aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2022-01-12 16:52:38 +0100
committerGiuseppe Scrivano <gscrivan@redhat.com>2022-01-12 21:07:24 +0100
commit8dc2464b03a1c4183e0a6264cbe3f99b2f65687f (patch)
tree273ea424bc897688d9a46bdd44562e8ca95c8c61
parent3f0661639c3ef3b18e4437f00075352df0af6cee (diff)
downloadpodman-8dc2464b03a1c4183e0a6264cbe3f99b2f65687f.tar.gz
podman-8dc2464b03a1c4183e0a6264cbe3f99b2f65687f.tar.bz2
podman-8dc2464b03a1c4183e0a6264cbe3f99b2f65687f.zip
libpod: refine check for empty pod cgroup
rootless containers do not use cgroups on cgroupv1 or if using cgroupfs, so improve the check to account for such configuration. Closes: https://github.com/containers/podman/issues/10800 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2028243 [NO NEW TESTS NEEDED] it requires rebooting and the rundir on a non tmpfs file system. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--libpod/container_internal_linux.go18
-rw-r--r--libpod/runtime_ctr.go6
2 files changed, 23 insertions, 1 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 28d961e4b..b814021e8 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2728,6 +2728,24 @@ func isRootlessCgroupSet(cgroup string) bool {
return cgroup != CgroupfsDefaultCgroupParent && filepath.Dir(cgroup) != CgroupfsDefaultCgroupParent
}
+func (c *Container) expectPodCgroup() (bool, error) {
+ unified, err := cgroups.IsCgroup2UnifiedMode()
+ if err != nil {
+ return false, err
+ }
+ cgroupManager := c.CgroupManager()
+ switch {
+ case c.config.NoCgroups:
+ return false, nil
+ case cgroupManager == config.SystemdCgroupsManager:
+ return !rootless.IsRootless() || unified, nil
+ case cgroupManager == config.CgroupfsCgroupsManager:
+ return !rootless.IsRootless(), nil
+ default:
+ return false, errors.Wrapf(define.ErrInvalidArg, "invalid cgroup mode %s requested for pods", cgroupManager)
+ }
+}
+
// Get cgroup path in a format suitable for the OCI spec
func (c *Container) getOCICgroupPath() (string, error) {
unified, err := cgroups.IsCgroup2UnifiedMode()
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 53ccb9139..9e494690f 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -356,7 +356,11 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
if err != nil {
return nil, errors.Wrapf(err, "error retrieving pod %s cgroup", pod.ID())
}
- if podCgroup == "" {
+ expectPodCgroup, err := ctr.expectPodCgroup()
+ if err != nil {
+ return nil, err
+ }
+ if expectPodCgroup && podCgroup == "" {
return nil, errors.Wrapf(define.ErrInternal, "pod %s cgroup is not set", pod.ID())
}
canUseCgroup := !rootless.IsRootless() || isRootlessCgroupSet(podCgroup)