summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2022-07-12 11:12:27 +0200
committerMatthew Heon <matthew.heon@pm.me>2022-07-26 13:08:19 -0400
commit35dc17bfe619444471317d067325d6f92752dc8f (patch)
tree52674b409dc779b7c8970152b811d435717dcc35
parent7b4ebfa657d605d0767be7ccb2607c923ce4311f (diff)
downloadpodman-35dc17bfe619444471317d067325d6f92752dc8f.tar.gz
podman-35dc17bfe619444471317d067325d6f92752dc8f.tar.bz2
podman-35dc17bfe619444471317d067325d6f92752dc8f.zip
abi: create new cgroup when running in a container
if podman is running in the root cgroup, it will create a new subcgroup and move itself there. [NO NEW TESTS NEEDED] it needs nested podman Closes: https://github.com/containers/podman/issues/14884 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--pkg/domain/infra/abi/system.go13
1 files changed, 12 insertions, 1 deletions
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index eed80dd79..3389abd88 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -67,6 +67,18 @@ func (ic *ContainerEngine) Info(ctx context.Context) (*define.Info, error) {
}
func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) error {
+ runsUnderSystemd := utils.RunsOnSystemd()
+ if !runsUnderSystemd {
+ isPid1 := os.Getpid() == 1
+ if _, found := os.LookupEnv("container"); isPid1 || found {
+ if err := utils.MaybeMoveToSubCgroup(); err != nil {
+ // it is a best effort operation, so just print the
+ // error for debugging purposes.
+ logrus.Debugf("Could not move to subcgroup: %v", err)
+ }
+ }
+ }
+
if !rootless.IsRootless() {
return nil
}
@@ -86,7 +98,6 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool)
if err != nil {
return err
}
- runsUnderSystemd := utils.RunsOnSystemd()
unitName := fmt.Sprintf("podman-%d.scope", os.Getpid())
if runsUnderSystemd || conf.Engine.CgroupManager == config.SystemdCgroupsManager {
if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil {