summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorbaude <bbaude@redhat.com>2020-11-04 11:50:18 -0600
committerbaude <bbaude@redhat.com>2020-11-05 12:27:48 -0600
commit71a46764041da966805dfb40cc0f2a89a2848307 (patch)
treeb4da4aef409c37f5f183013175e3bea91b4f3cbf /cmd/podman
parent4d013caffcb0088e589ab65bc01208d53a71f922 (diff)
downloadpodman-71a46764041da966805dfb40cc0f2a89a2848307.tar.gz
podman-71a46764041da966805dfb40cc0f2a89a2848307.tar.bz2
podman-71a46764041da966805dfb40cc0f2a89a2848307.zip
rootless container creation settings
when running container creation as rootless on the compatibility layer, we need to make sure settings are not being done for memory and memory swappiness. Signed-off-by: baude <bbaude@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/common/create_opts.go41
1 files changed, 28 insertions, 13 deletions
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index 05bb9de13..8b2efc988 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -7,7 +7,9 @@ import (
"strings"
"github.com/containers/podman/v2/pkg/api/handlers"
+ "github.com/containers/podman/v2/pkg/cgroups"
"github.com/containers/podman/v2/pkg/domain/entities"
+ "github.com/containers/podman/v2/pkg/rootless"
"github.com/containers/podman/v2/pkg/specgen"
)
@@ -129,7 +131,7 @@ func stringMaptoArray(m map[string]string) []string {
// ContainerCreateToContainerCLIOpts converts a compat input struct to cliopts so it can be converted to
// a specgen spec.
-func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig) (*ContainerCLIOpts, []string, error) {
+func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, cgroupsManager string) (*ContainerCLIOpts, []string, error) {
var (
capAdd []string
cappDrop []string
@@ -346,16 +348,23 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig) (*Cont
Systemd: "true", // podman default
TmpFS: stringMaptoArray(cc.HostConfig.Tmpfs),
TTY: cc.Config.Tty,
- //Ulimit: cc.HostConfig.Ulimits, // ask dan, no documented format
- Ulimit: []string{"nproc=4194304:4194304"},
- User: cc.Config.User,
- UserNS: string(cc.HostConfig.UsernsMode),
- UTS: string(cc.HostConfig.UTSMode),
- Mount: mounts,
- Volume: volumes,
- VolumesFrom: cc.HostConfig.VolumesFrom,
- Workdir: cc.Config.WorkingDir,
- Net: &netInfo,
+ User: cc.Config.User,
+ UserNS: string(cc.HostConfig.UsernsMode),
+ UTS: string(cc.HostConfig.UTSMode),
+ Mount: mounts,
+ Volume: volumes,
+ VolumesFrom: cc.HostConfig.VolumesFrom,
+ Workdir: cc.Config.WorkingDir,
+ Net: &netInfo,
+ }
+ if !rootless.IsRootless() {
+ var ulimits []string
+ if len(cc.HostConfig.Ulimits) > 0 {
+ for _, ul := range cc.HostConfig.Ulimits {
+ ulimits = append(ulimits, ul.String())
+ }
+ cliOpts.Ulimit = ulimits
+ }
}
if len(cc.HostConfig.BlkioWeightDevice) > 0 {
@@ -377,7 +386,11 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig) (*Cont
cliOpts.MemoryReservation = strconv.Itoa(int(cc.HostConfig.MemoryReservation))
}
- if cc.HostConfig.MemorySwap > 0 {
+ cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
+ if err != nil {
+ return nil, nil, err
+ }
+ if cc.HostConfig.MemorySwap > 0 && (!rootless.IsRootless() || (rootless.IsRootless() && cgroupsv2)) {
cliOpts.MemorySwap = strconv.Itoa(int(cc.HostConfig.MemorySwap))
}
@@ -401,8 +414,10 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig) (*Cont
cliOpts.Restart = policy
}
- if cc.HostConfig.MemorySwappiness != nil {
+ if cc.HostConfig.MemorySwappiness != nil && (!rootless.IsRootless() || rootless.IsRootless() && cgroupsv2 && cgroupsManager == "systemd") {
cliOpts.MemorySwappiness = *cc.HostConfig.MemorySwappiness
+ } else {
+ cliOpts.MemorySwappiness = -1
}
if cc.HostConfig.OomKillDisable != nil {
cliOpts.OOMKillDisable = *cc.HostConfig.OomKillDisable