diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2021-09-20 14:17:56 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-20 14:17:56 -0400 |
| commit | f93500810800e85af4de88b99efeaea989db9025 (patch) | |
| tree | a12daf6fea64b6355b0ac19b2de72c5e7996ae14 /utils | |
| parent | cd09903eff3589d82256a86e144f4a4c5bedccbe (diff) | |
| parent | 331ce0f7ee2736d5f012ea6a6d2aba77213e3956 (diff) | |
| download | podman-f93500810800e85af4de88b99efeaea989db9025.tar.gz podman-f93500810800e85af4de88b99efeaea989db9025.tar.bz2 podman-f93500810800e85af4de88b99efeaea989db9025.zip | |
Merge pull request #11624 from giuseppe/3.4-fix-pause-process
[3.4] runtime: move pause process to scope
Diffstat (limited to 'utils')
| -rw-r--r-- | utils/utils.go | 47 | ||||
| -rw-r--r-- | utils/utils_supported.go | 6 |
2 files changed, 50 insertions, 3 deletions
diff --git a/utils/utils.go b/utils/utils.go index 2e415130e..b08630d2f 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -4,12 +4,15 @@ import ( "bytes" "fmt" "io" + "io/ioutil" "os" "os/exec" "strconv" "strings" + "sync" "github.com/containers/podman/v3/libpod/define" + "github.com/containers/podman/v3/pkg/cgroups" "github.com/containers/storage/pkg/archive" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -155,3 +158,47 @@ func RemoveScientificNotationFromFloat(x float64) (float64, error) { } return result, nil } + +var ( + runsOnSystemdOnce sync.Once + runsOnSystemd bool +) + +// RunsOnSystemd returns whether the system is using systemd +func RunsOnSystemd() bool { + runsOnSystemdOnce.Do(func() { + initCommand, err := ioutil.ReadFile("/proc/1/comm") + // On errors, default to systemd + runsOnSystemd = err != nil || strings.TrimRight(string(initCommand), "\n") == "systemd" + }) + return runsOnSystemd +} + +func moveProcessToScope(pidPath, slice, scope string) error { + data, err := ioutil.ReadFile(pidPath) + if err != nil { + return errors.Wrapf(err, "cannot read pid file %s", pidPath) + } + pid, err := strconv.ParseUint(string(data), 10, 0) + if err != nil { + return errors.Wrapf(err, "cannot parse pid file %s", pidPath) + } + return RunUnderSystemdScope(int(pid), slice, scope) +} + +// MovePauseProcessToScope moves the pause process used for rootless mode to keep the namespaces alive to +// a separate scope. +func MovePauseProcessToScope(pausePidPath string) { + err := moveProcessToScope(pausePidPath, "user.slice", "podman-pause.scope") + if err != nil { + unified, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + logrus.Warnf("Failed to detect if running with cgroup unified: %v", err) + } + if RunsOnSystemd() && unified { + logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } else { + logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } + } +} diff --git a/utils/utils_supported.go b/utils/utils_supported.go index ebc870d26..1404e3194 100644 --- a/utils/utils_supported.go +++ b/utils/utils_supported.go @@ -47,10 +47,10 @@ func RunUnderSystemdScope(pid int, slice string, unitName string) error { // On errors check if the cgroup already exists, if it does move the process there if props, err := conn.GetUnitTypeProperties(unitName, "Scope"); err == nil { if cgroup, ok := props["ControlGroup"].(string); ok && cgroup != "" { - if err := moveUnderCgroup(cgroup, "", []uint32{uint32(pid)}); err != nil { - return err + if err := moveUnderCgroup(cgroup, "", []uint32{uint32(pid)}); err == nil { + return nil } - return nil + // On errors return the original error message we got from StartTransientUnit. } } return err |