From cd9f6de97a1963ce4a5b4d442dc23922d34843d9 Mon Sep 17 00:00:00 2001
From: Paco Xu <paco.xu@daocloud.io>
Date: Wed, 17 Sep 2025 18:21:59 +0800
Subject: [PATCH] add back cgroup hugetlb optional check

---
 validators/types.go      | 7 +++++--
 validators/types_unix.go | 6 ++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/validators/types.go b/validators/types.go
index 10e38d6..6256c37 100644
--- a/validators/types.go
+++ b/validators/types.go
@@ -52,9 +52,12 @@ type KernelSpec struct {
 	RequiredCgroupsV1 []KernelConfig `json:"requiredCgroupsV1,omitempty"`
 	// RequiredCgroupsV2 contains all kernel configurations required to be enabled for cgroups v2.
 	RequiredCgroupsV2 []KernelConfig `json:"requiredCgroupsV2,omitempty"`
-	// Optional contains all kernel configurations are required for optional
-	// features.
+	// Optional contains optional kernel configurations.
 	Optional []KernelConfig `json:"optional,omitempty"`
+	// OptionalCgroupsV1 contains optional kernel configurations related to cgroups v1.
+	OptionalCgroupsV1 []KernelConfig `json:"optionalCgroupsV1,omitempty"`
+	// OptionalCgroupsV2 contains optional kernel configurations related to cgroups v2.
+	OptionalCgroupsV2 []KernelConfig `json:"optionalCgroupsV2,omitempty"`
 	// Forbidden contains all kernel configurations which areforbidden (disabled
 	// or not set)
 	Forbidden []KernelConfig `json:"forbidden,omitempty"`
diff --git a/validators/types_unix.go b/validators/types_unix.go
index b100dc2..1edd0ec 100644
--- a/validators/types_unix.go
+++ b/validators/types_unix.go
@@ -72,6 +72,12 @@ var DefaultSysSpec = SysSpec{
 			{Name: "SECCOMP", Description: "Required for seccomp."},
 			{Name: "SECCOMP_FILTER", Description: "Required for seccomp mode 2."},
 		},
+		OptionalCgroupsV1: []KernelConfig{
+			{Name: "CGROUP_HUGETLB", Description: "Required for hugetlb cgroup."},
+		},
+		OptionalCgroupsV2: []KernelConfig{
+			{Name: "CGROUP_HUGETLB", Description: "Required for hugetlb cgroup."},
+		},
 		Forbidden: []KernelConfig{},
 	},
 	Cgroups: []string{"cpu", "cpuacct", "cpuset", "devices", "freezer", "memory", "pids"},