diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-01-12 16:52:38 +0100 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-01-12 21:07:24 +0100 |
commit | 8dc2464b03a1c4183e0a6264cbe3f99b2f65687f (patch) | |
tree | 273ea424bc897688d9a46bdd44562e8ca95c8c61 | |
parent | 3f0661639c3ef3b18e4437f00075352df0af6cee (diff) | |
download | podman-8dc2464b03a1c4183e0a6264cbe3f99b2f65687f.tar.gz podman-8dc2464b03a1c4183e0a6264cbe3f99b2f65687f.tar.bz2 podman-8dc2464b03a1c4183e0a6264cbe3f99b2f65687f.zip |
libpod: refine check for empty pod cgroup
rootless containers do not use cgroups on cgroupv1 or if using
cgroupfs, so improve the check to account for such configuration.
Closes: https://github.com/containers/podman/issues/10800
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2028243
[NO NEW TESTS NEEDED] it requires rebooting and the rundir on a non
tmpfs file system.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r-- | libpod/container_internal_linux.go | 18 | ||||
-rw-r--r-- | libpod/runtime_ctr.go | 6 |
2 files changed, 23 insertions, 1 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 28d961e4b..b814021e8 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2728,6 +2728,24 @@ func isRootlessCgroupSet(cgroup string) bool { return cgroup != CgroupfsDefaultCgroupParent && filepath.Dir(cgroup) != CgroupfsDefaultCgroupParent } +func (c *Container) expectPodCgroup() (bool, error) { + unified, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return false, err + } + cgroupManager := c.CgroupManager() + switch { + case c.config.NoCgroups: + return false, nil + case cgroupManager == config.SystemdCgroupsManager: + return !rootless.IsRootless() || unified, nil + case cgroupManager == config.CgroupfsCgroupsManager: + return !rootless.IsRootless(), nil + default: + return false, errors.Wrapf(define.ErrInvalidArg, "invalid cgroup mode %s requested for pods", cgroupManager) + } +} + // Get cgroup path in a format suitable for the OCI spec func (c *Container) getOCICgroupPath() (string, error) { unified, err := cgroups.IsCgroup2UnifiedMode() diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 53ccb9139..9e494690f 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -356,7 +356,11 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai if err != nil { return nil, errors.Wrapf(err, "error retrieving pod %s cgroup", pod.ID()) } - if podCgroup == "" { + expectPodCgroup, err := ctr.expectPodCgroup() + if err != nil { + return nil, err + } + if expectPodCgroup && podCgroup == "" { return nil, errors.Wrapf(define.ErrInternal, "pod %s cgroup is not set", pod.ID()) } canUseCgroup := !rootless.IsRootless() || isRootlessCgroupSet(podCgroup) |