#!/bin/sh -e
case "${1:-}" in
    undo-lxd-mount-changes)
        # Vanilla systems have /sys/fs/cgroup/cpuset without clone_children option.
        # Using LXD to create a container enables this option, as can be seen here:
        #
        # -37 32 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpuset
        # +37 32 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpuset,clone_children
        #
        # To restore vanilla state, disable the option now.
        if [ "$(mountinfo-tool /sys/fs/cgroup/cpuset .fs_type)" = cgroup ]; then
            echo 0 > /sys/fs/cgroup/cpuset/cgroup.clone_children
        fi

        # Vanilla system have /sys/fs/cgroup/unified mounted with the nsdelegate
        # option which is available since kernel 4.13 Using LXD to create a
        # container disables this options, as can be seen here:
        #
        # -32 31 0:27 / /sys/fs/cgroup/unified rw,nosuid,nodev,noexec,relatime shared:10 - cgroup2 cgroup rw,nsdelegate
        # +32 31 0:27 / /sys/fs/cgroup/unified rw,nosuid,nodev,noexec,relatime shared:10 - cgroup2 cgroup rw
        #
        # To restore vanilla state, enable the option now, but only if the kernel supports that.
        # https://lore.kernel.org/patchwork/patch/803265/
        # https://github.com/systemd/systemd/commit/4095205ecccdfddb822ee8fdc44d11f2ded9be24
        # The kernel version must be made compatible with the strict version
        # comparison. I chose to cut at the "-" and take the stuff before it.
        if [ "$(mountinfo-tool /sys/fs/cgroup/unified .fs_type)" = cgroup2 ] && version-tool --strict "$(uname -r | cut -d- -f 1)" -ge 4.13; then
            mount -o remount,nsdelegate /sys/fs/cgroup/unified
        fi
        ;;
    *)
        echo "lxd-tool: unknown command $*" >&2
        exit 1
        ;;
esac
