diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-05-23 18:13:21 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-05-25 13:47:58 +0200 |
commit | 30ef6ba125536077923f19ed079b321f264ede99 (patch) | |
tree | bd6f123b5221a1f862f9a77d8dc5851ea8517541 | |
parent | ee11f3bce960cf2eeff0bf9b410c752bbc6af89f (diff) | |
download | podman-30ef6ba125536077923f19ed079b321f264ede99.tar.gz podman-30ef6ba125536077923f19ed079b321f264ede99.tar.bz2 podman-30ef6ba125536077923f19ed079b321f264ede99.zip |
rootless: enable loginctl linger
otherwise the processes we leave around will be killed once the
session terminates.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r-- | pkg/rootless/rootless_linux.go | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 27d64d1fc..3743911b8 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -194,10 +194,24 @@ func getUserNSFirstChild(fd uintptr) (*os.File, error) { } } +func enableLinger(pausePid string) { + if pausePid == "" { + return + } + // If we are trying to write a pause pid file, make sure we can leave processes + // running longer than the user session. + err := exec.Command("loginctl", "enable-linger", fmt.Sprintf("%d", GetRootlessUID())).Run() + if err != nil { + logrus.Warnf("cannot run `loginctl enable-linger` for the current user: %v", err) + } +} + // JoinUserAndMountNS re-exec podman in a new userNS and join the user and mount // namespace of the specified PID without looking up its parent. Useful to join directly // the conmon process. func JoinUserAndMountNS(pid uint, pausePid string) (bool, int, error) { + enableLinger(pausePid) + if os.Geteuid() == 0 || os.Getenv("_CONTAINERS_USERNS_CONFIGURED") != "" { return false, -1, nil } @@ -388,6 +402,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, // If podman was re-executed the caller needs to propagate the error code returned by the child // process. func BecomeRootInUserNS(pausePid string) (bool, int, error) { + enableLinger(pausePid) return becomeRootInUserNS(pausePid, "", nil) } |