aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCharlie Doern <cdoern@redhat.com>2022-06-28 16:32:17 -0400
committerCharlie Doern <cdoern@redhat.com>2022-06-28 16:35:09 -0400
commit7f994a80de4e416fdfc347737ba9a65b056555c4 (patch)
treeddba38658b9c7b1727507f5c5ee1210365e9ce17
parent653e87dd4c6103e91724e5aa6afa4c78c2ae1922 (diff)
downloadpodman-7f994a80de4e416fdfc347737ba9a65b056555c4.tar.gz
podman-7f994a80de4e416fdfc347737ba9a65b056555c4.tar.bz2
podman-7f994a80de4e416fdfc347737ba9a65b056555c4.zip
only create crgoup when not rootless if using cgroupfs
[NO NEW TESTS NEEDED] now that podman's cgroup config tries to initialize controllers, cgroupfs errors out on pod creation we need to mimic the behavior that used to exist and only create the cgroup when running as rootful Signed-off-by: Charlie Doern <cdoern@redhat.com>
-rw-r--r--libpod/runtime_pod_linux.go33
1 files changed, 18 insertions, 15 deletions
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index 00017ca21..1f9ebe724 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -78,21 +78,24 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option
pod.state.CgroupPath = filepath.Join(pod.config.CgroupParent, pod.ID())
if p.InfraContainerSpec != nil {
p.InfraContainerSpec.CgroupParent = pod.state.CgroupPath
- res, err := GetLimits(p.InfraContainerSpec.ResourceLimits)
- if err != nil {
- return nil, err
- }
- // Need to both create and update the cgroup
- // rather than create a new path in c/common for pod cgroup creation
- // just create as if it is a ctr and then update figures out that we need to
- // populate the resource limits on the pod level
- cgc, err := cgroups.New(pod.state.CgroupPath, &res)
- if err != nil {
- return nil, err
- }
- err = cgc.Update(&res)
- if err != nil {
- return nil, err
+ // cgroupfs + rootless = permission denied when creating the cgroup.
+ if !rootless.IsRootless() {
+ res, err := GetLimits(p.InfraContainerSpec.ResourceLimits)
+ if err != nil {
+ return nil, err
+ }
+ // Need to both create and update the cgroup
+ // rather than create a new path in c/common for pod cgroup creation
+ // just create as if it is a ctr and then update figures out that we need to
+ // populate the resource limits on the pod level
+ cgc, err := cgroups.New(pod.state.CgroupPath, &res)
+ if err != nil {
+ return nil, err
+ }
+ err = cgc.Update(&res)
+ if err != nil {
+ return nil, err
+ }
}
}
}