From 8ffb03d689da6e382f7425bafb1e8b125bfc705e Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Fri, 29 Sep 2023 05:19:43 +0900
Subject: [PATCH] cri: stop recommending disable_cgroup

Disabling cgroup is no longer needed since cgroup v2

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 pkg/cri/sbserver/service_linux.go | 4 ++--
 pkg/cri/server/service_linux.go   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/cri/sbserver/service_linux.go b/pkg/cri/sbserver/service_linux.go
index fc113c493..79ed66ccc 100644
--- a/pkg/cri/sbserver/service_linux.go
+++ b/pkg/cri/sbserver/service_linux.go
@@ -35,8 +35,8 @@ const networkAttachCount = 2
 // initPlatform handles linux specific initialization for the CRI service.
 func (c *criService) initPlatform() (err error) {
 	if userns.RunningInUserNS() {
-		if !(c.config.DisableCgroup && !c.apparmorEnabled() && c.config.RestrictOOMScoreAdj) {
-			log.L.Warn("Running containerd in a user namespace typically requires disable_cgroup, disable_apparmor, restrict_oom_score_adj set to be true")
+		if c.apparmorEnabled() || !c.config.RestrictOOMScoreAdj {
+			log.L.Warn("Running CRI plugin in a user namespace typically requires disable_apparmor and restrict_oom_score_adj to be true")
 		}
 	}
 
diff --git a/pkg/cri/server/service_linux.go b/pkg/cri/server/service_linux.go
index 598a5e38b..8cbaf5eac 100644
--- a/pkg/cri/server/service_linux.go
+++ b/pkg/cri/server/service_linux.go
@@ -34,8 +34,8 @@ const networkAttachCount = 2
 // initPlatform handles linux specific initialization for the CRI service.
 func (c *criService) initPlatform() (err error) {
 	if userns.RunningInUserNS() {
-		if !(c.config.DisableCgroup && !c.apparmorEnabled() && c.config.RestrictOOMScoreAdj) {
-			log.L.Warn("Running containerd in a user namespace typically requires disable_cgroup, disable_apparmor, restrict_oom_score_adj set to be true")
+		if c.apparmorEnabled() || !c.config.RestrictOOMScoreAdj {
+			log.L.Warn("Running CRI plugin in a user namespace typically requires disable_apparmor and restrict_oom_score_adj to be true")
 		}
 	}