summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2020-01-14 15:05:12 +0100
committerGiuseppe Scrivano <gscrivan@redhat.com>2020-01-16 18:56:51 +0100
commitba0a6f34e349bfb5cf70cb2062522e6af1b9578c (patch)
treeb74d4b895ac5b39d4b1f6448aab2fd8c7ac7dbcc /libpod
parent30245affe9881fdedc869ccb68faa3e2f5fb9366 (diff)
downloadpodman-ba0a6f34e349bfb5cf70cb2062522e6af1b9578c.tar.gz
podman-ba0a6f34e349bfb5cf70cb2062522e6af1b9578c.tar.bz2
podman-ba0a6f34e349bfb5cf70cb2062522e6af1b9578c.zip
podman: add new option --cgroups=no-conmon
it allows to disable cgroups creation only for the conmon process. A new cgroup is created for the container payload. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container.go5
-rw-r--r--libpod/oci_conmon_linux.go8
-rw-r--r--libpod/options.go21
3 files changed, 22 insertions, 12 deletions
diff --git a/libpod/container.go b/libpod/container.go
index b3cb6334a..f29cebf20 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -373,8 +373,11 @@ type ContainerConfig struct {
// Time container was created
CreatedTime time.Time `json:"createdTime"`
// NoCgroups indicates that the container will not create CGroups. It is
- // incompatible with CgroupParent.
+ // incompatible with CgroupParent. Deprecated in favor of CgroupsMode.
NoCgroups bool `json:"noCgroups,omitempty"`
+ // CgroupsMode indicates how the container will create cgroups
+ // (disabled, no-conmon, enabled). It supersedes NoCgroups.
+ CgroupsMode string `json:"cgroupsMode,omitempty"`
// Cgroup parent of the container
CgroupParent string `json:"cgroupParent"`
// LogPath log location
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 5ab0e73c4..7c7ec8b2c 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1297,11 +1297,17 @@ func startCommandGivenSelinux(cmd *exec.Cmd) error {
// it then signals for conmon to start by sending nonse data down the start fd
func (r *ConmonOCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec.Cmd, startFd *os.File) error {
mustCreateCgroup := true
- // If cgroup creation is disabled - just signal.
+
if ctr.config.NoCgroups {
mustCreateCgroup = false
}
+ // If cgroup creation is disabled - just signal.
+ switch ctr.config.CgroupsMode {
+ case "disabled", "no-conmon":
+ mustCreateCgroup = false
+ }
+
if mustCreateCgroup {
cgroupParent := ctr.CgroupParent()
if r.cgroupManager == define.SystemdCgroupsManager {
diff --git a/libpod/options.go b/libpod/options.go
index 8bc5a541d..593037382 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1078,25 +1078,26 @@ func WithLogTag(tag string) CtrCreateOption {
}
-// WithNoCgroups disables the creation of CGroups for the new container.
-func WithNoCgroups() CtrCreateOption {
+// WithCgroupsMode disables the creation of CGroups for the conmon process.
+func WithCgroupsMode(mode string) CtrCreateOption {
return func(ctr *Container) error {
if ctr.valid {
return define.ErrCtrFinalized
}
- if ctr.config.CgroupParent != "" {
- return errors.Wrapf(define.ErrInvalidArg, "NoCgroups conflicts with CgroupParent")
- }
-
- if ctr.config.PIDNsCtr != "" {
- return errors.Wrapf(define.ErrInvalidArg, "NoCgroups requires a private PID namespace and cannot be used when PID namespace is shared with another container")
+ switch mode {
+ case "disabled":
+ ctr.config.NoCgroups = true
+ ctr.config.CgroupsMode = mode
+ case "enabled", "no-conmon":
+ ctr.config.CgroupsMode = mode
+ default:
+ return errors.Wrapf(define.ErrInvalidArg, "Invalid cgroup mode %q", mode)
}
- ctr.config.NoCgroups = true
-
return nil
}
+
}
// WithCgroupParent sets the Cgroup Parent of the new container.