summaryrefslogtreecommitdiff
path: root/utils/utils.go
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2022-02-08 07:10:15 -0500
committerGitHub <noreply@github.com>2022-02-08 07:10:15 -0500
commitcbd0980d5b28fca1ea5192b73ccf92506e562691 (patch)
tree7d47dedfac33e65ca6b85cfc7f14b3e6be9b4f22 /utils/utils.go
parent46d9a2570ad3eb4f1d7fe0928927e644ebe8a2a3 (diff)
parent8d0fb0a4ed80eabf02b82c22d4d2b637d6a84da4 (diff)
downloadpodman-cbd0980d5b28fca1ea5192b73ccf92506e562691.tar.gz
podman-cbd0980d5b28fca1ea5192b73ccf92506e562691.tar.bz2
podman-cbd0980d5b28fca1ea5192b73ccf92506e562691.zip
Merge pull request #13159 from Luap99/slirp4-scope
move rootless netns slirp4netns process to systemd user.slice
Diffstat (limited to 'utils/utils.go')
-rw-r--r--utils/utils.go22
1 files changed, 18 insertions, 4 deletions
diff --git a/utils/utils.go b/utils/utils.go
index 52586b937..22f0cb12f 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -174,7 +174,7 @@ func RunsOnSystemd() bool {
return runsOnSystemd
}
-func moveProcessToScope(pidPath, slice, scope string) error {
+func moveProcessPIDFileToScope(pidPath, slice, scope string) error {
data, err := ioutil.ReadFile(pidPath)
if err != nil {
// do not raise an error if the file doesn't exist
@@ -187,18 +187,32 @@ func moveProcessToScope(pidPath, slice, scope string) error {
if err != nil {
return errors.Wrapf(err, "cannot parse pid file %s", pidPath)
}
- err = RunUnderSystemdScope(int(pid), slice, scope)
+ return moveProcessToScope(int(pid), slice, scope)
+}
+
+func moveProcessToScope(pid int, slice, scope string) error {
+ err := RunUnderSystemdScope(int(pid), slice, scope)
// If the PID is not valid anymore, do not return an error.
if dbusErr, ok := err.(dbus.Error); ok {
if dbusErr.Name == "org.freedesktop.DBus.Error.UnixProcessIdUnknown" {
return nil
}
}
-
return err
}
+// MoveRootlessNetnsSlirpProcessToUserSlice moves the slirp4netns process for the rootless netns
+// into a different scope so that systemd does not kill it with a container.
+func MoveRootlessNetnsSlirpProcessToUserSlice(pid int) error {
+ randBytes := make([]byte, 4)
+ _, err := rand.Read(randBytes)
+ if err != nil {
+ return err
+ }
+ return moveProcessToScope(pid, "user.slice", fmt.Sprintf("rootless-netns-%x.scope", randBytes))
+}
+
// MovePauseProcessToScope moves the pause process used for rootless mode to keep the namespaces alive to
// a separate scope.
func MovePauseProcessToScope(pausePidPath string) {
@@ -211,7 +225,7 @@ func MovePauseProcessToScope(pausePidPath string) {
logrus.Errorf("failed to read random bytes: %v", err)
continue
}
- err = moveProcessToScope(pausePidPath, "user.slice", fmt.Sprintf("podman-pause-%x.scope", randBytes))
+ err = moveProcessPIDFileToScope(pausePidPath, "user.slice", fmt.Sprintf("podman-pause-%x.scope", randBytes))
if err == nil {
return
}