diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-09-09 11:12:45 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-09-12 08:35:27 +0200 |
commit | 7e88bf7fd0207783e8feecb7ec7206df96897f4e (patch) | |
tree | 3320d4a4f8b4816ffb57ddbb00664187299dba79 | |
parent | afd0818326aa37f03a3bc74f0269a06a403db16d (diff) | |
download | podman-7e88bf7fd0207783e8feecb7ec7206df96897f4e.tar.gz podman-7e88bf7fd0207783e8feecb7ec7206df96897f4e.tar.bz2 podman-7e88bf7fd0207783e8feecb7ec7206df96897f4e.zip |
rootless: run pause process in its own scope
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r-- | cmd/podman/main_local.go | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/cmd/podman/main_local.go b/cmd/podman/main_local.go index 56874baad..cad256615 100644 --- a/cmd/podman/main_local.go +++ b/cmd/podman/main_local.go @@ -6,9 +6,11 @@ package main import ( "context" "fmt" + "io/ioutil" "log/syslog" "os" "runtime/pprof" + "strconv" "strings" "syscall" @@ -121,6 +123,24 @@ func profileOff(cmd *cobra.Command) error { return nil } +func movePauseProcessToScope() error { + pausePidPath, err := util.GetRootlessPauseProcessPidPath() + if err != nil { + return errors.Wrapf(err, "could not get pause process pid file path") + } + + data, err := ioutil.ReadFile(pausePidPath) + if err != nil { + return errors.Wrapf(err, "cannot read pause pid file") + } + pid, err := strconv.ParseUint(string(data), 10, 0) + if err != nil { + return errors.Wrapf(err, "cannot parse pid file %s", pausePidPath) + } + + return utils.RunUnderSystemdScope(int(pid), "user.slice", "podman-pause.scope") +} + func setupRootless(cmd *cobra.Command, args []string) error { if !rootless.IsRootless() { return nil @@ -206,6 +226,17 @@ func setupRootless(cmd *cobra.Command, args []string) error { } became, ret, err := rootless.TryJoinFromFilePaths(pausePidPath, true, paths) + if err := movePauseProcessToScope(); err != nil { + conf, err := runtime.GetConfig() + if err != nil { + return err + } + if conf.CgroupManager == libpod.SystemdCgroupsManager { + logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } else { + logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } + } if err != nil { logrus.Errorf(err.Error()) os.Exit(1) |