summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-07-12 11:44:36 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-07-12 12:11:06 +0200
commit6c8ceaf21ef0a5af55f62c63295ce930a6db8b8e (patch)
treeca6dbf34e98b357d7d0beca9302f7652748f7fb4
parent144567b42dba2c8c426538a4b5fe7d718b43284a (diff)
downloadpodman-6c8ceaf21ef0a5af55f62c63295ce930a6db8b8e.tar.gz
podman-6c8ceaf21ef0a5af55f62c63295ce930a6db8b8e.tar.bz2
podman-6c8ceaf21ef0a5af55f62c63295ce930a6db8b8e.zip
cgroupsv2: do not enable controllers for the last component
do not automatically enable the controllers for the last path component. It is necessary as once there are enabled controllers in a cgroup, it won't possible to add processes to it. Fix conmon being moved to the correct cgroup path when using --cgroup-manager cgroupfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--pkg/cgroups/cgroups.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go
index 1dad45d7f..fc9847a51 100644
--- a/pkg/cgroups/cgroups.go
+++ b/pkg/cgroups/cgroups.go
@@ -187,8 +187,12 @@ func createCgroupv2Path(path string) (Err error) {
}()
}
}
- if err := ioutil.WriteFile(filepath.Join(current, "cgroup.subtree_control"), resByte, 0755); err != nil {
- return errors.Wrapf(err, "write %s", filepath.Join(current, "cgroup.subtree_control"))
+ // We enable the controllers for all the path components except the last one. It is not allowed to add
+ // PIDs if there are already enabled controllers.
+ if i < len(elements[3:])-1 {
+ if err := ioutil.WriteFile(filepath.Join(current, "cgroup.subtree_control"), resByte, 0755); err != nil {
+ return errors.Wrapf(err, "write %s", filepath.Join(current, "cgroup.subtree_control"))
+ }
}
}
return nil