diff options
author | Matthew Heon <matthew.heon@gmail.com> | 2018-10-17 11:29:03 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-17 11:29:03 -0400 |
commit | 4ad290426164e73242328f6ce4a065ff1121c333 (patch) | |
tree | 4f239eb33743c8cace79247f55fb461975567b45 /libpod/container_internal_linux.go | |
parent | 604728d65dd0110b28c79acafc5b214886b3b484 (diff) | |
parent | 4a60656dbb2f97398ca6c2956591ba3582753a8e (diff) | |
download | podman-4ad290426164e73242328f6ce4a065ff1121c333.tar.gz podman-4ad290426164e73242328f6ce4a065ff1121c333.tar.bz2 podman-4ad290426164e73242328f6ce4a065ff1121c333.zip |
Merge pull request #1667 from mheon/fix_systemd_cgroup_path
Fix CGroup paths used for systemd CGroup mount
Diffstat (limited to 'libpod/container_internal_linux.go')
-rw-r--r-- | libpod/container_internal_linux.go | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 05604246f..9920efd55 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -189,7 +189,9 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } if c.config.Systemd { - c.setupSystemd(g.Mounts(), g) + if err := c.setupSystemd(g.Mounts(), g); err != nil { + return nil, errors.Wrapf(err, "error adding systemd-specific mounts") + } } // Look up and add groups the user belongs to, if a group wasn't directly specified @@ -300,7 +302,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { // systemd expects to have /run, /run/lock and /tmp on tmpfs // It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal -func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) { +func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error { options := []string{"rw", "rprivate", "noexec", "nosuid", "nodev"} for _, dest := range []string{"/run", "/run/lock"} { if MountExists(mounts, dest) { @@ -326,13 +328,22 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) { } g.AddMount(tmpfsMnt) } + + cgroupPath, err := c.CGroupPath() + if err != nil { + return err + } + sourcePath := filepath.Join("/sys/fs/cgroup/systemd", cgroupPath) + systemdMnt := spec.Mount{ Destination: "/sys/fs/cgroup/systemd", Type: "bind", - Source: fmt.Sprintf("/sys/fs/cgroup/systemd%s/libpod-%s", CgroupfsDefaultCgroupParent, c.ID()), + Source: sourcePath, Options: []string{"bind", "private"}, } g.AddMount(systemdMnt) + + return nil } // Add an existing container's namespace to the spec |