From 74a425837b241e1fe093e59a4c990f17a54951fe Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Mon, 15 Jun 2020 10:37:28 -0500
Subject: [PATCH] virtcontainer/cgroup: create cgroup manager after creating
 the network

Create the cgroup manager once the network has been created, this way the
list of device will include the network VFIO devices attached to the sandbox,
when the physical enpoint is the network driver.

fixes #2774

Signed-off-by: Julio Montes <julio.montes@intel.com>
---
 virtcontainers/api.go     |  4 ++++
 virtcontainers/sandbox.go | 10 ++++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/virtcontainers/api.go b/virtcontainers/api.go
index 5a1f37aed1..3b147886a1 100644
--- a/virtcontainers/api.go
+++ b/virtcontainers/api.go
@@ -102,6 +102,10 @@ func createSandboxFromConfig(ctx context.Context, sandboxConfig SandboxConfig, f
 
 	// Move runtime to sandbox cgroup so all process are created there.
 	if s.config.SandboxCgroupOnly {
+		if err := s.createCgroupManager(); err != nil {
+			return nil, err
+		}
+
 		if err := s.setupSandboxCgroup(); err != nil {
 			return nil, err
 		}
diff --git a/virtcontainers/sandbox.go b/virtcontainers/sandbox.go
index cdba81a1dc..353ad80480 100644
--- a/virtcontainers/sandbox.go
+++ b/virtcontainers/sandbox.go
@@ -606,10 +606,6 @@ func newSandbox(ctx context.Context, sandboxConfig SandboxConfig, factory Factor
 		}
 	}
 
-	if err := s.createCgroupManager(); err != nil {
-		return nil, err
-	}
-
 	agentConfig, err := newAgentConfig(sandboxConfig.AgentType, sandboxConfig.AgentConfig)
 	if err != nil {
 		return nil, err
@@ -739,6 +735,12 @@ func fetchSandbox(ctx context.Context, sandboxID string) (sandbox *Sandbox, err
 		return nil, fmt.Errorf("failed to create sandbox with config %+v: %v", config, err)
 	}
 
+	if sandbox.config.SandboxCgroupOnly {
+		if err := sandbox.createCgroupManager(); err != nil {
+			return nil, err
+		}
+	}
+
 	// This sandbox already exists, we don't need to recreate the containers in the guest.
 	// We only need to fetch the containers from storage and create the container structs.
 	if err := sandbox.fetchContainers(); err != nil {