diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-10-30 15:01:38 +0100 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-10-30 19:35:14 +0100 |
| commit | 4860223ce54afbcecfe3e53946e8e9d28921756f (patch) | |
| tree | f4232df74b8d21423dbbb686c9f9e4812a65d6c3 /pkg | |
| parent | 22702b9d60af17af9b9aa69cee8c51d94e66d979 (diff) | |
| download | podman-4860223ce54afbcecfe3e53946e8e9d28921756f.tar.gz podman-4860223ce54afbcecfe3e53946e8e9d28921756f.tar.bz2 podman-4860223ce54afbcecfe3e53946e8e9d28921756f.zip | |
specgen, cgroup2: check whether memory swap is enabled
add a similar check to what we do on cgroup v1.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/specgen/generate/validate.go | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/pkg/specgen/generate/validate.go b/pkg/specgen/generate/validate.go index 2ca92d779..92fd12770 100644 --- a/pkg/specgen/generate/validate.go +++ b/pkg/specgen/generate/validate.go @@ -1,9 +1,13 @@ package generate import ( + "os" + "path/filepath" + "github.com/containers/common/pkg/sysinfo" "github.com/containers/podman/v2/pkg/cgroups" "github.com/containers/podman/v2/pkg/specgen" + "github.com/containers/podman/v2/utils" "github.com/pkg/errors" ) @@ -158,7 +162,34 @@ func verifyContainerResourcesCgroupV1(s *specgen.SpecGenerator) ([]string, error // Verify resource limits are sanely set when running on cgroup v2. func verifyContainerResourcesCgroupV2(s *specgen.SpecGenerator) ([]string, error) { - return []string{}, nil + warnings := []string{} + + if s.ResourceLimits == nil { + return warnings, nil + } + + if s.ResourceLimits.Memory != nil && s.ResourceLimits.Memory.Swap != nil { + own, err := utils.GetOwnCgroup() + if err != nil { + return warnings, err + } + memoryMax := filepath.Join("/sys/fs/cgroup", own, "memory.max") + memorySwapMax := filepath.Join("/sys/fs/cgroup", own, "memory.swap.max") + _, errMemoryMax := os.Stat(memoryMax) + _, errMemorySwapMax := os.Stat(memorySwapMax) + // Differently than cgroup v1, the memory.*max files are not present in the + // root directory, so we cannot query directly that, so as best effort use + // the current cgroup. + // Check whether memory.max exists in the current cgroup and memory.swap.max + // does not. In this case we can be sure memory swap is not enabled. + // If both files don't exist, the memory controller might not be enabled + // for the current cgroup. + if errMemoryMax == nil && errMemorySwapMax != nil { + warnings = append(warnings, "Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.") + s.ResourceLimits.Memory.Swap = nil + } + } + return warnings, nil } // Verify resource limits are sanely set, removing any limits that are not |