summaryrefslogtreecommitdiff
path: root/cmd/podman/system/service_abi.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/podman/system/service_abi.go')
-rw-r--r--cmd/podman/system/service_abi.go38
1 files changed, 34 insertions, 4 deletions
diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go
index 9dc9de1c8..6823d77ba 100644
--- a/cmd/podman/system/service_abi.go
+++ b/cmd/podman/system/service_abi.go
@@ -4,24 +4,46 @@
package system
import (
+ "errors"
"fmt"
"net"
"net/url"
"os"
"path/filepath"
+ "github.com/containers/common/pkg/cgroups"
"github.com/containers/podman/v4/cmd/podman/registry"
api "github.com/containers/podman/v4/pkg/api/server"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/domain/infra"
"github.com/containers/podman/v4/pkg/servicereaper"
+ "github.com/containers/podman/v4/utils"
"github.com/coreos/go-systemd/v22/activation"
- "github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/spf13/pflag"
"golang.org/x/sys/unix"
)
+// maybeMoveToSubCgroup moves the current process in a sub cgroup when
+// it is running in the root cgroup on a system that uses cgroupv2.
+func maybeMoveToSubCgroup() error {
+ unifiedMode, err := cgroups.IsCgroup2UnifiedMode()
+ if err != nil {
+ return err
+ }
+ if !unifiedMode {
+ return nil
+ }
+ cgroup, err := utils.GetOwnCgroup()
+ if err != nil {
+ return err
+ }
+ if cgroup == "/" {
+ return utils.MoveUnderCgroupSubtree("init")
+ }
+ return nil
+}
+
func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities.ServiceOptions) error {
var (
listener net.Listener
@@ -46,11 +68,15 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities
return fmt.Errorf("wrong number of file descriptors for socket activation protocol (%d != 1)", len(listeners))
}
listener = listeners[0]
+ // note that activation.Listeners() returns nil when it cannot listen on the fd (i.e. udp connection)
+ if listener == nil {
+ return errors.New("unexpected fd received from systemd: cannot listen on it")
+ }
libpodRuntime.SetRemoteURI(listeners[0].Addr().String())
} else {
uri, err := url.Parse(opts.URI)
if err != nil {
- return errors.Errorf("%s is an invalid socket destination", opts.URI)
+ return fmt.Errorf("%s is an invalid socket destination", opts.URI)
}
switch uri.Scheme {
@@ -70,7 +96,7 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities
} else {
listener, err = net.Listen(uri.Scheme, path)
if err != nil {
- return errors.Wrapf(err, "unable to create socket")
+ return fmt.Errorf("unable to create socket: %w", err)
}
}
case "tcp":
@@ -81,7 +107,7 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities
}
listener, err = net.Listen(uri.Scheme, host)
if err != nil {
- return errors.Wrapf(err, "unable to create socket %v", host)
+ return fmt.Errorf("unable to create socket %v: %w", host, err)
}
default:
logrus.Debugf("Attempting API Service endpoint scheme %q", uri.Scheme)
@@ -99,6 +125,10 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities
return err
}
+ if err := maybeMoveToSubCgroup(); err != nil {
+ return err
+ }
+
servicereaper.Start()
infra.StartWatcher(libpodRuntime)
server, err := api.NewServerWithSettings(libpodRuntime, listener, opts)
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-12 15:45:23 +0000