diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-09-12 14:33:10 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-09-12 14:33:26 +0200 |
commit | a249c98db8269186a2a5eec7e209979940ee77ef (patch) | |
tree | 445809b08b0fa42235124078167571bb073bf25d /libpod | |
parent | 57e093b3aedfdc3fbed50d625b288388fe6e5b1f (diff) | |
download | podman-a249c98db8269186a2a5eec7e209979940ee77ef.tar.gz podman-a249c98db8269186a2a5eec7e209979940ee77ef.tar.bz2 podman-a249c98db8269186a2a5eec7e209979940ee77ef.zip |
linux: fix systemd with --cgroupns=private
When --cgroupns=private is used we need to mount a new cgroup file
system so that it points to the correct namespace.
Needs: https://github.com/containers/crun/pull/88
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/container_internal_linux.go | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 9f16389e6..4bbbef5db 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -491,12 +491,29 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro if unified { g.RemoveMount("/sys/fs/cgroup") - sourcePath := filepath.Join("/sys/fs/cgroup") - systemdMnt := spec.Mount{ - Destination: "/sys/fs/cgroup", - Type: "bind", - Source: sourcePath, - Options: []string{"bind", "private", "rw"}, + hasCgroupNs := false + for _, ns := range c.config.Spec.Linux.Namespaces { + if ns.Type == spec.CgroupNamespace { + hasCgroupNs = true + break + } + } + + var systemdMnt spec.Mount + if hasCgroupNs { + systemdMnt = spec.Mount{ + Destination: "/sys/fs/cgroup", + Type: "cgroup", + Source: "cgroup", + Options: []string{"private", "rw"}, + } + } else { + systemdMnt = spec.Mount{ + Destination: "/sys/fs/cgroup", + Type: "bind", + Source: "/sys/fs/cgroup", + Options: []string{"bind", "private", "rw"}, + } } g.AddMount(systemdMnt) } else { |