Bug 2193456

Summary: Systemd logs "System is tainted: cgroupsv1" on OpenShift 4.13
Product: Red Hat Enterprise Linux 9 Reporter: Ryan Phillips <rphillips>
Component: systemdAssignee: Jan Macku <jamacku>
Status: VERIFIED --- QA Contact: Frantisek Sumsal <fsumsal>
Severity: high Docs Contact:
Priority: unspecified    
Version: 9.2CC: jamacku, josearod, systemd-maint-list
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: systemd-252-16.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2196479 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2196479    

Description Ryan Phillips 2023-05-05 16:52:36 UTC 
Description of problem:

Node Team on OpenShift received a report while testing OpenShift 4.13 that the RHEL 9.2 systemd is tainting the kernel when cgroupsv1 is enabled on the node. OpenShift and the Kernel Team will be supporting cgroupsv1 on OpenShift 4.13.

Version-Release number of selected component (if applicable):
RHEL 9.2

How reproducible:
Every time.

Steps to Reproduce:
1. Boots an OpenShift 4.13 node using cgroupsv1
2.
3.

Actual results:

Kernel is tainted.

Expected results:

Systemd should not taint cgroupsv1 enabled nodes on OpenShift 4.13.

Additional info:

Relevant code line:

https://github.com/systemd/systemd/blob/d685a5f6a4ae8f9eaea1d1c5c78171a915f3b16d/src/core/manager.c#L4728
Comment 1 josearod 2023-05-05 18:24:35 UTC 
Having this taint in place affects the results of the CNF certification tools like: https://github.com/test-network-function/test-network-function
Workload certifications won't pass if the platform is tainted. 

Thanks!
Comment 3 Lukáš Nykrýn 2023-05-09 11:33:24 UTC 
If you check the code, the manager only calls the function you have
mentioned here https://github.com/redhat-plumbers/systemd-rhel9/blob/main/src/core/manager.c#L3449
So, we only put a message into the logs. So, in the end, there is probably something else tainting the kernel.

[root@ci-vm-10-0-138-58 ~]# cat /proc/cmdline
BOOT_IMAGE=(hd0,msdos1)/boot/vmlinuz-5.14.0-306.el9.x86_64
root=UUID=462f9b3b-7b7e-4e25-beeb-ca2768fe9b47 ro rhgb quiet
crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M net.ifnames=0
systemd.unified_cgroup_hierarchy=0

[root@ci-vm-10-0-138-58 ~]# journalctl --grep taint
May 09 04:50:08 localhost systemd[1]: System is tainted: cgroupsv1

[root@ci-vm-10-0-138-58 ~]# cat /proc/sys/kernel/tainted
0