diff options
Diffstat (limited to 'libpod/runtime_ctr.go')
-rw-r--r-- | libpod/runtime_ctr.go | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 4708e0c8f..f5d8e5704 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -3,6 +3,7 @@ package libpod import ( "context" "os" + "path" "path/filepath" "strings" "time" @@ -60,6 +61,24 @@ func (r *Runtime) NewContainer(ctx context.Context, rSpec *spec.Spec, options .. ctr.config.Name = name } + // Check CGroup parent sanity, and set it if it was not set + switch r.config.CgroupManager { + case CgroupfsCgroupsManager: + if ctr.config.CgroupParent == "" { + ctr.config.CgroupParent = CgroupfsDefaultCgroupParent + } else if strings.HasSuffix(path.Base(ctr.config.CgroupParent), ".slice") { + return nil, errors.Wrapf(ErrInvalidArg, "systemd slice received as cgroup parent when using cgroupfs") + } + case SystemdCgroupsManager: + if ctr.config.CgroupParent == "" { + ctr.config.CgroupParent = SystemdDefaultCgroupParent + } else if len(ctr.config.CgroupParent) < 6 || !strings.HasSuffix(path.Base(ctr.config.CgroupParent), ".slice") { + return nil, errors.Wrapf(ErrInvalidArg, "did not receive systemd slice as cgroup parent when using systemd to manage cgroups") + } + default: + return nil, errors.Wrapf(ErrInvalidArg, "unsupported CGroup manager: %s - cannot validate cgroup parent", r.config.CgroupManager) + } + // Set up storage for the container if err := ctr.setupStorage(ctx); err != nil { return nil, err |