diff options
author | Matthew Heon <matthew.heon@pm.me> | 2020-02-05 13:58:58 -0500 |
---|---|---|
committer | Matthew Heon <mheon@redhat.com> | 2020-02-06 10:20:54 -0500 |
commit | eed2ad9ef257fab11f76589c68f98bd595dd4396 (patch) | |
tree | 092ba66ddaaa2e201e7c7c215c43c0bc40c23068 | |
parent | fc0673f5612368e0d90173bb061f4b257d08b885 (diff) | |
download | podman-eed2ad9ef257fab11f76589c68f98bd595dd4396.tar.gz podman-eed2ad9ef257fab11f76589c68f98bd595dd4396.tar.bz2 podman-eed2ad9ef257fab11f76589c68f98bd595dd4396.zip |
Only modify conmon cgroup if we have running containers
If there are no running containers - for example, if the pod was
just created - the cgroup in question may not exist (under
certain circumstances that we're not 100% sure about). However,
regardless, we don't need to set a PID limit, as nothing will be
making cleanup processes (no running conmon processes), so not
changing the cgroup is safe regardless.
Fixes #5072
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
-rw-r--r-- | libpod/runtime_pod_linux.go | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index 5b0111b85..4afd5760a 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -193,8 +193,6 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) } } - var removalErr error - // We're going to be removing containers. // If we are CGroupfs cgroup driver, to avoid races, we need to hit // the pod and conmon CGroups with a PID limit to prevent them from @@ -205,7 +203,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) conmonCgroupPath := filepath.Join(p.state.CgroupPath, "conmon") conmonCgroup, err := cgroups.Load(conmonCgroupPath) if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless { - removalErr = errors.Wrapf(err, "error retrieving pod %s conmon cgroup %s", p.ID(), conmonCgroupPath) + logrus.Errorf("Error retrieving pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err) } // New resource limits @@ -216,15 +214,13 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) // Don't try if we failed to retrieve the cgroup if err == nil { if err := conmonCgroup.Update(resLimits); err != nil { - if removalErr == nil { - removalErr = errors.Wrapf(err, "error updating pod %s conmon group", p.ID()) - } else { - logrus.Errorf("Error updating pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err) - } + logrus.Warnf("Error updating pod %s conmon cgroup %s PID limit: %v", p.ID(), conmonCgroupPath, err) } } } + var removalErr error + ctrNamedVolumes := make(map[string]*ContainerNamedVolume) // Second loop - all containers are good, so we should be clear to |