From ad50426f8d975efce4449f8ef8bf54e4ccc8edfd Mon Sep 17 00:00:00 2001
From: saville <saville@adobe.com>
Date: Tue, 12 Nov 2024 11:50:01 -0700
Subject: [PATCH] Use alternative method for systemd v248

---
 buildrunner/docker/runner.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/buildrunner/docker/runner.py b/buildrunner/docker/runner.py
index 1e5eaac..89c4076 100644
--- a/buildrunner/docker/runner.py
+++ b/buildrunner/docker/runner.py
@@ -174,16 +174,18 @@ def start(
         security_opt = None
         command = shell
         tmpfs = {}
+        cgroupns = None
         if systemd:
             # If we are running in a systemd context, the following 3 settings are necessary to
             # allow services to run.
-            volumes[
-                "/sys/fs/cgroup"
-            ] = f"/sys/fs/cgroup:{'rw' if systemd_v248 else 'ro'}"
-            security_opt = ["seccomp=unconfined"]
-            command = "/usr/sbin/init"
             if systemd_v248:
+                volumes["/sys/fs/cgroup/buildrunner.scope"] = "/sys/fs/cgroup:rw"
                 tmpfs["/run"] = ""
+                cgroupns = "host"
+            else:
+                volumes["/sys/fs/cgroup"] = "/sys/fs/cgroup:ro"
+            security_opt = ["seccomp=unconfined"]
+            command = "/usr/sbin/init"
 
         if volumes:
             for key, value in volumes.items():
@@ -231,6 +233,7 @@ def start(
                 cap_add=cap_add,
                 privileged=privileged,
                 tmpfs=tmpfs,
+                cgroupns=cgroupns,
             ),
         }
         if entrypoint: