Merge pull request #12860 from rhatdan/cgroups

Use CONTAINERS_CONF cgroups flag for remote API.

11 files changed, 35 insertions, 21 deletions

diff --git a/pkg/api/handlers/compat/containers_stats.go b/pkg/api/handlers/compat/containers_stats.go
index a92fe9fe0..ad91a3a8e 100644
--- a/pkg/api/handlers/compat/containers_stats.go
+++ b/pkg/api/handlers/compat/containers_stats.go
@@ -109,7 +109,7 @@ streamLabel: // A label to flatten the scope
 			return
 		}
 		// Cgroup stats
-		cgroupPath, err := ctnr.CGroupPath()
+		cgroupPath, err := ctnr.CgroupPath()
 		if err != nil {
 			logrus.Errorf("Unable to get cgroup path of container: %v", err)
 			return
diff --git a/pkg/api/handlers/compat/info.go b/pkg/api/handlers/compat/info.go
index 777009f0a..dac1eb193 100644
--- a/pkg/api/handlers/compat/info.go
+++ b/pkg/api/handlers/compat/info.go
@@ -124,7 +124,7 @@ func GetInfo(w http.ResponseWriter, r *http.Request) {
 		BuildahVersion:     infoData.Host.BuildahVersion,
 		CPURealtimePeriod:  sysInfo.CPURealtimePeriod,
 		CPURealtimeRuntime: sysInfo.CPURealtimeRuntime,
-		CgroupVersion:      strings.TrimPrefix(infoData.Host.CGroupsVersion, "v"),
+		CgroupVersion:      strings.TrimPrefix(infoData.Host.CgroupsVersion, "v"),
 		Rootless:           rootless.IsRootless(),
 		SwapFree:           infoData.Host.SwapFree,
 		SwapTotal:          infoData.Host.SwapTotal,
diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go
index 3b821d9e7..d3a592bdf 100644
--- a/pkg/api/handlers/types.go
+++ b/pkg/api/handlers/types.go
@@ -148,7 +148,7 @@ type PodTopOKBody struct {
 // swagger:model PodCreateConfig
 type PodCreateConfig struct {
 	Name         string   `json:"name"`
-	CGroupParent string   `json:"cgroup-parent"`
+	CgroupParent string   `json:"cgroup-parent"`
 	Hostname     string   `json:"hostname"`
 	Infra        bool     `json:"infra"`
 	InfraCommand string   `json:"infra-command"`
diff --git a/pkg/domain/entities/engine.go b/pkg/domain/entities/engine.go
index 055af7ff9..32faa74af 100644
--- a/pkg/domain/entities/engine.go
+++ b/pkg/domain/entities/engine.go
@@ -33,7 +33,7 @@ type PodmanConfig struct {
 	*config.Config
 	*pflag.FlagSet
 
-	CGroupUsage    string     // rootless code determines Usage message
+	CgroupUsage    string     // rootless code determines Usage message
 	ConmonPath     string     // --conmon flag will set Engine.ConmonPath
 	CPUProfile     string     // Hidden: Should CPU profile be taken
 	EngineMode     EngineMode // ABI or Tunneling mode
diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index cc9476d79..60d171f86 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -118,7 +118,7 @@ type PodSpec struct {
 // The JSON tags below are made to match the respective field in ContainerCreateOptions for the purpose of mapping.
 // swagger:model PodCreateOptions
 type PodCreateOptions struct {
-	CGroupParent       string            `json:"cgroup_parent,omitempty"`
+	CgroupParent       string            `json:"cgroup_parent,omitempty"`
 	CreateCommand      []string          `json:"create_command,omitempty"`
 	Devices            []string          `json:"devices,omitempty"`
 	DeviceReadBPs      []string          `json:"device_read_bps,omitempty"`
@@ -159,8 +159,8 @@ type ContainerCreateOptions struct {
 	CapAdd            []string
 	CapDrop           []string
 	CgroupNS          string
-	CGroupsMode       string
-	CGroupParent      string `json:"cgroup_parent,omitempty"`
+	CgroupsMode       string
+	CgroupParent      string `json:"cgroup_parent,omitempty"`
 	CIDFile           string
 	ConmonPIDFile     string `json:"container_conmon_pidfile,omitempty"`
 	CPUPeriod         uint64
@@ -172,7 +172,7 @@ type ContainerCreateOptions struct {
 	CPUSetCPUs        string  `json:"cpuset_cpus,omitempty"`
 	CPUSetMems        string
 	Devices           []string `json:"devices,omitempty"`
-	DeviceCGroupRule  []string
+	DeviceCgroupRule  []string
 	DeviceReadBPs     []string `json:"device_read_bps,omitempty"`
 	DeviceReadIOPs    []string
 	DeviceWriteBPs    []string
@@ -345,7 +345,7 @@ func ToPodSpecGen(s specgen.PodSpecGenerator, p *PodCreateOptions) (*specgen.Pod
 	}
 
 	// Cgroup
-	s.CgroupParent = p.CGroupParent
+	s.CgroupParent = p.CgroupParent
 
 	// Resource config
 	cpuDat := p.CPULimits()
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index afd25d313..cab4c3c9a 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -989,7 +989,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
 	report := entities.ContainerRunReport{Id: ctr.ID()}
 
 	if logrus.GetLevel() == logrus.DebugLevel {
-		cgroupPath, err := ctr.CGroupPath()
+		cgroupPath, err := ctr.CgroupPath()
 		if err == nil {
 			logrus.Debugf("container %q has CgroupParent %q", ctr.ID(), cgroupPath)
 		}
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 2c7b3c091..7b55a0cb3 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -229,6 +229,10 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 		}
 	}
 
+	if s.CgroupsMode == "" {
+		s.CgroupsMode = rtc.Cgroups()
+	}
+
 	// If caller did not specify Pids Limits load default
 	if s.ResourceLimits == nil || s.ResourceLimits.Pids == nil {
 		if s.CgroupsMode != "disabled" {
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index ee3a990fc..f72ffe80c 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -152,7 +152,7 @@ func canMountSys(isRootless, isNewUserns bool, s *specgen.SpecGenerator) bool {
 	return true
 }
 
-func getCGroupPermissons(unmask []string) string {
+func getCgroupPermissons(unmask []string) string {
 	ro := "ro"
 	rw := "rw"
 	cgroup := "/sys/fs/cgroup"
@@ -176,7 +176,7 @@ func getCGroupPermissons(unmask []string) string {
 
 // SpecGenToOCI returns the base configuration for the container.
 func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *libimage.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string, compatibleOptions *libpod.InfraInherit) (*spec.Spec, error) {
-	cgroupPerm := getCGroupPermissons(s.Unmask)
+	cgroupPerm := getCgroupPermissons(s.Unmask)
 
 	g, err := generate.New("linux")
 	if err != nil {
@@ -357,7 +357,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 	// set the devices cgroup when not running in a user namespace
 	if !inUserNS && !s.Privileged {
 		g.AddLinuxResourcesDevice(false, "", nil, nil, "rwm")
-		for _, dev := range s.DeviceCGroupRule {
+		for _, dev := range s.DeviceCgroupRule {
 			g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
 		}
 	}
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go
index b6f2d6bf0..62b4725a7 100644
--- a/pkg/specgen/podspecgen.go
+++ b/pkg/specgen/podspecgen.go
@@ -183,7 +183,7 @@ type PodStorageConfig struct {
 // PodCgroupConfig contains configuration options about a pod's cgroups.
 // This will be expanded in future updates to pods.
 type PodCgroupConfig struct {
-	// CgroupParent is the parent for the CGroup that the pod will create.
+	// CgroupParent is the parent for the Cgroup that the pod will create.
 	// This pod cgroup will, in turn, be the default cgroup parent for all
 	// containers in the pod.
 	// Optional.
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 82721ba92..750fc875d 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -264,9 +264,9 @@ type ContainerStorageConfig struct {
 	// Devices are devices that will be added to the container.
 	// Optional.
 	Devices []spec.LinuxDevice `json:"devices,omitempty"`
-	// DeviceCGroupRule are device cgroup rules that allow containers
+	// DeviceCgroupRule are device cgroup rules that allow containers
 	// to use additional types of devices.
-	DeviceCGroupRule []spec.LinuxDeviceCgroup `json:"device_cgroup_rule,omitempty"`
+	DeviceCgroupRule []spec.LinuxDeviceCgroup `json:"device_cgroup_rule,omitempty"`
 	// DevicesFrom is a way to ensure your container inherits device specific information from another container
 	DevicesFrom []string `json:"devices_from,omitempty"`
 	// HostDeviceList is used to recreate the mounted device on inherited containers
@@ -390,7 +390,7 @@ type ContainerCgroupConfig struct {
 	// CgroupsMode sets a policy for how cgroups will be created in the
 	// container, including the ability to disable creation entirely.
 	CgroupsMode string `json:"cgroups_mode,omitempty"`
-	// CgroupParent is the container's CGroup parent.
+	// CgroupParent is the container's Cgroup parent.
 	// If not set, the default for the current cgroup driver will be used.
 	// Optional.
 	CgroupParent string `json:"cgroup_parent,omitempty"`
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index 8e43cc50e..59ac19c2c 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/podman/v3/cmd/podman/parse"
 	"github.com/containers/podman/v3/libpod/define"
@@ -488,8 +489,17 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 	if ld := c.LogDriver; len(ld) > 0 {
 		s.LogConfiguration.Driver = ld
 	}
-	s.CgroupParent = c.CGroupParent
-	s.CgroupsMode = c.CGroupsMode
+	s.CgroupParent = c.CgroupParent
+	s.CgroupsMode = c.CgroupsMode
+	if s.CgroupsMode == "" {
+		rtc, err := config.Default()
+		if err != nil {
+			return err
+		}
+
+		s.CgroupsMode = rtc.Cgroups()
+	}
+
 	s.Groups = c.GroupAdd
 
 	s.Hostname = c.Hostname
@@ -587,12 +597,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 		s.Devices = append(s.Devices, specs.LinuxDevice{Path: dev})
 	}
 
-	for _, rule := range c.DeviceCGroupRule {
+	for _, rule := range c.DeviceCgroupRule {
 		dev, err := parseLinuxResourcesDeviceAccess(rule)
 		if err != nil {
 			return err
 		}
-		s.DeviceCGroupRule = append(s.DeviceCGroupRule, dev)
+		s.DeviceCgroupRule = append(s.DeviceCgroupRule, dev)
 	}
 
 	s.Init = c.Init