diff options
| -rw-r--r-- | libpod/container.go | 9 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 7 | ||||
| -rw-r--r-- | libpod/runtime_ctr.go | 2 | ||||
| -rw-r--r-- | libpod/runtime_pod_linux.go | 7 | ||||
| -rw-r--r-- | libpod/util_linux.go | 12 |
5 files changed, 33 insertions, 4 deletions
diff --git a/libpod/container.go b/libpod/container.go index 0c1315843..d05baa7e0 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -14,6 +14,7 @@ import ( "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/lock" "github.com/containers/libpod/pkg/namespaces" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" "github.com/cri-o/ocicni/pkg/ocicni" spec "github.com/opencontainers/runtime-spec/specs-go" @@ -52,6 +53,10 @@ const CgroupfsDefaultCgroupParent = "/libpod_parent" // manager in libpod const SystemdDefaultCgroupParent = "machine.slice" +// SystemdDefaultRootlessCgroupParent is the cgroup parent for the systemd cgroup +// manager in libpod when running as rootless +const SystemdDefaultRootlessCgroupParent = "user.slice" + // JournaldLogging is the string conmon expects to specify journald logging const JournaldLogging = "journald" @@ -1109,6 +1114,10 @@ func (c *Container) CGroupPath() (string, error) { case CgroupfsCgroupsManager: return filepath.Join(c.config.CgroupParent, fmt.Sprintf("libpod-%s", c.ID())), nil case SystemdCgroupsManager: + if rootless.IsRootless() { + uid := rootless.GetRootlessUID() + return filepath.Join(c.config.CgroupParent, fmt.Sprintf("user-%d.slice/user@%d.service/user.slice", uid, uid), createUnitName("libpod", c.ID())), nil + } return filepath.Join(c.config.CgroupParent, createUnitName("libpod", c.ID())), nil default: return "", errors.Wrapf(define.ErrInvalidArg, "unsupported CGroup manager %s in use", c.runtime.config.CgroupManager) diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 1ea858886..e93e0cad8 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -23,6 +23,7 @@ import ( "github.com/containers/libpod/libpod/define" crioAnnotations "github.com/containers/libpod/pkg/annotations" "github.com/containers/libpod/pkg/apparmor" + "github.com/containers/libpod/pkg/cgroups" "github.com/containers/libpod/pkg/criu" "github.com/containers/libpod/pkg/lookup" "github.com/containers/libpod/pkg/resolvconf" @@ -350,7 +351,11 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { g.AddProcessEnv("container", "libpod") } - if rootless.IsRootless() { + unified, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return nil, err + } + if rootless.IsRootless() && !unified { g.SetLinuxCgroupsPath("") } else if c.runtime.config.CgroupManager == SystemdCgroupsManager { // When runc is set to use Systemd as a cgroup manager, it diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index bd1d8a198..79e18dcd1 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -191,6 +191,8 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container, restore bo return nil, errors.Wrapf(err, "error retrieving pod %s cgroup", pod.ID()) } ctr.config.CgroupParent = podCgroup + } else if rootless.IsRootless() { + ctr.config.CgroupParent = SystemdDefaultRootlessCgroupParent } else { ctr.config.CgroupParent = SystemdDefaultCgroupParent } diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index 11dc8cd44..e9ce130da 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -12,6 +12,7 @@ import ( "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/events" "github.com/containers/libpod/pkg/cgroups" + "github.com/containers/libpod/pkg/rootless" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -78,7 +79,11 @@ func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (*Pod, } case SystemdCgroupsManager: if pod.config.CgroupParent == "" { - pod.config.CgroupParent = SystemdDefaultCgroupParent + if rootless.IsRootless() { + pod.config.CgroupParent = SystemdDefaultRootlessCgroupParent + } else { + pod.config.CgroupParent = SystemdDefaultCgroupParent + } } else if len(pod.config.CgroupParent) < 6 || !strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") { return nil, errors.Wrapf(define.ErrInvalidArg, "did not receive systemd slice as cgroup parent when using systemd to manage cgroups") } diff --git a/libpod/util_linux.go b/libpod/util_linux.go index 77dcf86f6..78cbc75a7 100644 --- a/libpod/util_linux.go +++ b/libpod/util_linux.go @@ -8,6 +8,7 @@ import ( "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/pkg/cgroups" + "github.com/containers/libpod/pkg/rootless" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -33,9 +34,16 @@ func systemdSliceFromPath(parent, name string) (string, error) { return cgroupPath, nil } +func getDefaultSystemdCgroup() string { + if rootless.IsRootless() { + return SystemdDefaultRootlessCgroupParent + } + return SystemdDefaultCgroupParent +} + // makeSystemdCgroup creates a systemd CGroup at the given location. func makeSystemdCgroup(path string) error { - controller, err := cgroups.NewSystemd(SystemdDefaultCgroupParent) + controller, err := cgroups.NewSystemd(getDefaultSystemdCgroup()) if err != nil { return err } @@ -45,7 +53,7 @@ func makeSystemdCgroup(path string) error { // deleteSystemdCgroup deletes the systemd cgroup at the given location func deleteSystemdCgroup(path string) error { - controller, err := cgroups.NewSystemd(SystemdDefaultCgroupParent) + controller, err := cgroups.NewSystemd(getDefaultSystemdCgroup()) if err != nil { return err } |