Lately, I found why rootless podman was unable to run containers with some of the constraints:

$ podman run --tty=true --rm --cpuset-cpus=0-3 ubuntu:latest pwd
Error: runc: runc create failed: unable to start container process: error during container init: error setting cgroup config for procHooks process: openat2 /sys/fs/cgroup/user.slice/user-1002.slice/[email protected]/user.slice/0d2d1dfc03a5ae8fcda08a1cf63b10910033023f84e76ae452079800468ec92a/cpuset.cpus: no such file or directory: OCI runtime attempted to invoke a command that was not found

While the necessary cpuset controller was enabled for "user.slice" group:

$ cat /sys/fs/cgroup/user.slice/cgroup.controllers
cpuset cpu io memory pids

the cpuset is disabled down the tree:

$ ls -l /sys/fs/cgroup/user.slice/cgroup.subtree_control
-rw-r--r-- 1 root root 0 Mar 21 09:38 /sys/fs/cgroup/user.slice/cgroup.subtree_control

$ cat /sys/fs/cgroup/user.slice/cgroup.subtree_control
cpu memory pids

inherently, this leads to rootless container runtime not being unable to set cpuset related configs on container process:

$ cat /sys/fs/cgroup/user.slice/user-1002.slice/cgroup.controllers
cpu memory pids

as it will try changing files and folders in sys/fs/cgroup/user.slice/user-1002.slice/[email protected]

This can be fixed by enabling the necessary controllers for user-1002.slice and further in [email protected] folder:

$ echo "+cpuset" | sudo tee /sys/fs/cgroup/user.slice/cgroup.subtree_control
$ echo "+cpuset" | sudo tee /sys/fs/cgroup/user.slice/user-1002.slice/cgroup.subtree_control

My question is why some of the "root-level" enabled controllers are disabled in user.slice subfolder? Is this a bug in OS initiation?

Notes:

• /sys/fs/cgroup seems like a conventional default mount point for cgroupv2 file system
• I am running Ubuntu 24.04.2 (kernel v5.15) as WSL2 subsystem on Windows 11.
• kernel option "cgroup_no_v1=all" is set to disable cgroupv1 controllers.