From b32657feb4529888cb9d233deee8986395469c0f Mon Sep 17 00:00:00 2001
From: Vasiliy Ulyanov <vulyanov@suse.de>
Date: Thu, 13 Jul 2023 16:24:48 +0200
Subject: [PATCH] ksm: Access sysfs from the host filesystem

In some environments, sysfs is mounted read-only even for privileged
containers. Use the ksm path from the host filesystem.

Related issue: https://github.com/containerd/containerd/issues/8445

Co-authored-by: Luboslav Pivarc <lpivarc@redhat.com>
Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de>
Signed-off-by: Luboslav Pivarc <lpivarc@redhat.com>
---
 pkg/virt-handler/node-labeller/node_labeller.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/virt-handler/node-labeller/node_labeller.go b/pkg/virt-handler/node-labeller/node_labeller.go
index f5eba812e..ec1852a34 100644
--- a/pkg/virt-handler/node-labeller/node_labeller.go
+++ b/pkg/virt-handler/node-labeller/node_labeller.go
@@ -50,7 +50,10 @@ import (
 	"kubevirt.io/kubevirt/pkg/virt-handler/node-labeller/util"
 )
 
-const ksmPath = "/sys/kernel/mm/ksm/run"
+// In some environments, sysfs is mounted read-only even for privileged
+// containers: https://github.com/containerd/containerd/issues/8445.
+// Use the path from the host filesystem.
+const ksmPath = "/proc/1/root/sys/kernel/mm/ksm/run"
 
 var nodeLabellerLabels = []string{
 	util.DeprecatedLabelNamespace + util.DeprecatedcpuModelPrefix,
-- 
2.41.0