make systemd and its dependencies optional via 'no_systemd' build tag

Running under systemd requires lots of special code that contributes
to ca. 10 percent (ca. 1 MB) to the binary size. This is only needed on
targets that might run systemd - there're dozens of distros, let alone
embedded/edge devices or special images (eg. cluster worker nodes) that
do not and never will run systemd, thus do not need that code at all.

It's not just about reducing memory consumption, but also having over
10.000 lines of code less to audit.

In order not to change default behaviour, introducing an inverse build tag,
'no_systemd', for explicitly opting out from systemd special handlings.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>

README.md

@@ -65,9 +65,10 @@ e.g. to disable seccomp:
 make BUILDTAGS=""
 ```
 
-| Build Tag | Feature                            | Enabled by default | Dependency |
-|-----------|------------------------------------|--------------------|------------|
-| seccomp   | Syscall filtering                  | yes                | libseccomp |
+| Build Tag  | Feature                            | Enabled by default | Dependency |
+|------------|------------------------------------|--------------------|------------|
+| seccomp    | Syscall filtering                  | yes                | libseccomp |
+| no_systemd | disable systemd dependencies       | no                 | systemd    |
 
 The following build tags were used earlier, but are now obsoleted:
  - **nokmem** (since runc v1.0.0-rc94 kernel memory settings are ignored)

rootless_linux.go

@@ -3,7 +3,6 @@ package main
 import (
 	"os"
 
-	"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
 	"github.com/opencontainers/runc/libcontainer/userns"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
@@ -37,7 +36,7 @@ func shouldUseRootlessCgroupManager(context *cli.Context) (bool, error) {
 	// On error, we assume we are root. An error may happen during shelling out to `busctl` CLI,
 	// mostly when $DBUS_SESSION_BUS_ADDRESS is unset.
 	if context.GlobalBool("systemd-cgroup") {
-		ownerUID, err := systemd.DetectUID()
+		ownerUID, err := sdDetectUID()
 		if err != nil {
 			logrus.WithError(err).Debug("failed to get the OwnerUID value, assuming the value to be 0")
 			ownerUID = 0

utils_linux.go

@@ -8,7 +8,6 @@ import (
 	"path/filepath"
 	"strconv"
 
-	"github.com/coreos/go-systemd/v22/activation"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	selinux "github.com/opencontainers/selinux/go-selinux"
 	"github.com/sirupsen/logrus"
@@ -372,17 +371,11 @@ func startContainer(context *cli.Context, action CtAct, criuOpts *libcontainer.C
 		}
 	}
 
-	// Support on-demand socket activation by passing file descriptors into the container init process.
-	listenFDs := []*os.File{}
-	if os.Getenv("LISTEN_FDS") != "" {
-		listenFDs = activation.Files(false)
-	}
-
 	r := &runner{
 		enableSubreaper: !context.Bool("no-subreaper"),
 		shouldDestroy:   !context.Bool("keep"),
 		container:       container,
-		listenFDs:       listenFDs,
+		listenFDs:       sdGetListenFDs(),
 		notifySocket:    notifySocket,
 		consoleSocket:   context.String("console-socket"),
 		detach:          context.Bool("detach"),

utils_linux_nosystemd.go

@@ -0,0 +1,16 @@
+// +build linux,no_systemd
+
+package main
+
+import (
+	"errors"
+	"os"
+)
+
+func sdGetListenFDs() ([]*os.File) {
+	return nil
+}
+
+func sdDetectUID() (int, error) {
+	return -1, errors.New("no lennartix")
+}

utils_linux_systemd.go

@@ -0,0 +1,22 @@
+// +build linux,!no_systemd
+
+package main
+
+import (
+	"os"
+	"github.com/coreos/go-systemd/v22/activation"
+	"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
+)
+
+func sdGetListenFDs() []*os.File {
+	// Support on-demand socket activation by passing file descriptors into the container init process.
+	listenFDs := []*os.File{}
+	if os.Getenv("LISTEN_FDS") != "" {
+		listenFDs = activation.Files(false)
+	}
+	return listenFDs
+}
+
+func sdDetectUID() (int, error) {
+	return systemd.DetectUID()
+}