aboutsummaryrefslogtreecommitdiff
path: root/pkg/machine/ignition.go
diff options
context:
space:
mode:
authorAditya R <arajan@redhat.com>2022-01-28 14:46:22 +0530
committerAditya R <arajan@redhat.com>2022-01-28 15:02:34 +0530
commit6f2b027b381192b9f5eb0e28e0fa8f36195d0e85 (patch)
treee7943dbce595b2c7c244dbd7d937c6c39de96962 /pkg/machine/ignition.go
parent935ae1bfd0bad813ff6d1ba99552b90691d12b6d (diff)
downloadpodman-6f2b027b381192b9f5eb0e28e0fa8f36195d0e85.tar.gz
podman-6f2b027b381192b9f5eb0e28e0fa8f36195d0e85.tar.bz2
podman-6f2b027b381192b9f5eb0e28e0fa8f36195d0e85.zip
ignition, machine: delegate cpu,io cgroup controllers to machine's default users
Makes sure that ignition setups up systemd config so cgroup controllers like `cpu, io` are also delegated to `non-root` along with `memory, pid`. This allows general users of `podman` on `macOS` and `podman-remote` to do operations which are dependent on `cpu, io` cgroup controllers. [NO TESTS NEEDED] [NO NEW TESTS NEEDED] We don't have a CI infra to test this, please pull the tree and run `podman info` inside the machine to confirm. Signed-off-by: Aditya R <arajan@redhat.com>
Diffstat (limited to 'pkg/machine/ignition.go')
-rw-r--r--pkg/machine/ignition.go22
1 files changed, 22 insertions, 0 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index ca6abd48c..206c9144f 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -248,6 +248,10 @@ netns="bridge"
machine_enabled=true
`
+ delegateConf := `[Service]
+Delegate=memory pids cpu io
+`
+
// Add a fake systemd service to get the user socket rolling
files = append(files, File{
Node: Node{
@@ -280,6 +284,24 @@ machine_enabled=true
Mode: intToPtr(0744),
},
})
+
+ // Set delegate.conf so cpu,io subsystem is delegated to non-root users as well for cgroupv2
+ // by default
+ files = append(files, File{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: "/etc/systemd/system/user@.service.d/delegate.conf",
+ User: getNodeUsr("root"),
+ },
+ FileEmbedded1: FileEmbedded1{
+ Append: nil,
+ Contents: Resource{
+ Source: encodeDataURLPtr(delegateConf),
+ },
+ Mode: intToPtr(0644),
+ },
+ })
+
// Add a file into linger
files = append(files, File{
Node: Node{