diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2018-10-15 15:42:12 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2018-10-15 16:19:11 -0400 |
commit | 57a8c2e5e844ee403c9a703c621780de7c7343f0 (patch) | |
tree | 20a2acfd315cdfcc1f472c18508cd53b1dfedc47 /pkg | |
parent | 2bc9a3c4bbaade50264b1dbf348d1521cdd8d8b5 (diff) | |
download | podman-57a8c2e5e844ee403c9a703c621780de7c7343f0.tar.gz podman-57a8c2e5e844ee403c9a703c621780de7c7343f0.tar.bz2 podman-57a8c2e5e844ee403c9a703c621780de7c7343f0.zip |
Mount proper cgroup for systemd to manage inside of the container.
We are still requiring oci-systemd-hook to be installed in order to run
systemd within a container. This patch properly mounts
/sys/fs/cgroup/systemd/libpod_parent/libpod-UUID on /sys/fs/cgroup/systemd inside of container.
Since we need the UUID of the container, we needed to move Systemd to be a config option of the
container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/spec/createconfig.go | 4 | ||||
-rw-r--r-- | pkg/spec/spec.go | 50 |
2 files changed, 4 insertions, 50 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index d34b21189..6ac9d82da 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -319,6 +319,10 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib if c.Interactive { options = append(options, libpod.WithStdin()) } + if c.Systemd && (strings.HasSuffix(c.Command[0], "init") || + strings.HasSuffix(c.Command[0], "systemd")) { + options = append(options, libpod.WithSystemd()) + } if c.Name != "" { logrus.Debugf("appending name %s", c.Name) options = append(options, libpod.WithName(c.Name)) diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 4c855d659..b1cca2c9e 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -5,7 +5,6 @@ import ( "path" "strings" - "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/rootless" "github.com/docker/docker/daemon/caps" "github.com/docker/docker/pkg/mount" @@ -261,12 +260,6 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint addedResources = true } - if config.Systemd && (strings.HasSuffix(config.Command[0], "init") || - strings.HasSuffix(config.Command[0], "systemd")) { - if err := setupSystemd(config, &g); err != nil { - return nil, errors.Wrap(err, "failed to setup systemd") - } - } for _, i := range config.Tmpfs { // Default options if nothing passed options := []string{"rw", "rprivate", "noexec", "nosuid", "nodev", "size=65536k"} @@ -408,49 +401,6 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) } } -// systemd expects to have /run, /run/lock and /tmp on tmpfs -// It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal - -func setupSystemd(config *CreateConfig, g *generate.Generator) error { - mounts, err := config.GetVolumeMounts([]spec.Mount{}) - if err != nil { - return err - } - options := []string{"rw", "rprivate", "noexec", "nosuid", "nodev"} - for _, dest := range []string{"/run", "/run/lock"} { - if libpod.MountExists(mounts, dest) { - continue - } - tmpfsMnt := spec.Mount{ - Destination: dest, - Type: "tmpfs", - Source: "tmpfs", - Options: append(options, "tmpcopyup", "size=65536k"), - } - g.AddMount(tmpfsMnt) - } - for _, dest := range []string{"/tmp", "/var/log/journal"} { - if libpod.MountExists(mounts, dest) { - continue - } - tmpfsMnt := spec.Mount{ - Destination: dest, - Type: "tmpfs", - Source: "tmpfs", - Options: append(options, "tmpcopyup"), - } - g.AddMount(tmpfsMnt) - } - tmpfsMnt := spec.Mount{ - Destination: "/sys/fs/cgroup/systemd", - Type: "tmpfs", - Source: "tmpfs", - Options: append(options, "size=65536k"), - } - g.AddMount(tmpfsMnt) - return nil -} - func addPidNS(config *CreateConfig, g *generate.Generator) error { pidMode := config.PidMode if IsNS(string(pidMode)) { |