aboutsummaryrefslogtreecommitdiff
path: root/troubleshooting.md
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-10-27 13:23:27 -0400
committerGitHub <noreply@github.com>2020-10-27 13:23:27 -0400
commit434de069fe83b6a928cd6c741c9337219cf09fe5 (patch)
treef8e834365a29c5e58fe99e1349e74eda027bedd1 /troubleshooting.md
parenteda5a6d069855c30fafe01c5226b9110c5691d91 (diff)
parentf393d32e9612b5ce140671ba3767e67d45b0d7fe (diff)
downloadpodman-434de069fe83b6a928cd6c741c9337219cf09fe5.tar.gz
podman-434de069fe83b6a928cd6c741c9337219cf09fe5.tar.bz2
podman-434de069fe83b6a928cd6c741c9337219cf09fe5.zip
Merge pull request #8134 from xordspar0/cpu.max-permission
[CI:DOCS] Document how to enable CPU limit delegation
Diffstat (limited to 'troubleshooting.md')
-rw-r--r--troubleshooting.md36
1 files changed, 36 insertions, 0 deletions
diff --git a/troubleshooting.md b/troubleshooting.md
index 4b0f2e1e4..c42afb642 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -644,3 +644,39 @@ $ podman run --read-only --rootfs /path/to/rootfs ....
Another option would be to create an overlay file system on the directory as a lower and then
then allow podman to create the files on the upper.
+
+### 26) Running containers with CPU limits fails with a permissions error
+
+On some systemd-based systems, non-root users do not have CPU limit delegation
+permissions. This causes setting CPU limits to fail.
+
+#### Symptom
+
+Running a container with a CPU limit options such as `--cpus`, `--cpu-period`,
+or `--cpu-quota` will fail with an error similar to the following:
+
+ Error: opening file `cpu.max` for writing: Permission denied: OCI runtime permission denied error
+
+This means that CPU limit delegation is not enabled for the current user.
+
+#### Solution
+
+You can verify whether CPU limit delegation is enabled by running the following command:
+
+ cat "/sys/fs/cgroup/user.slice/user-$(id -u).slice/user@$(id -u).service/cgroup.controllers"
+
+Example output might be:
+
+ memory pids
+
+In the above example, `cpu` is not listed, which means the curent user does
+not have permission to set CPU limits.
+
+If you want to enable CPU limit delegation for all users, you can create the
+file `/etc/systemd/system/user@.service.d/delegate.conf` with the contents:
+
+ [Service]
+ Delegate=memory pids cpu io
+
+After logging out and loggin back in, you should have permission to set CPU
+limits.