Support cgroupsv2 (#4373)

Backwards compatible with old cgroups, provided we have a recent enough nsjail

etc/nsjail/compilers-and-tools.cfg

@@ -20,8 +20,11 @@ gidmap {
     inside_id: "10240"
 }
 
+detect_cgroupv2: true
+
+# for cgroups v1:
 # must run following as root during system startup
-# cgcreate -a ubuntu:ubuntu -g memory,pids,cpu,net_cls:ce-compile
+# cgcreate -a $USER:$USER -g memory,pids,cpu,net_cls:ce-compile
 cgroup_mem_parent: "ce-compile"
 cgroup_pids_parent: "ce-compile"
 cgroup_net_cls_parent: "ce-compile"
@@ -31,6 +34,12 @@ cgroup_mem_max: 1342177280 # 1.25 GiB
 cgroup_pids_max: 72
 cgroup_cpu_ms_per_sec: 1000
 
+# for cgroups v2:
+# must run following as root during system startup
+# cgcreate -a $USER:$USER -g memory,pids,cpu:ce-compile
+# sudo chown $USER:root /sys/fs/cgroup/cgroup.procs
+cgroupv2_mount: "/sys/fs/cgroup/ce-compile"
+
 mount {
     src: "/bin"
     dst: "/bin"

etc/nsjail/user-execution.cfg

@@ -20,8 +20,11 @@ gidmap {
     inside_id: "0"
 }
 
+detect_cgroupv2: true
+
+# for cgroups v1:
 # must run following as root during system startup
-# cgcreate -a ubuntu:ubuntu -g memory,pids,cpu,net_cls:ce-sandbox
+# cgcreate -a $USER:$USER -g memory,pids,cpu,net_cls:ce-sandbox
 cgroup_mem_parent: "ce-sandbox"
 cgroup_pids_parent: "ce-sandbox"
 cgroup_net_cls_parent: "ce-sandbox"
@@ -31,6 +34,12 @@ cgroup_mem_max: 209715200 # 200 MiB
 cgroup_pids_max: 14
 cgroup_cpu_ms_per_sec: 500
 
+# for cgroups v2:
+# must run following as root during system startup
+# cgcreate -a $USER:$USER -g memory,pids,cpu:ce-sandbox
+# sudo chown $USER:root /sys/fs/cgroup/cgroup.procs
+cgroupv2_mount: "/sys/fs/cgroup/ce-sandbox"
+
 mount {
     src: "/lib"
     dst: "/lib"