summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2022-01-28 11:16:10 -0500
committerGitHub <noreply@github.com>2022-01-28 11:16:10 -0500
commitc2f4747fea508a6c6b0fdbf7a51eb6c80ba57f02 (patch)
treec51650b1aee686574c09f6185d89eb377a58bcc2
parent1b544b74247e538a2cda7bd476cb340cf8f57b81 (diff)
parent6f2b027b381192b9f5eb0e28e0fa8f36195d0e85 (diff)
downloadpodman-c2f4747fea508a6c6b0fdbf7a51eb6c80ba57f02.tar.gz
podman-c2f4747fea508a6c6b0fdbf7a51eb6c80ba57f02.tar.bz2
podman-c2f4747fea508a6c6b0fdbf7a51eb6c80ba57f02.zip
Merge pull request #13061 from flouthoc/podman-vm-delegate-subsystem
ignition, machine: delegate `cpu,io,memory,pid cgroup controllers` to machine's non-root users.
-rw-r--r--pkg/machine/ignition.go22
1 files changed, 22 insertions, 0 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index ca6abd48c..206c9144f 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -248,6 +248,10 @@ netns="bridge"
machine_enabled=true
`
+ delegateConf := `[Service]
+Delegate=memory pids cpu io
+`
+
// Add a fake systemd service to get the user socket rolling
files = append(files, File{
Node: Node{
@@ -280,6 +284,24 @@ machine_enabled=true
Mode: intToPtr(0744),
},
})
+
+ // Set delegate.conf so cpu,io subsystem is delegated to non-root users as well for cgroupv2
+ // by default
+ files = append(files, File{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: "/etc/systemd/system/user@.service.d/delegate.conf",
+ User: getNodeUsr("root"),
+ },
+ FileEmbedded1: FileEmbedded1{
+ Append: nil,
+ Contents: Resource{
+ Source: encodeDataURLPtr(delegateConf),
+ },
+ Mode: intToPtr(0644),
+ },
+ })
+
// Add a file into linger
files = append(files, File{
Node: Node{