summaryrefslogtreecommitdiff
path: root/libpod/container_internal_linux.go
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-09-12 14:33:10 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-09-12 14:33:26 +0200
commita249c98db8269186a2a5eec7e209979940ee77ef (patch)
tree445809b08b0fa42235124078167571bb073bf25d /libpod/container_internal_linux.go
parent57e093b3aedfdc3fbed50d625b288388fe6e5b1f (diff)
downloadpodman-a249c98db8269186a2a5eec7e209979940ee77ef.tar.gz
podman-a249c98db8269186a2a5eec7e209979940ee77ef.tar.bz2
podman-a249c98db8269186a2a5eec7e209979940ee77ef.zip
linux: fix systemd with --cgroupns=private
When --cgroupns=private is used we need to mount a new cgroup file system so that it points to the correct namespace. Needs: https://github.com/containers/crun/pull/88 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod/container_internal_linux.go')
-rw-r--r--libpod/container_internal_linux.go29
1 files changed, 23 insertions, 6 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 9f16389e6..4bbbef5db 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -491,12 +491,29 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
if unified {
g.RemoveMount("/sys/fs/cgroup")
- sourcePath := filepath.Join("/sys/fs/cgroup")
- systemdMnt := spec.Mount{
- Destination: "/sys/fs/cgroup",
- Type: "bind",
- Source: sourcePath,
- Options: []string{"bind", "private", "rw"},
+ hasCgroupNs := false
+ for _, ns := range c.config.Spec.Linux.Namespaces {
+ if ns.Type == spec.CgroupNamespace {
+ hasCgroupNs = true
+ break
+ }
+ }
+
+ var systemdMnt spec.Mount
+ if hasCgroupNs {
+ systemdMnt = spec.Mount{
+ Destination: "/sys/fs/cgroup",
+ Type: "cgroup",
+ Source: "cgroup",
+ Options: []string{"private", "rw"},
+ }
+ } else {
+ systemdMnt = spec.Mount{
+ Destination: "/sys/fs/cgroup",
+ Type: "bind",
+ Source: "/sys/fs/cgroup",
+ Options: []string{"bind", "private", "rw"},
+ }
}
g.AddMount(systemdMnt)
} else {