summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2022-01-17 12:57:20 +0100
committerGitHub <noreply@github.com>2022-01-17 12:57:20 +0100
commit8514ebd1827b12bae8b5d53d8f0e36244d1b3c3a (patch)
treed8ccbe18806a8d03ac1d89754d4f009103803c5e
parent26cf6c82c82cbf45afe5998e4a881b9f52202a01 (diff)
parent607cb80bf77642c02b80bff56aa4c3e396a91fa0 (diff)
downloadpodman-8514ebd1827b12bae8b5d53d8f0e36244d1b3c3a.tar.gz
podman-8514ebd1827b12bae8b5d53d8f0e36244d1b3c3a.tar.bz2
podman-8514ebd1827b12bae8b5d53d8f0e36244d1b3c3a.zip
Merge pull request #12860 from rhatdan/cgroups
Use CONTAINERS_CONF cgroups flag for remote API.
-rw-r--r--cmd/podman/common/create.go6
-rw-r--r--cmd/podman/common/create_opts.go4
-rw-r--r--cmd/podman/containers/create.go4
-rw-r--r--libpod/boltdb_state.go2
-rw-r--r--libpod/container.go10
-rw-r--r--libpod/container_config.go2
-rw-r--r--libpod/container_inspect.go2
-rw-r--r--libpod/container_internal.go10
-rw-r--r--libpod/container_internal_linux.go4
-rw-r--r--libpod/container_validate.go4
-rw-r--r--libpod/define/container_inspect.go12
-rw-r--r--libpod/define/errors.go2
-rw-r--r--libpod/define/info.go2
-rw-r--r--libpod/define/pod_inspect.go6
-rw-r--r--libpod/info.go4
-rw-r--r--libpod/oci_conmon_linux.go2
-rw-r--r--libpod/options.go8
-rw-r--r--libpod/pod.go12
-rw-r--r--libpod/pod_internal.go2
-rw-r--r--libpod/runtime_ctr.go8
-rw-r--r--libpod/runtime_pod_linux.go12
-rw-r--r--libpod/util_linux.go2
-rw-r--r--pkg/api/handlers/compat/containers_stats.go2
-rw-r--r--pkg/api/handlers/compat/info.go2
-rw-r--r--pkg/api/handlers/types.go2
-rw-r--r--pkg/domain/entities/engine.go2
-rw-r--r--pkg/domain/entities/pods.go10
-rw-r--r--pkg/domain/infra/abi/containers.go2
-rw-r--r--pkg/specgen/generate/container.go4
-rw-r--r--pkg/specgen/generate/oci.go6
-rw-r--r--pkg/specgen/podspecgen.go2
-rw-r--r--pkg/specgen/specgen.go6
-rw-r--r--pkg/specgenutil/specgen.go18
-rw-r--r--test/e2e/containers_conf_test.go35
-rw-r--r--test/e2e/cp_test.go2
-rw-r--r--test/e2e/pod_infra_container_test.go2
-rw-r--r--test/e2e/pod_kill_test.go2
-rw-r--r--test/e2e/pod_ps_test.go2
-rw-r--r--test/e2e/run_ns_test.go4
-rw-r--r--test/e2e/run_selinux_test.go2
-rw-r--r--test/e2e/run_test.go12
-rw-r--r--test/e2e/toolbox_test.go2
42 files changed, 142 insertions, 97 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index e95e447e1..3ce4e6731 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -97,7 +97,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
cgroupsFlagName := "cgroups"
createFlags.StringVar(
- &cf.CGroupsMode,
+ &cf.CgroupsMode,
cgroupsFlagName, cgroupConfig(),
`control container cgroup configuration ("enabled"|"disabled"|"no-conmon"|"split")`,
)
@@ -159,7 +159,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
deviceCgroupRuleFlagName := "device-cgroup-rule"
createFlags.StringSliceVar(
- &cf.DeviceCGroupRule,
+ &cf.DeviceCgroupRule,
deviceCgroupRuleFlagName, []string{},
"Add a rule to the cgroup allowed devices list",
)
@@ -762,7 +762,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
cgroupParentFlagName := "cgroup-parent"
createFlags.StringVar(
- &cf.CGroupParent,
+ &cf.CgroupParent,
cgroupParentFlagName, "",
"Optional parent cgroup for the container",
)
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index b4641ea96..eb0d07836 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -246,7 +246,7 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, rtc *c
Authfile: "",
CapAdd: append(capAdd, cc.HostConfig.CapAdd...),
CapDrop: append(cappDrop, cc.HostConfig.CapDrop...),
- CGroupParent: cc.HostConfig.CgroupParent,
+ CgroupParent: cc.HostConfig.CgroupParent,
CIDFile: cc.HostConfig.ContainerIDFile,
CPUPeriod: uint64(cc.HostConfig.CPUPeriod),
CPUQuota: cc.HostConfig.CPUQuota,
@@ -259,7 +259,7 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, rtc *c
// Detach: false, // don't need
// DetachKeys: "", // don't need
Devices: devices,
- DeviceCGroupRule: nil,
+ DeviceCgroupRule: nil,
DeviceReadBPs: readBps,
DeviceReadIOPs: readIops,
DeviceWriteBPs: writeBps,
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 694b97fe5..db78c96ee 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -257,8 +257,8 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra
}
vals.Env = env
}
- if c.Flag("cgroups").Changed && vals.CGroupsMode == "split" && registry.IsRemote() {
- return vals, errors.Errorf("the option --cgroups=%q is not supported in remote mode", vals.CGroupsMode)
+ if c.Flag("cgroups").Changed && vals.CgroupsMode == "split" && registry.IsRemote() {
+ return vals, errors.Errorf("the option --cgroups=%q is not supported in remote mode", vals.CgroupsMode)
}
if c.Flag("pod").Changed && !strings.HasPrefix(c.Flag("pod").Value.String(), "new:") && c.Flag("userns").Changed {
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go
index ceeb5119d..68e35f79f 100644
--- a/libpod/boltdb_state.go
+++ b/libpod/boltdb_state.go
@@ -215,7 +215,7 @@ func (s *BoltState) Refresh() error {
return errors.Wrapf(err, "error unmarshalling state for pod %s", string(id))
}
- // Clear the CGroup path
+ // Clear the Cgroup path
state.CgroupPath = ""
newStateBytes, err := json.Marshal(state)
diff --git a/libpod/container.go b/libpod/container.go
index 1dd2ef5f7..51a3ffd3d 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -23,7 +23,7 @@ import (
"github.com/sirupsen/logrus"
)
-// CgroupfsDefaultCgroupParent is the cgroup parent for CGroupFS in libpod
+// CgroupfsDefaultCgroupParent is the cgroup parent for CgroupFS in libpod
const CgroupfsDefaultCgroupParent = "/libpod_parent"
// SystemdDefaultCgroupParent is the cgroup parent for the systemd cgroup
@@ -56,7 +56,7 @@ const (
UserNS LinuxNS = iota
// UTSNS is the UTS namespace
UTSNS LinuxNS = iota
- // CgroupNS is the CGroup namespace
+ // CgroupNS is the Cgroup namespace
CgroupNS LinuxNS = iota
)
@@ -575,7 +575,7 @@ func (c *Container) CreatedTime() time.Time {
return c.config.CreatedTime
}
-// CgroupParent gets the container's CGroup parent
+// CgroupParent gets the container's Cgroup parent
func (c *Container) CgroupParent() string {
return c.config.CgroupParent
}
@@ -907,10 +907,10 @@ func (c *Container) CgroupManager() string {
return cgroupManager
}
-// CGroupPath returns a cgroups "path" for the given container.
+// CgroupPath returns a cgroups "path" for the given container.
// Note that the container must be running. Otherwise, an error
// is returned.
-func (c *Container) CGroupPath() (string, error) {
+func (c *Container) CgroupPath() (string, error) {
if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
diff --git a/libpod/container_config.go b/libpod/container_config.go
index 102d74236..725e27c2a 100644
--- a/libpod/container_config.go
+++ b/libpod/container_config.go
@@ -334,7 +334,7 @@ type ContainerMiscConfig struct {
// CgroupManager is the cgroup manager used to create this container.
// If empty, the runtime default will be used.
CgroupManager string `json:"cgroupManager,omitempty"`
- // NoCgroups indicates that the container will not create CGroups. It is
+ // NoCgroups indicates that the container will not create Cgroups. It is
// incompatible with CgroupParent. Deprecated in favor of CgroupsMode.
NoCgroups bool `json:"noCgroups,omitempty"`
// CgroupsMode indicates how the container will create cgroups
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index 792dfc58e..615a7522b 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -730,7 +730,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named
}
hostConfig.CgroupMode = cgroupMode
- // CGroup parent
+ // Cgroup parent
// Need to check if it's the default, and not print if so.
defaultCgroupParent := ""
switch c.CgroupManager() {
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 12d6d5a18..d0c8ccc4c 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1092,7 +1092,7 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error {
// upstream in any OCI runtime.
// TODO: Remove once runc supports cgroupsv2
if strings.Contains(err.Error(), "this version of runc doesn't work on cgroups v2") {
- logrus.Errorf("Oci runtime %q does not support CGroups V2: use system migrate to mitigate", c.ociRuntime.Name())
+ logrus.Errorf("Oci runtime %q does not support Cgroups V2: use system migrate to mitigate", c.ociRuntime.Name())
}
return err
}
@@ -1291,8 +1291,8 @@ func (c *Container) stop(timeout uint) error {
// a pid namespace then the OCI Runtime needs to kill ALL processes in
// the containers cgroup in order to make sure the container is stopped.
all := !c.hasNamespace(spec.PIDNamespace)
- // We can't use --all if CGroups aren't present.
- // Rootless containers with CGroups v1 and NoCgroups are both cases
+ // We can't use --all if Cgroups aren't present.
+ // Rootless containers with Cgroups v1 and NoCgroups are both cases
// where this can happen.
if all {
if c.config.NoCgroups {
@@ -1400,7 +1400,7 @@ func (c *Container) stop(timeout uint) error {
// Internal, non-locking function to pause a container
func (c *Container) pause() error {
if c.config.NoCgroups {
- return errors.Wrapf(define.ErrNoCgroups, "cannot pause without using CGroups")
+ return errors.Wrapf(define.ErrNoCgroups, "cannot pause without using Cgroups")
}
if rootless.IsRootless() {
@@ -1428,7 +1428,7 @@ func (c *Container) pause() error {
// Internal, non-locking function to unpause a container
func (c *Container) unpause() error {
if c.config.NoCgroups {
- return errors.Wrapf(define.ErrNoCgroups, "cannot unpause without using CGroups")
+ return errors.Wrapf(define.ErrNoCgroups, "cannot unpause without using Cgroups")
}
if err := c.ociRuntime.UnpauseContainer(c); err != nil {
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 508a8a8cf..0f89daab0 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2772,7 +2772,7 @@ func (c *Container) getOCICgroupPath() (string, error) {
// expects cgroups to be passed as follows:
// slice:prefix:name
systemdCgroups := fmt.Sprintf("%s:libpod:%s", path.Base(c.config.CgroupParent), c.ID())
- logrus.Debugf("Setting CGroups for container %s to %s", c.ID(), systemdCgroups)
+ logrus.Debugf("Setting Cgroups for container %s to %s", c.ID(), systemdCgroups)
return systemdCgroups, nil
case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)):
if c.config.CgroupParent == "" || !isRootlessCgroupSet(c.config.CgroupParent) {
@@ -2781,7 +2781,7 @@ func (c *Container) getOCICgroupPath() (string, error) {
fallthrough
case cgroupManager == config.CgroupfsCgroupsManager:
cgroupPath := filepath.Join(c.config.CgroupParent, fmt.Sprintf("libpod-%s", c.ID()))
- logrus.Debugf("Setting CGroup path for container %s to %s", c.ID(), cgroupPath)
+ logrus.Debugf("Setting Cgroup path for container %s to %s", c.ID(), cgroupPath)
return cgroupPath, nil
default:
return "", errors.Wrapf(define.ErrInvalidArg, "invalid cgroup manager %s requested", cgroupManager)
diff --git a/libpod/container_validate.go b/libpod/container_validate.go
index ca5ce8b2a..492225401 100644
--- a/libpod/container_validate.go
+++ b/libpod/container_validate.go
@@ -57,13 +57,13 @@ func (c *Container) validate() error {
if ns.Type == spec.PIDNamespace {
foundPid = true
if ns.Path != "" {
- return errors.Wrapf(define.ErrInvalidArg, "containers not creating CGroups must create a private PID namespace - cannot use another")
+ return errors.Wrapf(define.ErrInvalidArg, "containers not creating Cgroups must create a private PID namespace - cannot use another")
}
break
}
}
if !foundPid {
- return errors.Wrapf(define.ErrInvalidArg, "containers not creating CGroups must create a private PID namespace")
+ return errors.Wrapf(define.ErrInvalidArg, "containers not creating Cgroups must create a private PID namespace")
}
}
diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go
index ba73e4196..6db1b025e 100644
--- a/libpod/define/container_inspect.go
+++ b/libpod/define/container_inspect.go
@@ -345,9 +345,9 @@ type InspectContainerHostConfig struct {
// populated.
// TODO.
Cgroup string `json:"Cgroup"`
- // Cgroups contains the container's CGroup mode.
- // Allowed values are "default" (container is creating CGroups) and
- // "disabled" (container is not creating CGroups).
+ // Cgroups contains the container's Cgroup mode.
+ // Allowed values are "default" (container is creating Cgroups) and
+ // "disabled" (container is not creating Cgroups).
// This is Libpod-specific and not included in `docker inspect`.
Cgroups string `json:"Cgroups"`
// Links is unused, and provided purely for Docker compatibility.
@@ -417,7 +417,7 @@ type InspectContainerHostConfig struct {
Isolation string `json:"Isolation"`
// CpuShares indicates the CPU resources allocated to the container.
// It is a relative weight in the scheduler for assigning CPU time
- // versus other CGroups.
+ // versus other Cgroups.
CpuShares uint64 `json:"CpuShares"`
// Memory indicates the memory resources allocated to the container.
// This is the limit (in bytes) of RAM the container may use.
@@ -434,12 +434,12 @@ type InspectContainerHostConfig struct {
// 100000, we will set both CpuQuota, CpuPeriod, and NanoCpus. If
// CpuQuota is not the default, we will not set NanoCpus.
NanoCpus int64 `json:"NanoCpus"`
- // CgroupParent is the CGroup parent of the container.
+ // CgroupParent is the Cgroup parent of the container.
// Only set if not default.
CgroupParent string `json:"CgroupParent"`
// BlkioWeight indicates the I/O resources allocated to the container.
// It is a relative weight in the scheduler for assigning I/O time
- // versus other CGroups.
+ // versus other Cgroups.
BlkioWeight uint16 `json:"BlkioWeight"`
// BlkioWeightDevice is an array of I/O resource priorities for
// individual device nodes.
diff --git a/libpod/define/errors.go b/libpod/define/errors.go
index 653ef187d..f5a7c73e5 100644
--- a/libpod/define/errors.go
+++ b/libpod/define/errors.go
@@ -96,7 +96,7 @@ var (
ErrWillDeadlock = errors.New("deadlock due to lock mismatch")
// ErrNoCgroups indicates that the container does not have its own
- // CGroup.
+ // Cgroup.
ErrNoCgroups = errors.New("this container does not have a cgroup")
// ErrNoLogs indicates that this container is not creating a log so log
// operations cannot be performed on it
diff --git a/libpod/define/info.go b/libpod/define/info.go
index 15400991f..48ad51c22 100644
--- a/libpod/define/info.go
+++ b/libpod/define/info.go
@@ -27,7 +27,7 @@ type HostInfo struct {
Arch string `json:"arch"`
BuildahVersion string `json:"buildahVersion"`
CgroupManager string `json:"cgroupManager"`
- CGroupsVersion string `json:"cgroupVersion"`
+ CgroupsVersion string `json:"cgroupVersion"`
CgroupControllers []string `json:"cgroupControllers"`
Conmon *ConmonInfo `json:"conmon"`
CPUs int `json:"cpus"`
diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go
index e7adc8700..e85a660a1 100644
--- a/libpod/define/pod_inspect.go
+++ b/libpod/define/pod_inspect.go
@@ -26,12 +26,12 @@ type InspectPodData struct {
// Labels is a set of key-value labels that have been applied to the
// pod.
Labels map[string]string `json:"Labels,omitempty"`
- // CreateCgroup is whether this pod will create its own CGroup to group
+ // CreateCgroup is whether this pod will create its own Cgroup to group
// containers under.
CreateCgroup bool
- // CgroupParent is the parent of the pod's CGroup.
+ // CgroupParent is the parent of the pod's Cgroup.
CgroupParent string `json:"CgroupParent,omitempty"`
- // CgroupPath is the path to the pod's CGroup.
+ // CgroupPath is the path to the pod's Cgroup.
CgroupPath string `json:"CgroupPath,omitempty"`
// CreateInfra is whether this pod will create an infra container to
// share namespaces.
diff --git a/libpod/info.go b/libpod/info.go
index 354364ccc..de675859e 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -104,7 +104,7 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
return nil, errors.Wrapf(err, "error getting Seccomp profile path")
}
- // CGroups version
+ // Cgroups version
unified, err := cgroups.IsCgroup2UnifiedMode()
if err != nil {
return nil, errors.Wrapf(err, "error reading cgroups mode")
@@ -150,7 +150,7 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
if unified {
cgroupVersion = "v2"
}
- info.CGroupsVersion = cgroupVersion
+ info.CgroupsVersion = cgroupVersion
slirp4netnsPath := r.config.Engine.NetworkCmdPath
if slirp4netnsPath == "" {
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 3440507ed..8d6a23ecc 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1402,7 +1402,7 @@ func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, p
args = append(args, "--log-tag", logTag)
}
if ctr.config.NoCgroups {
- logrus.Debugf("Running with no CGroups")
+ logrus.Debugf("Running with no Cgroups")
args = append(args, "--runtime-arg", "--cgroup-manager", "--runtime-arg", "disabled")
}
return args
diff --git a/libpod/options.go b/libpod/options.go
index 5cf7609e9..f32eb279d 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -217,7 +217,7 @@ func WithCgroupManager(manager string) RuntimeOption {
}
if manager != config.CgroupfsCgroupsManager && manager != config.SystemdCgroupsManager {
- return errors.Wrapf(define.ErrInvalidArg, "CGroup manager must be one of %s and %s",
+ return errors.Wrapf(define.ErrInvalidArg, "Cgroup manager must be one of %s and %s",
config.CgroupfsCgroupsManager, config.SystemdCgroupsManager)
}
@@ -945,7 +945,7 @@ func WithUTSNSFrom(nsCtr *Container) CtrCreateOption {
}
}
-// WithCgroupNSFrom indicates the the container should join the CGroup namespace
+// WithCgroupNSFrom indicates the the container should join the Cgroup namespace
// of the given container.
// If the container has joined a pod, it can only join the namespaces of
// containers in the same pod.
@@ -1080,7 +1080,7 @@ func WithLogTag(tag string) CtrCreateOption {
}
}
-// WithCgroupsMode disables the creation of CGroups for the conmon process.
+// WithCgroupsMode disables the creation of Cgroups for the conmon process.
func WithCgroupsMode(mode string) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
@@ -1864,7 +1864,7 @@ func WithPodCgroupParent(path string) PodCreateOption {
// WithPodCgroups tells containers in this pod to use the cgroup created for
// this pod.
// This can still be overridden at the container level by explicitly specifying
-// a CGroup parent.
+// a Cgroup parent.
func WithPodCgroups() PodCreateOption {
return func(pod *Pod) error {
if pod.valid {
diff --git a/libpod/pod.go b/libpod/pod.go
index 0e5ac4906..b159f6bc7 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -44,9 +44,9 @@ type PodConfig struct {
// Labels contains labels applied to the pod
Labels map[string]string `json:"labels"`
- // CgroupParent contains the pod's CGroup parent
+ // CgroupParent contains the pod's Cgroup parent
CgroupParent string `json:"cgroupParent"`
- // UsePodCgroup indicates whether the pod will create its own CGroup and
+ // UsePodCgroup indicates whether the pod will create its own Cgroup and
// join containers to it.
// If true, all containers joined to the pod will use the pod cgroup as
// their cgroup parent, and cannot set a different cgroup parent
@@ -77,7 +77,7 @@ type PodConfig struct {
// podState represents a pod's state
type podState struct {
- // CgroupPath is the path to the pod's CGroup
+ // CgroupPath is the path to the pod's Cgroup
CgroupPath string `json:"cgroupPath"`
// InfraContainerID is the container that holds pod namespace information
// Most often an infra container
@@ -237,7 +237,7 @@ func (p *Pod) CreateCommand() []string {
return p.config.CreateCommand
}
-// CgroupParent returns the pod's CGroup parent
+// CgroupParent returns the pod's Cgroup parent
func (p *Pod) CgroupParent() string {
return p.config.CgroupParent
}
@@ -289,7 +289,7 @@ func (p *Pod) Hostname() string {
return p.config.Hostname
}
-// CgroupPath returns the path to the pod's CGroup
+// CgroupPath returns the path to the pod's Cgroup
func (p *Pod) CgroupPath() (string, error) {
p.lock.Lock()
defer p.lock.Unlock()
@@ -315,7 +315,7 @@ func (p *Pod) CgroupPath() (string, error) {
}
if ctr != nil {
ctr.Start(context.Background(), true)
- cgroupPath, err := ctr.CGroupPath()
+ cgroupPath, err := ctr.CgroupPath()
fmt.Println(cgroupPath)
if err != nil {
return "", errors.Wrapf(err, "could not get container cgroup")
diff --git a/libpod/pod_internal.go b/libpod/pod_internal.go
index d903b8719..eaa6eb14b 100644
--- a/libpod/pod_internal.go
+++ b/libpod/pod_internal.go
@@ -71,7 +71,7 @@ func (p *Pod) refresh() error {
case config.SystemdCgroupsManager:
cgroupPath, err := systemdSliceFromPath(p.config.CgroupParent, fmt.Sprintf("libpod_pod_%s", p.ID()))
if err != nil {
- logrus.Errorf("Creating CGroup for pod %s: %v", p.ID(), err)
+ logrus.Errorf("Creating Cgroup for pod %s: %v", p.ID(), err)
}
p.state.CgroupPath = cgroupPath
case config.CgroupfsCgroupsManager:
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 252279485..15bca6133 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -344,8 +344,8 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
}
}
- // Check CGroup parent sanity, and set it if it was not set.
- // Only if we're actually configuring CGroups.
+ // Check Cgroup parent sanity, and set it if it was not set.
+ // Only if we're actually configuring Cgroups.
if !ctr.config.NoCgroups {
ctr.config.CgroupManager = r.config.Engine.CgroupManager
switch r.config.Engine.CgroupManager {
@@ -391,7 +391,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
return nil, errors.Wrapf(define.ErrInvalidArg, "did not receive systemd slice as cgroup parent when using systemd to manage cgroups")
}
default:
- return nil, errors.Wrapf(define.ErrInvalidArg, "unsupported CGroup manager: %s - cannot validate cgroup parent", r.config.Engine.CgroupManager)
+ return nil, errors.Wrapf(define.ErrInvalidArg, "unsupported Cgroup manager: %s - cannot validate cgroup parent", r.config.Engine.CgroupManager)
}
}
@@ -411,7 +411,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
g.RemoveMount("/run/.containerenv")
g.RemoveMount("/run/secrets")
- // Regenerate CGroup paths so they don't point to the old
+ // Regenerate Cgroup paths so they don't point to the old
// container ID.
cgroupPath, err := ctr.getOCICgroupPath()
if err != nil {
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index ee59cd8c3..ea3eb53c4 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -61,7 +61,7 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option
pod.valid = true
- // Check CGroup parent sanity, and set it if it was not set
+ // Check Cgroup parent sanity, and set it if it was not set
switch r.config.Engine.CgroupManager {
case config.CgroupfsCgroupsManager:
canUseCgroup := !rootless.IsRootless() || isRootlessCgroupSet(pod.config.CgroupParent)
@@ -105,7 +105,7 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option
}
}
default:
- return nil, errors.Wrapf(define.ErrInvalidArg, "unsupported CGroup manager: %s - cannot validate cgroup parent", r.config.Engine.CgroupManager)
+ return nil, errors.Wrapf(define.ErrInvalidArg, "unsupported Cgroup manager: %s - cannot validate cgroup parent", r.config.Engine.CgroupManager)
}
if pod.config.UsePodCgroup {
@@ -226,12 +226,12 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
}
// We're going to be removing containers.
- // If we are CGroupfs cgroup driver, to avoid races, we need to hit
- // the pod and conmon CGroups with a PID limit to prevent them from
+ // If we are Cgroupfs cgroup driver, to avoid races, we need to hit
+ // the pod and conmon Cgroups with a PID limit to prevent them from
// spawning any further processes (particularly cleanup processes) which
- // would prevent removing the CGroups.
+ // would prevent removing the Cgroups.
if p.runtime.config.Engine.CgroupManager == config.CgroupfsCgroupsManager {
- // Get the conmon CGroup
+ // Get the conmon Cgroup
conmonCgroupPath := filepath.Join(p.state.CgroupPath, "conmon")
conmonCgroup, err := cgroups.Load(conmonCgroupPath)
if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless {
diff --git a/libpod/util_linux.go b/libpod/util_linux.go
index ef871ef3d..9fee35823 100644
--- a/libpod/util_linux.go
+++ b/libpod/util_linux.go
@@ -43,7 +43,7 @@ func getDefaultSystemdCgroup() string {
return SystemdDefaultCgroupParent
}
-// makeSystemdCgroup creates a systemd CGroup at the given location.
+// makeSystemdCgroup creates a systemd Cgroup at the given location.
func makeSystemdCgroup(path string) error {
controller, err := cgroups.NewSystemd(getDefaultSystemdCgroup())
if err != nil {
diff --git a/pkg/api/handlers/compat/containers_stats.go b/pkg/api/handlers/compat/containers_stats.go
index a92fe9fe0..ad91a3a8e 100644
--- a/pkg/api/handlers/compat/containers_stats.go
+++ b/pkg/api/handlers/compat/containers_stats.go
@@ -109,7 +109,7 @@ streamLabel: // A label to flatten the scope
return
}
// Cgroup stats
- cgroupPath, err := ctnr.CGroupPath()
+ cgroupPath, err := ctnr.CgroupPath()
if err != nil {
logrus.Errorf("Unable to get cgroup path of container: %v", err)
return
diff --git a/pkg/api/handlers/compat/info.go b/pkg/api/handlers/compat/info.go
index 777009f0a..dac1eb193 100644
--- a/pkg/api/handlers/compat/info.go
+++ b/pkg/api/handlers/compat/info.go
@@ -124,7 +124,7 @@ func GetInfo(w http.ResponseWriter, r *http.Request) {
BuildahVersion: infoData.Host.BuildahVersion,
CPURealtimePeriod: sysInfo.CPURealtimePeriod,
CPURealtimeRuntime: sysInfo.CPURealtimeRuntime,
- CgroupVersion: strings.TrimPrefix(infoData.Host.CGroupsVersion, "v"),
+ CgroupVersion: strings.TrimPrefix(infoData.Host.CgroupsVersion, "v"),
Rootless: rootless.IsRootless(),
SwapFree: infoData.Host.SwapFree,
SwapTotal: infoData.Host.SwapTotal,
diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go
index 3b821d9e7..d3a592bdf 100644
--- a/pkg/api/handlers/types.go
+++ b/pkg/api/handlers/types.go
@@ -148,7 +148,7 @@ type PodTopOKBody struct {
// swagger:model PodCreateConfig
type PodCreateConfig struct {
Name string `json:"name"`
- CGroupParent string `json:"cgroup-parent"`
+ CgroupParent string `json:"cgroup-parent"`
Hostname string `json:"hostname"`
Infra bool `json:"infra"`
InfraCommand string `json:"infra-command"`
diff --git a/pkg/domain/entities/engine.go b/pkg/domain/entities/engine.go
index 055af7ff9..32faa74af 100644
--- a/pkg/domain/entities/engine.go
+++ b/pkg/domain/entities/engine.go
@@ -33,7 +33,7 @@ type PodmanConfig struct {
*config.Config
*pflag.FlagSet
- CGroupUsage string // rootless code determines Usage message
+ CgroupUsage string // rootless code determines Usage message
ConmonPath string // --conmon flag will set Engine.ConmonPath
CPUProfile string // Hidden: Should CPU profile be taken
EngineMode EngineMode // ABI or Tunneling mode
diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index cc9476d79..60d171f86 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -118,7 +118,7 @@ type PodSpec struct {
// The JSON tags below are made to match the respective field in ContainerCreateOptions for the purpose of mapping.
// swagger:model PodCreateOptions
type PodCreateOptions struct {
- CGroupParent string `json:"cgroup_parent,omitempty"`
+ CgroupParent string `json:"cgroup_parent,omitempty"`
CreateCommand []string `json:"create_command,omitempty"`
Devices []string `json:"devices,omitempty"`
DeviceReadBPs []string `json:"device_read_bps,omitempty"`
@@ -159,8 +159,8 @@ type ContainerCreateOptions struct {
CapAdd []string
CapDrop []string
CgroupNS string
- CGroupsMode string
- CGroupParent string `json:"cgroup_parent,omitempty"`
+ CgroupsMode string
+ CgroupParent string `json:"cgroup_parent,omitempty"`
CIDFile string
ConmonPIDFile string `json:"container_conmon_pidfile,omitempty"`
CPUPeriod uint64
@@ -172,7 +172,7 @@ type ContainerCreateOptions struct {
CPUSetCPUs string `json:"cpuset_cpus,omitempty"`
CPUSetMems string
Devices []string `json:"devices,omitempty"`
- DeviceCGroupRule []string
+ DeviceCgroupRule []string
DeviceReadBPs []string `json:"device_read_bps,omitempty"`
DeviceReadIOPs []string
DeviceWriteBPs []string
@@ -345,7 +345,7 @@ func ToPodSpecGen(s specgen.PodSpecGenerator, p *PodCreateOptions) (*specgen.Pod
}
// Cgroup
- s.CgroupParent = p.CGroupParent
+ s.CgroupParent = p.CgroupParent
// Resource config
cpuDat := p.CPULimits()
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index afd25d313..cab4c3c9a 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -989,7 +989,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
report := entities.ContainerRunReport{Id: ctr.ID()}
if logrus.GetLevel() == logrus.DebugLevel {
- cgroupPath, err := ctr.CGroupPath()
+ cgroupPath, err := ctr.CgroupPath()
if err == nil {
logrus.Debugf("container %q has CgroupParent %q", ctr.ID(), cgroupPath)
}
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 2c7b3c091..7b55a0cb3 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -229,6 +229,10 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
}
}
+ if s.CgroupsMode == "" {
+ s.CgroupsMode = rtc.Cgroups()
+ }
+
// If caller did not specify Pids Limits load default
if s.ResourceLimits == nil || s.ResourceLimits.Pids == nil {
if s.CgroupsMode != "disabled" {
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index ee3a990fc..f72ffe80c 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -152,7 +152,7 @@ func canMountSys(isRootless, isNewUserns bool, s *specgen.SpecGenerator) bool {
return true
}
-func getCGroupPermissons(unmask []string) string {
+func getCgroupPermissons(unmask []string) string {
ro := "ro"
rw := "rw"
cgroup := "/sys/fs/cgroup"
@@ -176,7 +176,7 @@ func getCGroupPermissons(unmask []string) string {
// SpecGenToOCI returns the base configuration for the container.
func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *libimage.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string, compatibleOptions *libpod.InfraInherit) (*spec.Spec, error) {
- cgroupPerm := getCGroupPermissons(s.Unmask)
+ cgroupPerm := getCgroupPermissons(s.Unmask)
g, err := generate.New("linux")
if err != nil {
@@ -357,7 +357,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
// set the devices cgroup when not running in a user namespace
if !inUserNS && !s.Privileged {
g.AddLinuxResourcesDevice(false, "", nil, nil, "rwm")
- for _, dev := range s.DeviceCGroupRule {
+ for _, dev := range s.DeviceCgroupRule {
g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
}
}
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go
index b6f2d6bf0..62b4725a7 100644
--- a/pkg/specgen/podspecgen.go
+++ b/pkg/specgen/podspecgen.go
@@ -183,7 +183,7 @@ type PodStorageConfig struct {
// PodCgroupConfig contains configuration options about a pod's cgroups.
// This will be expanded in future updates to pods.
type PodCgroupConfig struct {
- // CgroupParent is the parent for the CGroup that the pod will create.
+ // CgroupParent is the parent for the Cgroup that the pod will create.
// This pod cgroup will, in turn, be the default cgroup parent for all
// containers in the pod.
// Optional.
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 82721ba92..750fc875d 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -264,9 +264,9 @@ type ContainerStorageConfig struct {
// Devices are devices that will be added to the container.
// Optional.
Devices []spec.LinuxDevice `json:"devices,omitempty"`
- // DeviceCGroupRule are device cgroup rules that allow containers
+ // DeviceCgroupRule are device cgroup rules that allow containers
// to use additional types of devices.
- DeviceCGroupRule []spec.LinuxDeviceCgroup `json:"device_cgroup_rule,omitempty"`
+ DeviceCgroupRule []spec.LinuxDeviceCgroup `json:"device_cgroup_rule,omitempty"`
// DevicesFrom is a way to ensure your container inherits device specific information from another container
DevicesFrom []string `json:"devices_from,omitempty"`
// HostDeviceList is used to recreate the mounted device on inherited containers
@@ -390,7 +390,7 @@ type ContainerCgroupConfig struct {
// CgroupsMode sets a policy for how cgroups will be created in the
// container, including the ability to disable creation entirely.
CgroupsMode string `json:"cgroups_mode,omitempty"`
- // CgroupParent is the container's CGroup parent.
+ // CgroupParent is the container's Cgroup parent.
// If not set, the default for the current cgroup driver will be used.
// Optional.
CgroupParent string `json:"cgroup_parent,omitempty"`
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index 8e43cc50e..59ac19c2c 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -8,6 +8,7 @@ import (
"strings"
"time"
+ "github.com/containers/common/pkg/config"
"github.com/containers/image/v5/manifest"
"github.com/containers/podman/v3/cmd/podman/parse"
"github.com/containers/podman/v3/libpod/define"
@@ -488,8 +489,17 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
if ld := c.LogDriver; len(ld) > 0 {
s.LogConfiguration.Driver = ld
}
- s.CgroupParent = c.CGroupParent
- s.CgroupsMode = c.CGroupsMode
+ s.CgroupParent = c.CgroupParent
+ s.CgroupsMode = c.CgroupsMode
+ if s.CgroupsMode == "" {
+ rtc, err := config.Default()
+ if err != nil {
+ return err
+ }
+
+ s.CgroupsMode = rtc.Cgroups()
+ }
+
s.Groups = c.GroupAdd
s.Hostname = c.Hostname
@@ -587,12 +597,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
s.Devices = append(s.Devices, specs.LinuxDevice{Path: dev})
}
- for _, rule := range c.DeviceCGroupRule {
+ for _, rule := range c.DeviceCgroupRule {
dev, err := parseLinuxResourcesDeviceAccess(rule)
if err != nil {
return err
}
- s.DeviceCGroupRule = append(s.DeviceCGroupRule, dev)
+ s.DeviceCgroupRule = append(s.DeviceCgroupRule, dev)
}
s.Init = c.Init
diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go
index 838221dd5..d6bf66a50 100644
--- a/test/e2e/containers_conf_test.go
+++ b/test/e2e/containers_conf_test.go
@@ -83,7 +83,7 @@ var _ = Describe("Podman run", func() {
})
It("podman Capabilities in containers.conf", func() {
- SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
+ SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
cap := podmanTest.Podman([]string{"run", ALPINE, "grep", "CapEff", "/proc/self/status"})
cap.WaitWithDefaultTimeout()
Expect(cap).Should(Exit(0))
@@ -123,7 +123,7 @@ var _ = Describe("Podman run", func() {
})
verifyNSHandling := func(nspath, option string) {
- SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
+ SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
os.Setenv("CONTAINERS_CONF", "config/containers-ns.conf")
if IsRemote() {
podmanTest.RestartRemoteService()
@@ -484,4 +484,35 @@ var _ = Describe("Podman run", func() {
Expect(result).Should(Exit(125))
Expect(result.ErrorToString()).To(ContainSubstring(errorString))
})
+
+ It("podman containers.conf cgroups=disabled", func() {
+ if !strings.Contains(podmanTest.OCIRuntime, "crun") {
+ Skip("FIXME: requires crun")
+ }
+ conffile := filepath.Join(podmanTest.TempDir, "container.conf")
+
+ err := ioutil.WriteFile(conffile, []byte("[containers]\ncgroups=\"disabled\"\n"), 0755)
+ Expect(err).To(BeNil())
+
+ result := podmanTest.Podman([]string{"create", ALPINE, "true"})
+ result.WaitWithDefaultTimeout()
+ Expect(result).Should(Exit(0))
+
+ inspect := podmanTest.Podman([]string{"inspect", "--format", "{{ .HostConfig.Cgroups }}", result.OutputToString()})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.OutputToString()).To(Not(Equal("disabled")))
+
+ os.Setenv("CONTAINERS_CONF", conffile)
+ if IsRemote() {
+ podmanTest.RestartRemoteService()
+ }
+ result = podmanTest.Podman([]string{"create", ALPINE, "true"})
+ result.WaitWithDefaultTimeout()
+ Expect(result).Should(Exit(0))
+
+ inspect = podmanTest.Podman([]string{"inspect", "--format", "{{ .HostConfig.Cgroups }}", result.OutputToString()})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.OutputToString()).To(Equal("disabled"))
+ })
+
})
diff --git a/test/e2e/cp_test.go b/test/e2e/cp_test.go
index 360b8c7fc..70b559222 100644
--- a/test/e2e/cp_test.go
+++ b/test/e2e/cp_test.go
@@ -94,7 +94,7 @@ var _ = Describe("Podman cp", func() {
// Copy a file to the container, then back to the host in --pid=host
It("podman cp --pid=host file", func() {
- SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
+ SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
srcFile, err := ioutil.TempFile("", "")
Expect(err).To(BeNil())
defer srcFile.Close()
diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go
index 4a5a8c6b0..f4b99bb6b 100644
--- a/test/e2e/pod_infra_container_test.go
+++ b/test/e2e/pod_infra_container_test.go
@@ -225,7 +225,7 @@ var _ = Describe("Podman pod create", func() {
})
It("podman pod container can override pod pid NS", func() {
- SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
+ SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
session := podmanTest.Podman([]string{"pod", "create", "--share", "pid"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
diff --git a/test/e2e/pod_kill_test.go b/test/e2e/pod_kill_test.go
index 7ab62ec5d..0bd9aa0f1 100644
--- a/test/e2e/pod_kill_test.go
+++ b/test/e2e/pod_kill_test.go
@@ -128,7 +128,7 @@ var _ = Describe("Podman pod kill", func() {
})
It("podman pod kill all", func() {
- SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
+ SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
_, ec, podid := podmanTest.CreatePod(nil)
Expect(ec).To(Equal(0))
diff --git a/test/e2e/pod_ps_test.go b/test/e2e/pod_ps_test.go
index 4b2a3b66d..281aea9a9 100644
--- a/test/e2e/pod_ps_test.go
+++ b/test/e2e/pod_ps_test.go
@@ -174,7 +174,7 @@ var _ = Describe("Podman ps", func() {
})
It("podman pod ps --ctr-names", func() {
- SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
+ SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
_, ec, podid := podmanTest.CreatePod(nil)
Expect(ec).To(Equal(0))
diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go
index db81cc1a7..7f4b58c0d 100644
--- a/test/e2e/run_ns_test.go
+++ b/test/e2e/run_ns_test.go
@@ -36,7 +36,7 @@ var _ = Describe("Podman run ns", func() {
})
It("podman run pidns test", func() {
- SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
+ SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
session := podmanTest.Podman([]string{"run", fedoraMinimal, "bash", "-c", "echo $$"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
@@ -115,7 +115,7 @@ var _ = Describe("Podman run ns", func() {
})
It("podman run --ipc=host --pid=host", func() {
- SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
+ SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
cmd := exec.Command("ls", "-l", "/proc/self/ns/pid")
res, err := cmd.Output()
Expect(err).To(BeNil())
diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go
index a6672d45e..5ae49a5c2 100644
--- a/test/e2e/run_selinux_test.go
+++ b/test/e2e/run_selinux_test.go
@@ -260,7 +260,7 @@ var _ = Describe("Podman run", func() {
})
It("podman test --pid=host", func() {
- SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
+ SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
session := podmanTest.Podman([]string{"run", "--pid=host", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index e98f2c999..b461594c1 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -386,31 +386,31 @@ var _ = Describe("Podman run", func() {
SkipIfCgroupV1("podman umask on /sys/fs/cgroup will fail with cgroups V1")
SkipIfRootless("/sys/fs/cgroup rw access is needed")
- rwOnCGroups := "/sys/fs/cgroup cgroup2 rw"
+ rwOnCgroups := "/sys/fs/cgroup cgroup2 rw"
session := podmanTest.Podman([]string{"run", "--security-opt", "unmask=ALL", "--security-opt", "mask=/sys/fs/cgroup", ALPINE, "cat", "/proc/mounts"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(ContainSubstring(rwOnCGroups))
+ Expect(session.OutputToString()).To(ContainSubstring(rwOnCgroups))
session = podmanTest.Podman([]string{"run", "--security-opt", "unmask=/sys/fs/cgroup", ALPINE, "cat", "/proc/mounts"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(ContainSubstring(rwOnCGroups))
+ Expect(session.OutputToString()).To(ContainSubstring(rwOnCgroups))
session = podmanTest.Podman([]string{"run", "--security-opt", "unmask=/sys/fs/cgroup///", ALPINE, "cat", "/proc/mounts"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(ContainSubstring(rwOnCGroups))
+ Expect(session.OutputToString()).To(ContainSubstring(rwOnCgroups))
session = podmanTest.Podman([]string{"run", "--security-opt", "unmask=ALL", ALPINE, "cat", "/proc/mounts"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(ContainSubstring(rwOnCGroups))
+ Expect(session.OutputToString()).To(ContainSubstring(rwOnCgroups))
session = podmanTest.Podman([]string{"run", "--security-opt", "unmask=/sys/fs/cgroup", "--security-opt", "mask=/sys/fs/cgroup", ALPINE, "cat", "/proc/mounts"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(ContainSubstring(rwOnCGroups))
+ Expect(session.OutputToString()).To(ContainSubstring(rwOnCgroups))
session = podmanTest.Podman([]string{"run", "--security-opt", "unmask=/sys/fs/cgroup", ALPINE, "ls", "/sys/fs/cgroup"})
session.WaitWithDefaultTimeout()
diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go
index 40db5180a..72ada5c31 100644
--- a/test/e2e/toolbox_test.go
+++ b/test/e2e/toolbox_test.go
@@ -118,7 +118,7 @@ var _ = Describe("Toolbox-specific testing", func() {
if podmanTest.RemoteTest {
Skip("Shm size check does not work with a remote client")
}
- SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
+ SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1")
var session *PodmanSessionIntegration
var cmd *exec.Cmd
var hostShmSize, containerShmSize int