systemd: add "Delegate=yes" to docker's service file

We need to add delegate yes to docker's service file so that it can
manage the cgroups of the processes that it launches without systemd
interfering with them and moving the processes after it is reloaded.

       Delegate=
           Turns on delegation of further resource control partitioning to
           processes of the unit. For unprivileged services (i.e. those
           using the User= setting), this allows processes to create a
           subhierarchy beneath its control group path. For privileged
           services and scopes, this ensures the processes will have all
           control group controllers enabled.

This is the proper fix for issue moby/moby#20152

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

contrib/init/systemd/docker.service

@@ -8,6 +8,10 @@ Wants=network-online.target
 [Service]
 # Install containerd-shim-process if it's not already installed
 ExecStartPre=/usr/libexec/containerd-offline-installer /var/lib/containerd-offline-installer/containerd-shim-process.tar docker.io/docker/containerd-shim-process
+
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
 ExecStart=/usr/bin/dockerd
 ExecStopPost=/usr/bin/dockerd post-stop
 TimeoutSec=0
@@ -27,5 +31,8 @@ LimitCORE=infinity
 # Only systemd 226 and above support this option.
 TasksMax=infinity
 
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+
 [Install]
 WantedBy=multi-user.target