idoru · June 14, 2023 13:32
diff --git a/sane-concourse-dind.sh b/sane-concourse-dind.sh
 #Fixes notorious `dockerd: failed to start daemon: Devices cgroup isn't mounted` error when trying to start docker 
 #in a privileged concourse container.
 #From: https://github.com/concourse/docker-image-resource/blob/master/assets/common.sh#L1-L40
 #See also: https://github.com/concourse/concourse/issues/324
 sanitize_cgroups() {
  if [ -e /sys/fs/cgroup/cgroup.controllers ]; then
    return
  fi

  mkdir -p /sys/fs/cgroup
  mountpoint -q /sys/fs/cgroup || \
    mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup

  mount -o remount,rw /sys/fs/cgroup

  sed -e 1d /proc/cgroups | while read sys hierarchy num enabled; do
    if [ "$enabled" != "1" ]; then
      # subsystem disabled; skip
      continue
    fi

    grouping="$(cat /proc/self/cgroup | cut -d: -f2 | grep "\\<$sys\\>")" || true
    if [ -z "$grouping" ]; then
      # subsystem not mounted anywhere; mount it on its own
      grouping="$sys"
    fi

    mountpoint="/sys/fs/cgroup/$grouping"

    mkdir -p "$mountpoint"

    # clear out existing mount to make sure new one is read-write
    if mountpoint -q "$mountpoint"; then
      umount "$mountpoint"
    fi

    mount -n -t cgroup -o "$grouping" cgroup "$mountpoint"

    if [ "$grouping" != "$sys" ]; then
      if [ -L "/sys/fs/cgroup/$sys" ]; then
        rm "/sys/fs/cgroup/$sys"
      fi

      ln -s "$mountpoint" "/sys/fs/cgroup/$sys"
    fi
  done

  if [ ! -e /sys/fs/cgroup/systemd ] && [ $(cat /proc/self/cgroup | grep '^1:name=openrc:' | wc -l) -eq 0 ]; then
    mkdir /sys/fs/cgroup/systemd
    mount -t cgroup -o none,name=systemd none /sys/fs/cgroup/systemd
  fi
 }
	#Fixes notorious `dockerd: failed to start daemon: Devices cgroup isn't mounted` error when trying to start docker
	#in a privileged concourse container.
	#From: https://github.com/concourse/docker-image-resource/blob/master/assets/common.sh#L1-L40
	#See also: https://github.com/concourse/concourse/issues/324
	sanitize_cgroups() {
	if [ -e /sys/fs/cgroup/cgroup.controllers ]; then
	return
	fi

	mkdir -p /sys/fs/cgroup
	mountpoint -q /sys/fs/cgroup \|\| \
	mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup

	mount -o remount,rw /sys/fs/cgroup

	sed -e 1d /proc/cgroups \| while read sys hierarchy num enabled; do
	if [ "$enabled" != "1" ]; then
	# subsystem disabled; skip
	continue
	fi

	grouping="$(cat /proc/self/cgroup \| cut -d: -f2 \| grep "\\<$sys\\>")" \|\| true
	if [ -z "$grouping" ]; then
	# subsystem not mounted anywhere; mount it on its own
	grouping="$sys"
	fi

	mountpoint="/sys/fs/cgroup/$grouping"

	mkdir -p "$mountpoint"

	# clear out existing mount to make sure new one is read-write
	if mountpoint -q "$mountpoint"; then
	umount "$mountpoint"
	fi

	mount -n -t cgroup -o "$grouping" cgroup "$mountpoint"

	if [ "$grouping" != "$sys" ]; then
	if [ -L "/sys/fs/cgroup/$sys" ]; then
	rm "/sys/fs/cgroup/$sys"
	fi

	ln -s "$mountpoint" "/sys/fs/cgroup/$sys"
	fi
	done

	if [ ! -e /sys/fs/cgroup/systemd ] && [ $(cat /proc/self/cgroup \| grep '^1:name=openrc:' \| wc -l) -eq 0 ]; then
	mkdir /sys/fs/cgroup/systemd
	mount -t cgroup -o none,name=systemd none /sys/fs/cgroup/systemd
	fi
	}