *UniversalExecutor) Exec(deadline time.Time, name string, args []string)
 	defer cancel()

 	if cleanup, err := e.setSubCmdCgroup(&e.childCmd, e.command.StatsCgroup()); err != nil {
-		return nil, 0, err
+		return nil, 0, fmt.Errorf("Exec: %w", err)
 	} else {
 		defer cleanup()
 	}
@@ -533,7 +537,7 @@ func (e *UniversalExecutor) ExecStreaming(ctx context.Context, command []string,
 			}
 			cgroup := e.command.StatsCgroup()
 			if cleanup, err := e.setSubCmdCgroup(cmd, cgroup); err != nil {
-				return err
+				return fmt.Errorf("ExecStreaming: %w", err)
 			} else {
 				defer cleanup()
 			}