summaryrefslogtreecommitdiff
path: root/pkg/rootless
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-05-23 18:13:21 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-05-25 13:47:58 +0200
commit30ef6ba125536077923f19ed079b321f264ede99 (patch)
treebd6f123b5221a1f862f9a77d8dc5851ea8517541 /pkg/rootless
parentee11f3bce960cf2eeff0bf9b410c752bbc6af89f (diff)
downloadpodman-30ef6ba125536077923f19ed079b321f264ede99.tar.gz
podman-30ef6ba125536077923f19ed079b321f264ede99.tar.bz2
podman-30ef6ba125536077923f19ed079b321f264ede99.zip
rootless: enable loginctl linger
otherwise the processes we leave around will be killed once the session terminates. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/rootless')
-rw-r--r--pkg/rootless/rootless_linux.go15
1 files changed, 15 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index 27d64d1fc..3743911b8 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -194,10 +194,24 @@ func getUserNSFirstChild(fd uintptr) (*os.File, error) {
}
}
+func enableLinger(pausePid string) {
+ if pausePid == "" {
+ return
+ }
+ // If we are trying to write a pause pid file, make sure we can leave processes
+ // running longer than the user session.
+ err := exec.Command("loginctl", "enable-linger", fmt.Sprintf("%d", GetRootlessUID())).Run()
+ if err != nil {
+ logrus.Warnf("cannot run `loginctl enable-linger` for the current user: %v", err)
+ }
+}
+
// JoinUserAndMountNS re-exec podman in a new userNS and join the user and mount
// namespace of the specified PID without looking up its parent. Useful to join directly
// the conmon process.
func JoinUserAndMountNS(pid uint, pausePid string) (bool, int, error) {
+ enableLinger(pausePid)
+
if os.Geteuid() == 0 || os.Getenv("_CONTAINERS_USERNS_CONFIGURED") != "" {
return false, -1, nil
}
@@ -388,6 +402,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool,
// If podman was re-executed the caller needs to propagate the error code returned by the child
// process.
func BecomeRootInUserNS(pausePid string) (bool, int, error) {
+ enableLinger(pausePid)
return becomeRootInUserNS(pausePid, "", nil)
}