diff options
-rw-r--r-- | cmd/podman/main_local.go | 9 | ||||
-rw-r--r-- | libpod/runtime.go | 21 | ||||
-rw-r--r-- | pkg/spec/spec.go | 24 |
3 files changed, 40 insertions, 14 deletions
diff --git a/cmd/podman/main_local.go b/cmd/podman/main_local.go index bdffb6b1e..202d93b35 100644 --- a/cmd/podman/main_local.go +++ b/cmd/podman/main_local.go @@ -174,14 +174,13 @@ func setupRootless(cmd *cobra.Command, args []string) error { if err != nil { return err } - + conf, err := runtime.GetConfig() + if err != nil { + return err + } if !ownsCgroup { unitName := fmt.Sprintf("podman-%d.scope", os.Getpid()) if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil { - conf, err2 := runtime.GetConfig() - if err2 != nil { - return err2 - } if conf.CgroupManager == libpod.SystemdCgroupsManager { logrus.Warnf("Failed to add podman to systemd sandbox cgroup: %v", err) } else { diff --git a/libpod/runtime.go b/libpod/runtime.go index 107e8e3d0..74c47317f 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -1469,6 +1469,25 @@ func (r *Runtime) GetOCIRuntimePath() string { // TODO Once runc has support for cgroups, this function should be removed. func cgroupV2Check(configPath string, tmpConfig *RuntimeConfig) error { if !tmpConfig.CgroupCheck && rootless.IsRootless() { + if tmpConfig.CgroupManager == SystemdCgroupsManager { + // If we are running rootless and the systemd manager is requested, be sure that dbus is accessible + session := os.Getenv("DBUS_SESSION_BUS_ADDRESS") + hasSession := session != "" + if hasSession && strings.HasPrefix(session, "unix:path=") { + _, err := os.Stat(strings.TrimPrefix(session, "unix:path=")) + hasSession = err == nil + } + + if !hasSession { + logrus.Warningf("The cgroups manager is set to systemd but there is no systemd user session available") + logrus.Warningf("For using systemd, you may need to login using an user session") + logrus.Warningf("Alternatively, you can enable lingering with: `loginctl enable-linger %d` (possibily as root)", rootless.GetRootlessUID()) + logrus.Warningf("Falling back to --cgroup-manager=cgroupfs") + + tmpConfig.CgroupManager = CgroupfsCgroupsManager + } + + } cgroupsV2, err := cgroups.IsCgroup2UnifiedMode() if err != nil { return err @@ -1482,7 +1501,7 @@ func cgroupV2Check(configPath string, tmpConfig *RuntimeConfig) error { } tmpConfig.CgroupCheck = true tmpConfig.OCIRuntime = path - file, err := os.OpenFile(configPath, os.O_RDWR|os.O_CREATE, 0666) + file, err := os.OpenFile(configPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0666) if err != nil { return errors.Wrapf(err, "cannot open file %s", configPath) } diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 8f00d3270..da5c14948 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -300,6 +300,15 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM blockAccessToKernelFilesystems(config, &g) + var runtimeConfig *libpod.RuntimeConfig + + if runtime != nil { + runtimeConfig, err = runtime.GetConfig() + if err != nil { + return nil, err + } + } + // RESOURCES - PIDS if config.Resources.PidsLimit > 0 { // if running on rootless on a cgroupv1 machine or using the cgroupfs manager, pids @@ -312,11 +321,7 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM if err != nil { return nil, err } - runtimeConfig, err := runtime.GetConfig() - if err != nil { - return nil, err - } - if (!cgroup2 || runtimeConfig.CgroupManager != libpod.SystemdCgroupsManager) && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() { + if (!cgroup2 || (runtimeConfig != nil && runtimeConfig.CgroupManager != libpod.SystemdCgroupsManager)) && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() { setPidLimit = false } } @@ -411,10 +416,13 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM if !addedResources { configSpec.Linux.Resources = &spec.LinuxResources{} } - if addedResources && !cgroup2 { - return nil, errors.New("invalid configuration, cannot set resources with rootless containers not using cgroups v2 unified mode") + + canUseResources := cgroup2 && runtimeConfig != nil && (runtimeConfig.CgroupManager == libpod.SystemdCgroupsManager) + + if addedResources && !canUseResources { + return nil, errors.New("invalid configuration, cannot specify resource limits without cgroups v2 and --cgroup-manager=systemd") } - if !cgroup2 { + if !canUseResources { // Force the resources block to be empty instead of having default values. configSpec.Linux.Resources = &spec.LinuxResources{} } |