aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-10-24 01:20:25 +0200
committerGitHub <noreply@github.com>2019-10-24 01:20:25 +0200
commit674dc2bc750161ab19db79417db1831af45b0c75 (patch)
tree6aea92e6dc757d520fce9c118c1d70e8daa371a6 /pkg
parent299a430759c236400188dcf77c7da2a97649cdcb (diff)
parent13fe146840c4d9d27fd509189735ce0fc7b944f8 (diff)
downloadpodman-674dc2bc750161ab19db79417db1831af45b0c75.tar.gz
podman-674dc2bc750161ab19db79417db1831af45b0c75.tar.bz2
podman-674dc2bc750161ab19db79417db1831af45b0c75.zip
Merge pull request #4228 from giuseppe/detect-no-systemd-session
rootless: detect no system session with --cgroup-manager=systemd
Diffstat (limited to 'pkg')
-rw-r--r--pkg/spec/spec.go24
1 files changed, 16 insertions, 8 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 8f00d3270..da5c14948 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -300,6 +300,15 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
blockAccessToKernelFilesystems(config, &g)
+ var runtimeConfig *libpod.RuntimeConfig
+
+ if runtime != nil {
+ runtimeConfig, err = runtime.GetConfig()
+ if err != nil {
+ return nil, err
+ }
+ }
+
// RESOURCES - PIDS
if config.Resources.PidsLimit > 0 {
// if running on rootless on a cgroupv1 machine or using the cgroupfs manager, pids
@@ -312,11 +321,7 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
if err != nil {
return nil, err
}
- runtimeConfig, err := runtime.GetConfig()
- if err != nil {
- return nil, err
- }
- if (!cgroup2 || runtimeConfig.CgroupManager != libpod.SystemdCgroupsManager) && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() {
+ if (!cgroup2 || (runtimeConfig != nil && runtimeConfig.CgroupManager != libpod.SystemdCgroupsManager)) && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() {
setPidLimit = false
}
}
@@ -411,10 +416,13 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
if !addedResources {
configSpec.Linux.Resources = &spec.LinuxResources{}
}
- if addedResources && !cgroup2 {
- return nil, errors.New("invalid configuration, cannot set resources with rootless containers not using cgroups v2 unified mode")
+
+ canUseResources := cgroup2 && runtimeConfig != nil && (runtimeConfig.CgroupManager == libpod.SystemdCgroupsManager)
+
+ if addedResources && !canUseResources {
+ return nil, errors.New("invalid configuration, cannot specify resource limits without cgroups v2 and --cgroup-manager=systemd")
}
- if !cgroup2 {
+ if !canUseResources {
// Force the resources block to be empty instead of having default values.
configSpec.Linux.Resources = &spec.LinuxResources{}
}