aboutsummaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-09-09 11:12:45 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-09-12 08:35:27 +0200
commit7e88bf7fd0207783e8feecb7ec7206df96897f4e (patch)
tree3320d4a4f8b4816ffb57ddbb00664187299dba79 /cmd/podman
parentafd0818326aa37f03a3bc74f0269a06a403db16d (diff)
downloadpodman-7e88bf7fd0207783e8feecb7ec7206df96897f4e.tar.gz
podman-7e88bf7fd0207783e8feecb7ec7206df96897f4e.tar.bz2
podman-7e88bf7fd0207783e8feecb7ec7206df96897f4e.zip
rootless: run pause process in its own scope
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/main_local.go31
1 files changed, 31 insertions, 0 deletions
diff --git a/cmd/podman/main_local.go b/cmd/podman/main_local.go
index 56874baad..cad256615 100644
--- a/cmd/podman/main_local.go
+++ b/cmd/podman/main_local.go
@@ -6,9 +6,11 @@ package main
import (
"context"
"fmt"
+ "io/ioutil"
"log/syslog"
"os"
"runtime/pprof"
+ "strconv"
"strings"
"syscall"
@@ -121,6 +123,24 @@ func profileOff(cmd *cobra.Command) error {
return nil
}
+func movePauseProcessToScope() error {
+ pausePidPath, err := util.GetRootlessPauseProcessPidPath()
+ if err != nil {
+ return errors.Wrapf(err, "could not get pause process pid file path")
+ }
+
+ data, err := ioutil.ReadFile(pausePidPath)
+ if err != nil {
+ return errors.Wrapf(err, "cannot read pause pid file")
+ }
+ pid, err := strconv.ParseUint(string(data), 10, 0)
+ if err != nil {
+ return errors.Wrapf(err, "cannot parse pid file %s", pausePidPath)
+ }
+
+ return utils.RunUnderSystemdScope(int(pid), "user.slice", "podman-pause.scope")
+}
+
func setupRootless(cmd *cobra.Command, args []string) error {
if !rootless.IsRootless() {
return nil
@@ -206,6 +226,17 @@ func setupRootless(cmd *cobra.Command, args []string) error {
}
became, ret, err := rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
+ if err := movePauseProcessToScope(); err != nil {
+ conf, err := runtime.GetConfig()
+ if err != nil {
+ return err
+ }
+ if conf.CgroupManager == libpod.SystemdCgroupsManager {
+ logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err)
+ } else {
+ logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err)
+ }
+ }
if err != nil {
logrus.Errorf(err.Error())
os.Exit(1)