summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2021-04-29 21:08:23 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2021-05-03 12:36:03 +0200
commit17ce567c6827abdcd517699bc07e82ccf48f7619 (patch)
tree0bcf14d977e933bac1b3a310b13563d16ed8b47e /libpod
parent98a84ff34e2f93d50ef4fb41ae127a07bcf5bf42 (diff)
downloadpodman-17ce567c6827abdcd517699bc07e82ccf48f7619.tar.gz
podman-17ce567c6827abdcd517699bc07e82ccf48f7619.tar.bz2
podman-17ce567c6827abdcd517699bc07e82ccf48f7619.zip
cgroup: always honor --cgroup-parent with cgroupfs
if --cgroup-parent is specified, always honor it without doing any detection whether cgroups are supported or not. Closes: https://github.com/containers/podman/issues/10173 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_internal_linux.go13
-rw-r--r--libpod/runtime_ctr.go2
2 files changed, 13 insertions, 2 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index f4762b5ff..f6045f881 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2224,8 +2224,19 @@ func (c *Container) getOCICgroupPath() (string, error) {
}
cgroupManager := c.CgroupManager()
switch {
- case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)) || c.config.NoCgroups:
+ case c.config.NoCgroups:
return "", nil
+ case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)):
+ if c.config.CgroupParent == CgroupfsDefaultCgroupParent {
+ // old versions of podman were setting the CgroupParent to CgroupfsDefaultCgroupParent
+ // by default. Avoid breaking these versions and check whether the cgroup parent is
+ // set to the default and in this case enable the old behavior. It should not be a real
+ // problem because the default CgroupParent is usually owned by root so rootless users
+ // cannot access it.
+ // This check might be lifted in a future version of Podman.
+ return "", nil
+ }
+ return c.config.CgroupParent, nil
case c.config.CgroupsMode == cgroupSplit:
if c.config.CgroupParent != "" {
return c.config.CgroupParent, nil
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 0acf88cbc..328f47c12 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -296,7 +296,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
return nil, errors.Wrapf(define.ErrInternal, "pod %s cgroup is not set", pod.ID())
}
ctr.config.CgroupParent = podCgroup
- } else {
+ } else if !rootless.IsRootless() {
ctr.config.CgroupParent = CgroupfsDefaultCgroupParent
}
} else if strings.HasSuffix(path.Base(ctr.config.CgroupParent), ".slice") {