diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-02-08 07:10:15 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-08 07:10:15 -0500 |
commit | cbd0980d5b28fca1ea5192b73ccf92506e562691 (patch) | |
tree | 7d47dedfac33e65ca6b85cfc7f14b3e6be9b4f22 /utils | |
parent | 46d9a2570ad3eb4f1d7fe0928927e644ebe8a2a3 (diff) | |
parent | 8d0fb0a4ed80eabf02b82c22d4d2b637d6a84da4 (diff) | |
download | podman-cbd0980d5b28fca1ea5192b73ccf92506e562691.tar.gz podman-cbd0980d5b28fca1ea5192b73ccf92506e562691.tar.bz2 podman-cbd0980d5b28fca1ea5192b73ccf92506e562691.zip |
Merge pull request #13159 from Luap99/slirp4-scope
move rootless netns slirp4netns process to systemd user.slice
Diffstat (limited to 'utils')
-rw-r--r-- | utils/utils.go | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/utils/utils.go b/utils/utils.go index 52586b937..22f0cb12f 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -174,7 +174,7 @@ func RunsOnSystemd() bool { return runsOnSystemd } -func moveProcessToScope(pidPath, slice, scope string) error { +func moveProcessPIDFileToScope(pidPath, slice, scope string) error { data, err := ioutil.ReadFile(pidPath) if err != nil { // do not raise an error if the file doesn't exist @@ -187,18 +187,32 @@ func moveProcessToScope(pidPath, slice, scope string) error { if err != nil { return errors.Wrapf(err, "cannot parse pid file %s", pidPath) } - err = RunUnderSystemdScope(int(pid), slice, scope) + return moveProcessToScope(int(pid), slice, scope) +} + +func moveProcessToScope(pid int, slice, scope string) error { + err := RunUnderSystemdScope(int(pid), slice, scope) // If the PID is not valid anymore, do not return an error. if dbusErr, ok := err.(dbus.Error); ok { if dbusErr.Name == "org.freedesktop.DBus.Error.UnixProcessIdUnknown" { return nil } } - return err } +// MoveRootlessNetnsSlirpProcessToUserSlice moves the slirp4netns process for the rootless netns +// into a different scope so that systemd does not kill it with a container. +func MoveRootlessNetnsSlirpProcessToUserSlice(pid int) error { + randBytes := make([]byte, 4) + _, err := rand.Read(randBytes) + if err != nil { + return err + } + return moveProcessToScope(pid, "user.slice", fmt.Sprintf("rootless-netns-%x.scope", randBytes)) +} + // MovePauseProcessToScope moves the pause process used for rootless mode to keep the namespaces alive to // a separate scope. func MovePauseProcessToScope(pausePidPath string) { @@ -211,7 +225,7 @@ func MovePauseProcessToScope(pausePidPath string) { logrus.Errorf("failed to read random bytes: %v", err) continue } - err = moveProcessToScope(pausePidPath, "user.slice", fmt.Sprintf("podman-pause-%x.scope", randBytes)) + err = moveProcessPIDFileToScope(pausePidPath, "user.slice", fmt.Sprintf("podman-pause-%x.scope", randBytes)) if err == nil { return } |