diff options
| author | Charlie Doern <cdoern@redhat.com> | 2022-06-28 16:32:17 -0400 |
|---|---|---|
| committer | Charlie Doern <cdoern@redhat.com> | 2022-06-28 16:35:09 -0400 |
| commit | 7f994a80de4e416fdfc347737ba9a65b056555c4 (patch) | |
| tree | ddba38658b9c7b1727507f5c5ee1210365e9ce17 /libpod | |
| parent | 653e87dd4c6103e91724e5aa6afa4c78c2ae1922 (diff) | |
| download | podman-7f994a80de4e416fdfc347737ba9a65b056555c4.tar.gz podman-7f994a80de4e416fdfc347737ba9a65b056555c4.tar.bz2 podman-7f994a80de4e416fdfc347737ba9a65b056555c4.zip | |
only create crgoup when not rootless if using cgroupfs
[NO NEW TESTS NEEDED] now that podman's cgroup config tries to initialize controllers, cgroupfs errors out on pod creation
we need to mimic the behavior that used to exist and only create the cgroup when running as rootful
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/runtime_pod_linux.go | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index 00017ca21..1f9ebe724 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -78,21 +78,24 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option pod.state.CgroupPath = filepath.Join(pod.config.CgroupParent, pod.ID()) if p.InfraContainerSpec != nil { p.InfraContainerSpec.CgroupParent = pod.state.CgroupPath - res, err := GetLimits(p.InfraContainerSpec.ResourceLimits) - if err != nil { - return nil, err - } - // Need to both create and update the cgroup - // rather than create a new path in c/common for pod cgroup creation - // just create as if it is a ctr and then update figures out that we need to - // populate the resource limits on the pod level - cgc, err := cgroups.New(pod.state.CgroupPath, &res) - if err != nil { - return nil, err - } - err = cgc.Update(&res) - if err != nil { - return nil, err + // cgroupfs + rootless = permission denied when creating the cgroup. + if !rootless.IsRootless() { + res, err := GetLimits(p.InfraContainerSpec.ResourceLimits) + if err != nil { + return nil, err + } + // Need to both create and update the cgroup + // rather than create a new path in c/common for pod cgroup creation + // just create as if it is a ctr and then update figures out that we need to + // populate the resource limits on the pod level + cgc, err := cgroups.New(pod.state.CgroupPath, &res) + if err != nil { + return nil, err + } + err = cgc.Update(&res) + if err != nil { + return nil, err + } } } } |