Merge pull request #16377 from giuseppe/add-check-for-valid-pod-systemd-cgroup

runtime: add check for valid pod systemd cgroup

libpod/runtime_ctr.go

@@ -382,6 +382,13 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 					if err != nil {
 						return nil, fmt.Errorf("retrieving pod %s cgroup: %w", pod.ID(), err)
 					}
+					expectPodCgroup, err := ctr.expectPodCgroup()
+					if err != nil {
+						return nil, err
+					}
+					if expectPodCgroup && podCgroup == "" {
+						return nil, fmt.Errorf("pod %s cgroup is not set: %w", pod.ID(), define.ErrInternal)
+					}
 					ctr.config.CgroupParent = podCgroup
 				case rootless.IsRootless() && ctr.config.CgroupsMode != cgroupSplit:
 					ctr.config.CgroupParent = SystemdDefaultRootlessCgroupParent

test/upgrade/test-upgrade.bats

@@ -320,6 +320,10 @@ failed    | exited     | 17
     run_podman pod start mypod
     is "$output" "[0-9a-f]\\{64\\}" "podman pod start"
 
+    # run a container in an existing pod
+    run_podman run --pod=mypod --ipc=host --rm $IMAGE echo it works
+    is "$output" ".*it works.*" "podman run --pod"
+
     run_podman pod ps
     is "$output" ".*mypod.*" "podman pod ps shows name"
     is "$output" ".*Running.*" "podman pod ps shows running state"