rootless: don't use kill --all

The OCI runtime might use the cgroups to see what PIDs
are inside the container, but that doesn't work with rootless
containers.

Closes: https://github.com/containers/libpod/issues/1337

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #1331
Approved by: rhatdan

2 files changed, 15 insertions, 1 deletions

diff --git a/libpod/oci.go b/libpod/oci.go
index 4f0fbe8e9..240f53885 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -591,7 +591,17 @@ func (r *OCIRuntime) stopContainer(ctr *Container, timeout uint) error {
 		}
 	}
 
-	if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.path, "kill", "--all", ctr.ID(), "KILL"); err != nil {
+	var args []string
+	if rootless.IsRootless() {
+		// we don't use --all for rootless containers as the OCI runtime might use
+		// the cgroups to determine the PIDs, but for rootless containers there is
+		// not any.
+		args = []string{"kill", ctr.ID(), "KILL"}
+	} else {
+		args = []string{"kill", "--all", ctr.ID(), "KILL"}
+	}
+
+	if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.path, args...); err != nil {
 		// Again, check if the container is gone. If it is, exit cleanly.
 		err := unix.Kill(ctr.state.PID, 0)
 		if err == unix.ESRCH {
diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go
index 195f403e1..255aaae41 100644
--- a/test/e2e/rootless_test.go
+++ b/test/e2e/rootless_test.go
@@ -117,6 +117,10 @@ var _ = Describe("Podman rootless", func() {
 			Expect(cmd.ExitCode()).To(Equal(0))
 			Expect(cmd.LineInOutputContains("hello")).To(BeTrue())
 
+			cmd = podmanTest.PodmanAsUser([]string{"rm", "-l", "-f"}, 1000, 1000, env)
+			cmd.WaitWithDefaultTimeout()
+			Expect(cmd.ExitCode()).To(Equal(0))
+
 			allArgs = append([]string{"run", "-d"}, args...)
 			allArgs = append(allArgs, "--security-opt", "seccomp=unconfined", "--rootfs", mountPath, "unshare", "-r", "unshare", "-r", "top")
 			cmd = podmanTest.PodmanAsUser(allArgs, 1000, 1000, env)