diff options
| -rw-r--r-- | cmd/podman/system/service_abi.go | 26 | ||||
| -rw-r--r-- | utils/utils_supported.go | 2 |
2 files changed, 27 insertions, 1 deletions
diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go index e2163a6aa..6823d77ba 100644 --- a/cmd/podman/system/service_abi.go +++ b/cmd/podman/system/service_abi.go @@ -11,17 +11,39 @@ import ( "os" "path/filepath" + "github.com/containers/common/pkg/cgroups" "github.com/containers/podman/v4/cmd/podman/registry" api "github.com/containers/podman/v4/pkg/api/server" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/domain/infra" "github.com/containers/podman/v4/pkg/servicereaper" + "github.com/containers/podman/v4/utils" "github.com/coreos/go-systemd/v22/activation" "github.com/sirupsen/logrus" "github.com/spf13/pflag" "golang.org/x/sys/unix" ) +// maybeMoveToSubCgroup moves the current process in a sub cgroup when +// it is running in the root cgroup on a system that uses cgroupv2. +func maybeMoveToSubCgroup() error { + unifiedMode, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return err + } + if !unifiedMode { + return nil + } + cgroup, err := utils.GetOwnCgroup() + if err != nil { + return err + } + if cgroup == "/" { + return utils.MoveUnderCgroupSubtree("init") + } + return nil +} + func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities.ServiceOptions) error { var ( listener net.Listener @@ -103,6 +125,10 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities return err } + if err := maybeMoveToSubCgroup(); err != nil { + return err + } + servicereaper.Start() infra.StartWatcher(libpodRuntime) server, err := api.NewServerWithSettings(libpodRuntime, listener, opts) diff --git a/utils/utils_supported.go b/utils/utils_supported.go index c2dcc4631..6378212b6 100644 --- a/utils/utils_supported.go +++ b/utils/utils_supported.go @@ -137,7 +137,7 @@ func moveUnderCgroup(cgroup, subtree string, processes []uint32) error { } // root cgroup, skip it - if parts[2] == "/" { + if parts[2] == "/" && !(unifiedMode && parts[1] == "") { continue } |