summaryrefslogtreecommitdiff
path: root/troubleshooting.md
diff options
context:
space:
mode:
authorJordan Christiansen <xordspar0@gmail.com>2020-10-24 22:35:29 -0500
committerJordan Christiansen <xordspar0@gmail.com>2020-10-27 10:05:43 -0500
commitf393d32e9612b5ce140671ba3767e67d45b0d7fe (patch)
tree8a47668fa80e65d862e55a91816614f2cbc065e8 /troubleshooting.md
parent6fa6470d24231dccafbf4396e7cb798a906af522 (diff)
downloadpodman-f393d32e9612b5ce140671ba3767e67d45b0d7fe.tar.gz
podman-f393d32e9612b5ce140671ba3767e67d45b0d7fe.tar.bz2
podman-f393d32e9612b5ce140671ba3767e67d45b0d7fe.zip
Document how to enable CPU limit delegation
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
Diffstat (limited to 'troubleshooting.md')
-rw-r--r--troubleshooting.md36
1 files changed, 36 insertions, 0 deletions
diff --git a/troubleshooting.md b/troubleshooting.md
index 4b0f2e1e4..c42afb642 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -644,3 +644,39 @@ $ podman run --read-only --rootfs /path/to/rootfs ....
Another option would be to create an overlay file system on the directory as a lower and then
then allow podman to create the files on the upper.
+
+### 26) Running containers with CPU limits fails with a permissions error
+
+On some systemd-based systems, non-root users do not have CPU limit delegation
+permissions. This causes setting CPU limits to fail.
+
+#### Symptom
+
+Running a container with a CPU limit options such as `--cpus`, `--cpu-period`,
+or `--cpu-quota` will fail with an error similar to the following:
+
+ Error: opening file `cpu.max` for writing: Permission denied: OCI runtime permission denied error
+
+This means that CPU limit delegation is not enabled for the current user.
+
+#### Solution
+
+You can verify whether CPU limit delegation is enabled by running the following command:
+
+ cat "/sys/fs/cgroup/user.slice/user-$(id -u).slice/user@$(id -u).service/cgroup.controllers"
+
+Example output might be:
+
+ memory pids
+
+In the above example, `cpu` is not listed, which means the curent user does
+not have permission to set CPU limits.
+
+If you want to enable CPU limit delegation for all users, you can create the
+file `/etc/systemd/system/user@.service.d/delegate.conf` with the contents:
+
+ [Service]
+ Delegate=memory pids cpu io
+
+After logging out and loggin back in, you should have permission to set CPU
+limits.