summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.github/workflows/multi-arch-build.yaml4
-rw-r--r--go.mod2
-rw-r--r--go.sum4
-rw-r--r--libpod/container_internal_linux.go13
-rw-r--r--libpod/runtime_ctr.go2
-rw-r--r--test/e2e/run_cgroup_parent_test.go35
-rw-r--r--vendor/modules.txt2
7 files changed, 55 insertions, 7 deletions
diff --git a/.github/workflows/multi-arch-build.yaml b/.github/workflows/multi-arch-build.yaml
index 2a86bab7e..0f8a3df7e 100644
--- a/.github/workflows/multi-arch-build.yaml
+++ b/.github/workflows/multi-arch-build.yaml
@@ -24,6 +24,8 @@ jobs:
# build several images (upstream, testing, stable) in parallel
strategy:
+ # By default, failure of one matrix item cancels all others
+ fail-fast: false
matrix:
# Builds are located under contrib/podmanimage/<source> directory
source:
@@ -178,7 +180,7 @@ jobs:
file: ./contrib/podmanimage/${{ matrix.source }}/Dockerfile
platforms: ${{ env.PLATFORMS }}
push: true
- tags: ${{ steps.podman_push.outputs.fqin }}
+ tags: ${{ steps.podman_reg.outputs.fqin }}
labels: |
${{ env.LABELS }}
diff --git a/go.mod b/go.mod
index 6bdb3d390..3d532381f 100644
--- a/go.mod
+++ b/go.mod
@@ -58,7 +58,7 @@ require (
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.7.0
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
- github.com/uber/jaeger-client-go v2.27.0+incompatible
+ github.com/uber/jaeger-client-go v2.28.0+incompatible
github.com/vbauerster/mpb/v6 v6.0.3
github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852
go.etcd.io/bbolt v1.3.5
diff --git a/go.sum b/go.sum
index 36b0dce22..5c10873f3 100644
--- a/go.sum
+++ b/go.sum
@@ -790,8 +790,8 @@ github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/u-root/u-root v7.0.0+incompatible/go.mod h1:RYkpo8pTHrNjW08opNd/U6p/RJE7K0D8fXO0d47+3YY=
-github.com/uber/jaeger-client-go v2.27.0+incompatible h1:6WVONolFJiB8Vx9bq4z9ddyV/SXSpfvvtb7Yl/TGHiE=
-github.com/uber/jaeger-client-go v2.27.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
+github.com/uber/jaeger-client-go v2.28.0+incompatible h1:G4QSBfvPKvg5ZM2j9MrJFdfI5iSljY/WnJqOGFao6HI=
+github.com/uber/jaeger-client-go v2.28.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index f4762b5ff..f6045f881 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2224,8 +2224,19 @@ func (c *Container) getOCICgroupPath() (string, error) {
}
cgroupManager := c.CgroupManager()
switch {
- case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)) || c.config.NoCgroups:
+ case c.config.NoCgroups:
return "", nil
+ case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)):
+ if c.config.CgroupParent == CgroupfsDefaultCgroupParent {
+ // old versions of podman were setting the CgroupParent to CgroupfsDefaultCgroupParent
+ // by default. Avoid breaking these versions and check whether the cgroup parent is
+ // set to the default and in this case enable the old behavior. It should not be a real
+ // problem because the default CgroupParent is usually owned by root so rootless users
+ // cannot access it.
+ // This check might be lifted in a future version of Podman.
+ return "", nil
+ }
+ return c.config.CgroupParent, nil
case c.config.CgroupsMode == cgroupSplit:
if c.config.CgroupParent != "" {
return c.config.CgroupParent, nil
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 0acf88cbc..328f47c12 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -296,7 +296,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
return nil, errors.Wrapf(define.ErrInternal, "pod %s cgroup is not set", pod.ID())
}
ctr.config.CgroupParent = podCgroup
- } else {
+ } else if !rootless.IsRootless() {
ctr.config.CgroupParent = CgroupfsDefaultCgroupParent
}
} else if strings.HasSuffix(path.Base(ctr.config.CgroupParent), ".slice") {
diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go
index d68b1bb5f..1df4c4033 100644
--- a/test/e2e/run_cgroup_parent_test.go
+++ b/test/e2e/run_cgroup_parent_test.go
@@ -1,7 +1,10 @@
package integration
import (
+ "fmt"
"os"
+ "path/filepath"
+ "strings"
. "github.com/containers/podman/v3/test/utils"
. "github.com/onsi/ginkgo"
@@ -58,6 +61,38 @@ var _ = Describe("Podman run with --cgroup-parent", func() {
Expect(ok).To(BeTrue())
})
+ Specify("always honor --cgroup-parent", func() {
+ SkipIfCgroupV1("test not supported in cgroups v1")
+ if Containerized() || podmanTest.CgroupManager == "cgroupfs" {
+ Skip("Requires Systemd cgroup manager support")
+ }
+ if IsRemote() {
+ Skip("Not supported for remote")
+ }
+
+ run := podmanTest.Podman([]string{"run", "-d", "--cgroupns=host", fedoraMinimal, "sleep", "100"})
+ run.WaitWithDefaultTimeout()
+ Expect(run.ExitCode()).To(Equal(0))
+ cid := run.OutputToString()
+
+ exec := podmanTest.Podman([]string{"exec", cid, "cat", "/proc/self/cgroup"})
+ exec.WaitWithDefaultTimeout()
+ Expect(exec.ExitCode()).To(Equal(0))
+
+ cgroup := filepath.Dir(strings.TrimRight(strings.Replace(exec.OutputToString(), "0::", "", -1), "\n"))
+
+ run = podmanTest.Podman([]string{"--cgroup-manager=cgroupfs", "run", "-d", fmt.Sprintf("--cgroup-parent=%s", cgroup), fedoraMinimal, "sleep", "100"})
+ run.WaitWithDefaultTimeout()
+ Expect(run.ExitCode()).To(Equal(0))
+
+ exec = podmanTest.Podman([]string{"exec", cid, "cat", "/proc/self/cgroup"})
+ exec.WaitWithDefaultTimeout()
+ Expect(exec.ExitCode()).To(Equal(0))
+ cgroupEffective := filepath.Dir(strings.TrimRight(strings.Replace(exec.OutputToString(), "0::", "", -1), "\n"))
+
+ Expect(cgroupEffective).To(Equal(cgroup))
+ })
+
Specify("valid --cgroup-parent using slice", func() {
if Containerized() || podmanTest.CgroupManager == "cgroupfs" {
Skip("Requires Systemd cgroup manager support")
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 446081623..f7333e830 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -579,7 +579,7 @@ github.com/stretchr/testify/require
github.com/syndtr/gocapability/capability
# github.com/tchap/go-patricia v2.3.0+incompatible
github.com/tchap/go-patricia/patricia
-# github.com/uber/jaeger-client-go v2.27.0+incompatible
+# github.com/uber/jaeger-client-go v2.28.0+incompatible
github.com/uber/jaeger-client-go/log
github.com/uber/jaeger-client-go/thrift
github.com/uber/jaeger-client-go/thrift-gen/agent