aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@gmail.com>2018-10-17 10:45:58 -0400
committerMatthew Heon <matthew.heon@gmail.com>2018-10-17 10:45:58 -0400
commit4a60656dbb2f97398ca6c2956591ba3582753a8e (patch)
tree4f239eb33743c8cace79247f55fb461975567b45
parent604728d65dd0110b28c79acafc5b214886b3b484 (diff)
downloadpodman-4a60656dbb2f97398ca6c2956591ba3582753a8e.tar.gz
podman-4a60656dbb2f97398ca6c2956591ba3582753a8e.tar.bz2
podman-4a60656dbb2f97398ca6c2956591ba3582753a8e.zip
Fix CGroup paths used for systemd CGroup mount
We already have functions for retrieving the container's CGroup path, so use them instead of manually generating a path. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
-rw-r--r--libpod/container_internal_linux.go17
1 files changed, 14 insertions, 3 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 05604246f..9920efd55 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -189,7 +189,9 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
if c.config.Systemd {
- c.setupSystemd(g.Mounts(), g)
+ if err := c.setupSystemd(g.Mounts(), g); err != nil {
+ return nil, errors.Wrapf(err, "error adding systemd-specific mounts")
+ }
}
// Look up and add groups the user belongs to, if a group wasn't directly specified
@@ -300,7 +302,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
// systemd expects to have /run, /run/lock and /tmp on tmpfs
// It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
-func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) {
+func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error {
options := []string{"rw", "rprivate", "noexec", "nosuid", "nodev"}
for _, dest := range []string{"/run", "/run/lock"} {
if MountExists(mounts, dest) {
@@ -326,13 +328,22 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) {
}
g.AddMount(tmpfsMnt)
}
+
+ cgroupPath, err := c.CGroupPath()
+ if err != nil {
+ return err
+ }
+ sourcePath := filepath.Join("/sys/fs/cgroup/systemd", cgroupPath)
+
systemdMnt := spec.Mount{
Destination: "/sys/fs/cgroup/systemd",
Type: "bind",
- Source: fmt.Sprintf("/sys/fs/cgroup/systemd%s/libpod-%s", CgroupfsDefaultCgroupParent, c.ID()),
+ Source: sourcePath,
Options: []string{"bind", "private"},
}
g.AddMount(systemdMnt)
+
+ return nil
}
// Add an existing container's namespace to the spec