util: vircgroupv2: stop enabling missing controllers with systemd

Because of a systemd delegation policy [1] we should not write to any
cgroups files owned by systemd which in case of cgroups v2 includes
'cgroups.subtree_control'.

systemd will enable controllers automatically for us to have them
available for VM cgroups.

[1] <https://github.com/systemd/systemd/blob/master/docs/CGROUP_DELEGATION.md>

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

src/util/vircgroup.c

@@ -1082,7 +1082,7 @@ virCgroupEnableMissingControllers(char *path,
                          &tmp) < 0)
             goto cleanup;
 
-        if (virCgroupMakeGroup(parent, tmp, true, VIR_CGROUP_NONE) < 0) {
+        if (virCgroupMakeGroup(parent, tmp, true, VIR_CGROUP_SYSTEMD) < 0) {
             virCgroupFree(&tmp);
             goto cleanup;
         }

src/util/vircgroupbackend.h

@@ -34,6 +34,9 @@ typedef enum {
                                        * attaching tasks
                                        */
     VIR_CGROUP_THREAD = 1 << 1, /* cgroup v2 handles threads differently */
+    VIR_CGROUP_SYSTEMD = 1 << 2, /* with systemd and cgroups v2 we cannot
+                                  * manually enable controllers that systemd
+                                  * doesn't know how to delegate */
 } virCgroupBackendFlags;
 
 typedef enum {

src/util/vircgroupv2.c

@@ -395,6 +395,11 @@ virCgroupV2MakeGroup(virCgroupPtr parent ATTRIBUTE_UNUSED,
     VIR_AUTOFREE(char *) path = NULL;
     int controller;
 
+    if (flags & VIR_CGROUP_SYSTEMD) {
+        VIR_DEBUG("Running with systemd so we should not create cgroups ourselves.");
+        return 0;
+    }
+
     VIR_DEBUG("Make group %s", group->path);
 
     controller = virCgroupV2GetAnyController(group);