diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-01-28 11:16:10 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-28 11:16:10 -0500 |
commit | c2f4747fea508a6c6b0fdbf7a51eb6c80ba57f02 (patch) | |
tree | c51650b1aee686574c09f6185d89eb377a58bcc2 /pkg/machine | |
parent | 1b544b74247e538a2cda7bd476cb340cf8f57b81 (diff) | |
parent | 6f2b027b381192b9f5eb0e28e0fa8f36195d0e85 (diff) | |
download | podman-c2f4747fea508a6c6b0fdbf7a51eb6c80ba57f02.tar.gz podman-c2f4747fea508a6c6b0fdbf7a51eb6c80ba57f02.tar.bz2 podman-c2f4747fea508a6c6b0fdbf7a51eb6c80ba57f02.zip |
Merge pull request #13061 from flouthoc/podman-vm-delegate-subsystem
ignition, machine: delegate `cpu,io,memory,pid cgroup controllers` to machine's non-root users.
Diffstat (limited to 'pkg/machine')
-rw-r--r-- | pkg/machine/ignition.go | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go index ca6abd48c..206c9144f 100644 --- a/pkg/machine/ignition.go +++ b/pkg/machine/ignition.go @@ -248,6 +248,10 @@ netns="bridge" machine_enabled=true ` + delegateConf := `[Service] +Delegate=memory pids cpu io +` + // Add a fake systemd service to get the user socket rolling files = append(files, File{ Node: Node{ @@ -280,6 +284,24 @@ machine_enabled=true Mode: intToPtr(0744), }, }) + + // Set delegate.conf so cpu,io subsystem is delegated to non-root users as well for cgroupv2 + // by default + files = append(files, File{ + Node: Node{ + Group: getNodeGrp("root"), + Path: "/etc/systemd/system/user@.service.d/delegate.conf", + User: getNodeUsr("root"), + }, + FileEmbedded1: FileEmbedded1{ + Append: nil, + Contents: Resource{ + Source: encodeDataURLPtr(delegateConf), + }, + Mode: intToPtr(0644), + }, + }) + // Add a file into linger files = append(files, File{ Node: Node{ |