diff options
author | Aditya R <arajan@redhat.com> | 2022-01-28 14:46:22 +0530 |
---|---|---|
committer | Matthew Heon <matthew.heon@pm.me> | 2022-02-03 14:43:28 -0500 |
commit | 49076ba8712497b7da5255c0fc3e3bfb1442daaf (patch) | |
tree | 418c9f0cecd86995ba8b48bd99d807eee1f66920 /pkg/machine/ignition.go | |
parent | 337f706f6118f2c91e9906afcdaa233f7cfdbaf9 (diff) | |
download | podman-49076ba8712497b7da5255c0fc3e3bfb1442daaf.tar.gz podman-49076ba8712497b7da5255c0fc3e3bfb1442daaf.tar.bz2 podman-49076ba8712497b7da5255c0fc3e3bfb1442daaf.zip |
ignition, machine: delegate cpu,io cgroup controllers to machine's default users
Makes sure that ignition setups up systemd config so cgroup controllers
like `cpu, io` are also delegated to `non-root` along with `memory,
pid`.
This allows general users of `podman` on `macOS` and `podman-remote` to
do operations which are dependent on `cpu, io` cgroup controllers.
[NO TESTS NEEDED]
[NO NEW TESTS NEEDED]
We don't have a CI infra to test this, please pull the tree and run
`podman info` inside the machine to confirm.
Signed-off-by: Aditya R <arajan@redhat.com>
Diffstat (limited to 'pkg/machine/ignition.go')
-rw-r--r-- | pkg/machine/ignition.go | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go index ca6abd48c..206c9144f 100644 --- a/pkg/machine/ignition.go +++ b/pkg/machine/ignition.go @@ -248,6 +248,10 @@ netns="bridge" machine_enabled=true ` + delegateConf := `[Service] +Delegate=memory pids cpu io +` + // Add a fake systemd service to get the user socket rolling files = append(files, File{ Node: Node{ @@ -280,6 +284,24 @@ machine_enabled=true Mode: intToPtr(0744), }, }) + + // Set delegate.conf so cpu,io subsystem is delegated to non-root users as well for cgroupv2 + // by default + files = append(files, File{ + Node: Node{ + Group: getNodeGrp("root"), + Path: "/etc/systemd/system/user@.service.d/delegate.conf", + User: getNodeUsr("root"), + }, + FileEmbedded1: FileEmbedded1{ + Append: nil, + Contents: Resource{ + Source: encodeDataURLPtr(delegateConf), + }, + Mode: intToPtr(0644), + }, + }) + // Add a file into linger files = append(files, File{ Node: Node{ |