exec: don't panic on rootless raw_exec tasks (#26401)

the executor dies, leaving an orphaned process still running. the panic fix: * don't `panic()` * and return an empty, but non-nil, func on cgroup error feature fix: * allow non-root agent to proceed with exec when cgroups are off
2026-01-01 16:05:42 +03:00 · 2025-08-04 13:58:35 -04:00
parent 9859f4a140
commit 7c633f8109
4 changed files with 38 additions and 24 deletions
--- a/drivers/shared/executor/executor_linux.go
+++ b/drivers/shared/executor/executor_linux.go
@@ -7,7 +7,6 @@ package executor

 import (
 	"context"
-	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -766,7 +765,7 @@ func (l *LibcontainerExecutor) configureCgroups(cfg *runc.Config, command *ExecC

 	cg := command.StatsCgroup()
 	if cg == "" {
-		return errors.New("cgroup must be set")
+		return fmt.Errorf("configureCgroups: %w", ErrCgroupMustBeSet)
 	}

 	// // set the libcontainer hook for writing the PID to cgroup.procs file