diff options
-rw-r--r-- | pkg/specgen/generate/container.go | 4 | ||||
-rw-r--r-- | pkg/specgenutil/specgen.go | 9 | ||||
-rw-r--r-- | test/e2e/containers_conf_test.go | 31 |
3 files changed, 44 insertions, 0 deletions
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 2c7b3c091..7b55a0cb3 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -229,6 +229,10 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat } } + if s.CgroupsMode == "" { + s.CgroupsMode = rtc.Cgroups() + } + // If caller did not specify Pids Limits load default if s.ResourceLimits == nil || s.ResourceLimits.Pids == nil { if s.CgroupsMode != "disabled" { diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go index bb9d5d1f9..59ac19c2c 100644 --- a/pkg/specgenutil/specgen.go +++ b/pkg/specgenutil/specgen.go @@ -8,6 +8,7 @@ import ( "strings" "time" + "github.com/containers/common/pkg/config" "github.com/containers/image/v5/manifest" "github.com/containers/podman/v3/cmd/podman/parse" "github.com/containers/podman/v3/libpod/define" @@ -490,6 +491,14 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions } s.CgroupParent = c.CgroupParent s.CgroupsMode = c.CgroupsMode + if s.CgroupsMode == "" { + rtc, err := config.Default() + if err != nil { + return err + } + + s.CgroupsMode = rtc.Cgroups() + } s.Groups = c.GroupAdd diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index a4fea0b9e..d6bf66a50 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -484,4 +484,35 @@ var _ = Describe("Podman run", func() { Expect(result).Should(Exit(125)) Expect(result.ErrorToString()).To(ContainSubstring(errorString)) }) + + It("podman containers.conf cgroups=disabled", func() { + if !strings.Contains(podmanTest.OCIRuntime, "crun") { + Skip("FIXME: requires crun") + } + conffile := filepath.Join(podmanTest.TempDir, "container.conf") + + err := ioutil.WriteFile(conffile, []byte("[containers]\ncgroups=\"disabled\"\n"), 0755) + Expect(err).To(BeNil()) + + result := podmanTest.Podman([]string{"create", ALPINE, "true"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + + inspect := podmanTest.Podman([]string{"inspect", "--format", "{{ .HostConfig.Cgroups }}", result.OutputToString()}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.OutputToString()).To(Not(Equal("disabled"))) + + os.Setenv("CONTAINERS_CONF", conffile) + if IsRemote() { + podmanTest.RestartRemoteService() + } + result = podmanTest.Podman([]string{"create", ALPINE, "true"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + + inspect = podmanTest.Podman([]string{"inspect", "--format", "{{ .HostConfig.Cgroups }}", result.OutputToString()}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.OutputToString()).To(Equal("disabled")) + }) + }) |