diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2021-05-05 21:58:35 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2021-05-06 08:33:28 +0200 |
| commit | 27ac750c7d949fc5922c4a11bf3e8e4606dd2a04 (patch) | |
| tree | fe8f1fcc13f76c89e812dd6991ad64556991a2a7 /libpod/runtime_pod_linux.go | |
| parent | 9b9bd9e0e7b72c91d8e60103e8da7999cefbc63d (diff) | |
| download | podman-27ac750c7d949fc5922c4a11bf3e8e4606dd2a04.tar.gz podman-27ac750c7d949fc5922c4a11bf3e8e4606dd2a04.tar.bz2 podman-27ac750c7d949fc5922c4a11bf3e8e4606dd2a04.zip | |
cgroup: fix rootless --cgroup-parent with pods
extend to pods the existing check whether the cgroup is usable when
running as rootless with cgroupfs.
commit 17ce567c6827abdcd517699bc07e82ccf48f7619 introduced the
regression.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod/runtime_pod_linux.go')
| -rw-r--r-- | libpod/runtime_pod_linux.go | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index cf48a9453..4ede23cac 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -75,17 +75,20 @@ func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (_ *Po // Check CGroup parent sanity, and set it if it was not set switch r.config.Engine.CgroupManager { case config.CgroupfsCgroupsManager: - if pod.config.CgroupParent == "" { - pod.config.CgroupParent = CgroupfsDefaultCgroupParent - } else if strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") { - return nil, errors.Wrapf(define.ErrInvalidArg, "systemd slice received as cgroup parent when using cgroupfs") - } - // If we are set to use pod cgroups, set the cgroup parent that - // all containers in the pod will share - // No need to create it with cgroupfs - the first container to - // launch should do it for us - if pod.config.UsePodCgroup { - pod.state.CgroupPath = filepath.Join(pod.config.CgroupParent, pod.ID()) + canUseCgroup := !rootless.IsRootless() || isRootlessCgroupSet(pod.config.CgroupParent) + if canUseCgroup { + if pod.config.CgroupParent == "" { + pod.config.CgroupParent = CgroupfsDefaultCgroupParent + } else if strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") { + return nil, errors.Wrapf(define.ErrInvalidArg, "systemd slice received as cgroup parent when using cgroupfs") + } + // If we are set to use pod cgroups, set the cgroup parent that + // all containers in the pod will share + // No need to create it with cgroupfs - the first container to + // launch should do it for us + if pod.config.UsePodCgroup { + pod.state.CgroupPath = filepath.Join(pod.config.CgroupParent, pod.ID()) + } } case config.SystemdCgroupsManager: if pod.config.CgroupParent == "" { |