summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@pm.me>2020-02-05 13:58:58 -0500
committerMatthew Heon <mheon@redhat.com>2020-02-06 10:20:54 -0500
commiteed2ad9ef257fab11f76589c68f98bd595dd4396 (patch)
tree092ba66ddaaa2e201e7c7c215c43c0bc40c23068
parentfc0673f5612368e0d90173bb061f4b257d08b885 (diff)
downloadpodman-eed2ad9ef257fab11f76589c68f98bd595dd4396.tar.gz
podman-eed2ad9ef257fab11f76589c68f98bd595dd4396.tar.bz2
podman-eed2ad9ef257fab11f76589c68f98bd595dd4396.zip
Only modify conmon cgroup if we have running containers
If there are no running containers - for example, if the pod was just created - the cgroup in question may not exist (under certain circumstances that we're not 100% sure about). However, regardless, we don't need to set a PID limit, as nothing will be making cleanup processes (no running conmon processes), so not changing the cgroup is safe regardless. Fixes #5072 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
-rw-r--r--libpod/runtime_pod_linux.go12
1 files changed, 4 insertions, 8 deletions
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index 5b0111b85..4afd5760a 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -193,8 +193,6 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool)
}
}
- var removalErr error
-
// We're going to be removing containers.
// If we are CGroupfs cgroup driver, to avoid races, we need to hit
// the pod and conmon CGroups with a PID limit to prevent them from
@@ -205,7 +203,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool)
conmonCgroupPath := filepath.Join(p.state.CgroupPath, "conmon")
conmonCgroup, err := cgroups.Load(conmonCgroupPath)
if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless {
- removalErr = errors.Wrapf(err, "error retrieving pod %s conmon cgroup %s", p.ID(), conmonCgroupPath)
+ logrus.Errorf("Error retrieving pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err)
}
// New resource limits
@@ -216,15 +214,13 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool)
// Don't try if we failed to retrieve the cgroup
if err == nil {
if err := conmonCgroup.Update(resLimits); err != nil {
- if removalErr == nil {
- removalErr = errors.Wrapf(err, "error updating pod %s conmon group", p.ID())
- } else {
- logrus.Errorf("Error updating pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err)
- }
+ logrus.Warnf("Error updating pod %s conmon cgroup %s PID limit: %v", p.ID(), conmonCgroupPath, err)
}
}
}
+ var removalErr error
+
ctrNamedVolumes := make(map[string]*ContainerNamedVolume)
// Second loop - all containers are good, so we should be clear to