should it not be done only with err == EBUSY?

I guess it is worth trying to join pid1 even on other errors

@AkihiroSuda this decision (try to join pid1 on every error) can be problematic.

I've seen case (in #4812 (comment)) in which the container init is moved to an entirely different cgroup (I'm not sure by whom, but suspect it's some GHA CI infra software). Once this happens, the container's limits, as configured in OCI spec, are no longer applied. Next, we call runc exec and it succeeds (thanks to the patch in this PR), but I'd rather have it failed, because something very bad has happened.

I also somewhat question this idea in the first place -- administrative cgroup moves are generally not blocked by the cgroup infrastructure (this is an explicit design goal). I think you would only get this case with frozen cgroups, in which case an error is kind of reasonable IMHO?