in main/vmWatch.go [184:208]
func applyResourceGovernance(lg *slog.Logger, vmWatchSettings *vmWatchSettings, vmWatchCommand *exec.Cmd) error {
// The default way to run vmwatch is via systemd-run. There are some cases where system-run is not available
// (in a container or in a distro without systemd). In those cases we will manage the cgroups directly
pid := vmWatchCommand.Process.Pid
telemetry.SendEvent(telemetry.InfoEvent, telemetry.StartVMWatchTask, fmt.Sprintf("Applying resource governance to PID %d", pid))
err := createAndAssignCgroups(lg, vmWatchSettings, pid)
if err != nil {
err = fmt.Errorf("[%v][PID %d] Failed to assign VMWatch process to cgroup. Error: %w", time.Now().UTC().Format(time.RFC3339), pid, err)
telemetry.SendEvent(telemetry.ErrorEvent, telemetry.StartVMWatchTask, err.Error(), "error", err)
// On real VMs we want this to stop vwmwatch from running at all since we want to make sure we are protected
// by resource governance but on dev machines, we may fail due to limitations of execution environment (ie on dev container
// or in a github pipeline container we don't have permission to assign cgroups (also on WSL environments it doesn't
// work at all because the base OS doesn't support it)).
// to allow us to run integration tests we will check the variables RUNING_IN_DEV_CONTAINER and
// ALLOW_VMWATCH_GROUP_ASSIGNMENT_FAILURE and if they are both set we will just log and continue
// this allows us to test both cases
if os.Getenv(AllowVMWatchCgroupAssignmentFailureVariableName) == "" || os.Getenv(RunningInDevContainerVariableName) == "" {
lg.Info("Killing VMWatch process as cgroup assignment failed")
_ = killVMWatch(lg, vmWatchCommand)
return err
}
}
return nil
}