summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libpod/container.go9
-rw-r--r--libpod/container_internal_linux.go7
-rw-r--r--libpod/runtime_ctr.go2
-rw-r--r--libpod/runtime_pod_linux.go7
-rw-r--r--libpod/util_linux.go12
5 files changed, 33 insertions, 4 deletions
diff --git a/libpod/container.go b/libpod/container.go
index 0c1315843..d05baa7e0 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -14,6 +14,7 @@ import (
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/libpod/lock"
"github.com/containers/libpod/pkg/namespaces"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage"
"github.com/cri-o/ocicni/pkg/ocicni"
spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -52,6 +53,10 @@ const CgroupfsDefaultCgroupParent = "/libpod_parent"
// manager in libpod
const SystemdDefaultCgroupParent = "machine.slice"
+// SystemdDefaultRootlessCgroupParent is the cgroup parent for the systemd cgroup
+// manager in libpod when running as rootless
+const SystemdDefaultRootlessCgroupParent = "user.slice"
+
// JournaldLogging is the string conmon expects to specify journald logging
const JournaldLogging = "journald"
@@ -1109,6 +1114,10 @@ func (c *Container) CGroupPath() (string, error) {
case CgroupfsCgroupsManager:
return filepath.Join(c.config.CgroupParent, fmt.Sprintf("libpod-%s", c.ID())), nil
case SystemdCgroupsManager:
+ if rootless.IsRootless() {
+ uid := rootless.GetRootlessUID()
+ return filepath.Join(c.config.CgroupParent, fmt.Sprintf("user-%d.slice/user@%d.service/user.slice", uid, uid), createUnitName("libpod", c.ID())), nil
+ }
return filepath.Join(c.config.CgroupParent, createUnitName("libpod", c.ID())), nil
default:
return "", errors.Wrapf(define.ErrInvalidArg, "unsupported CGroup manager %s in use", c.runtime.config.CgroupManager)
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 1ea858886..e93e0cad8 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -23,6 +23,7 @@ import (
"github.com/containers/libpod/libpod/define"
crioAnnotations "github.com/containers/libpod/pkg/annotations"
"github.com/containers/libpod/pkg/apparmor"
+ "github.com/containers/libpod/pkg/cgroups"
"github.com/containers/libpod/pkg/criu"
"github.com/containers/libpod/pkg/lookup"
"github.com/containers/libpod/pkg/resolvconf"
@@ -350,7 +351,11 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
g.AddProcessEnv("container", "libpod")
}
- if rootless.IsRootless() {
+ unified, err := cgroups.IsCgroup2UnifiedMode()
+ if err != nil {
+ return nil, err
+ }
+ if rootless.IsRootless() && !unified {
g.SetLinuxCgroupsPath("")
} else if c.runtime.config.CgroupManager == SystemdCgroupsManager {
// When runc is set to use Systemd as a cgroup manager, it
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index bd1d8a198..79e18dcd1 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -191,6 +191,8 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container, restore bo
return nil, errors.Wrapf(err, "error retrieving pod %s cgroup", pod.ID())
}
ctr.config.CgroupParent = podCgroup
+ } else if rootless.IsRootless() {
+ ctr.config.CgroupParent = SystemdDefaultRootlessCgroupParent
} else {
ctr.config.CgroupParent = SystemdDefaultCgroupParent
}
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index 11dc8cd44..e9ce130da 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -12,6 +12,7 @@ import (
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/libpod/events"
"github.com/containers/libpod/pkg/cgroups"
+ "github.com/containers/libpod/pkg/rootless"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -78,7 +79,11 @@ func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (*Pod,
}
case SystemdCgroupsManager:
if pod.config.CgroupParent == "" {
- pod.config.CgroupParent = SystemdDefaultCgroupParent
+ if rootless.IsRootless() {
+ pod.config.CgroupParent = SystemdDefaultRootlessCgroupParent
+ } else {
+ pod.config.CgroupParent = SystemdDefaultCgroupParent
+ }
} else if len(pod.config.CgroupParent) < 6 || !strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") {
return nil, errors.Wrapf(define.ErrInvalidArg, "did not receive systemd slice as cgroup parent when using systemd to manage cgroups")
}
diff --git a/libpod/util_linux.go b/libpod/util_linux.go
index 77dcf86f6..78cbc75a7 100644
--- a/libpod/util_linux.go
+++ b/libpod/util_linux.go
@@ -8,6 +8,7 @@ import (
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/pkg/cgroups"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -33,9 +34,16 @@ func systemdSliceFromPath(parent, name string) (string, error) {
return cgroupPath, nil
}
+func getDefaultSystemdCgroup() string {
+ if rootless.IsRootless() {
+ return SystemdDefaultRootlessCgroupParent
+ }
+ return SystemdDefaultCgroupParent
+}
+
// makeSystemdCgroup creates a systemd CGroup at the given location.
func makeSystemdCgroup(path string) error {
- controller, err := cgroups.NewSystemd(SystemdDefaultCgroupParent)
+ controller, err := cgroups.NewSystemd(getDefaultSystemdCgroup())
if err != nil {
return err
}
@@ -45,7 +53,7 @@ func makeSystemdCgroup(path string) error {
// deleteSystemdCgroup deletes the systemd cgroup at the given location
func deleteSystemdCgroup(path string) error {
- controller, err := cgroups.NewSystemd(SystemdDefaultCgroupParent)
+ controller, err := cgroups.NewSystemd(getDefaultSystemdCgroup())
if err != nil {
return err
}