diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-09-17 04:35:58 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-17 04:35:58 -0400 |
| commit | 84c61b7d36eef804d53f4aabf9aa6866017d2a2c (patch) | |
| tree | 28baae9ad5428b805f69c030526bc3704c6597e4 /utils | |
| parent | 6cf13c3dbf05a263c08c3f1b1a10cfed722e5929 (diff) | |
| parent | a2c8b5d9d6d6e46679fe9540619d4303d4b4601d (diff) | |
| download | podman-84c61b7d36eef804d53f4aabf9aa6866017d2a2c.tar.gz podman-84c61b7d36eef804d53f4aabf9aa6866017d2a2c.tar.bz2 podman-84c61b7d36eef804d53f4aabf9aa6866017d2a2c.zip | |
Merge pull request #11606 from giuseppe/always-move-pause-process-to-scope
runtime: move pause process to scope
Diffstat (limited to 'utils')
| -rw-r--r-- | utils/utils.go | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/utils/utils.go b/utils/utils.go index 2e415130e..185ac4865 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -4,10 +4,12 @@ import ( "bytes" "fmt" "io" + "io/ioutil" "os" "os/exec" "strconv" "strings" + "sync" "github.com/containers/podman/v3/libpod/define" "github.com/containers/storage/pkg/archive" @@ -155,3 +157,43 @@ func RemoveScientificNotationFromFloat(x float64) (float64, error) { } return result, nil } + +var ( + runsOnSystemdOnce sync.Once + runsOnSystemd bool +) + +// RunsOnSystemd returns whether the system is using systemd +func RunsOnSystemd() bool { + runsOnSystemdOnce.Do(func() { + initCommand, err := ioutil.ReadFile("/proc/1/comm") + // On errors, default to systemd + runsOnSystemd = err != nil || strings.TrimRight(string(initCommand), "\n") == "systemd" + }) + return runsOnSystemd +} + +func moveProcessToScope(pidPath, slice, scope string) error { + data, err := ioutil.ReadFile(pidPath) + if err != nil { + return errors.Wrapf(err, "cannot read pid file %s", pidPath) + } + pid, err := strconv.ParseUint(string(data), 10, 0) + if err != nil { + return errors.Wrapf(err, "cannot parse pid file %s", pidPath) + } + return RunUnderSystemdScope(int(pid), slice, scope) +} + +// MovePauseProcessToScope moves the pause process used for rootless mode to keep the namespaces alive to +// a separate scope. +func MovePauseProcessToScope(pausePidPath string) { + err := moveProcessToScope(pausePidPath, "user.slice", "podman-pause.scope") + if err != nil { + if RunsOnSystemd() { + logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } else { + logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } + } +} |