aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/oci.go30
-rw-r--r--libpod/runtime.go4
2 files changed, 19 insertions, 15 deletions
diff --git a/libpod/oci.go b/libpod/oci.go
index db0fd0d16..95bebdd88 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -349,23 +349,25 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string) (er
childStartPipe.Close()
// Move conmon to specified cgroup
- if r.cgroupManager == SystemdCgroupsManager {
- unitName := createUnitName("libpod-conmon", ctr.ID())
+ if os.Getuid() == 0 {
+ if r.cgroupManager == SystemdCgroupsManager {
+ unitName := createUnitName("libpod-conmon", ctr.ID())
- logrus.Infof("Running conmon under slice %s and unitName %s", cgroupParent, unitName)
- if err = utils.RunUnderSystemdScope(cmd.Process.Pid, cgroupParent, unitName); err != nil {
- logrus.Warnf("Failed to add conmon to systemd sandbox cgroup: %v", err)
- }
- } else {
- cgroupPath := filepath.Join(ctr.config.CgroupParent, fmt.Sprintf("libpod-%s", ctr.ID()), "conmon")
- control, err := cgroups.New(cgroups.V1, cgroups.StaticPath(cgroupPath), &spec.LinuxResources{})
- if err != nil {
- logrus.Warnf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err)
+ logrus.Infof("Running conmon under slice %s and unitName %s", cgroupParent, unitName)
+ if err = utils.RunUnderSystemdScope(cmd.Process.Pid, cgroupParent, unitName); err != nil {
+ logrus.Warnf("Failed to add conmon to systemd sandbox cgroup: %v", err)
+ }
} else {
- // we need to remove this defer and delete the cgroup once conmon exits
- // maybe need a conmon monitor?
- if err := control.Add(cgroups.Process{Pid: cmd.Process.Pid}); err != nil {
+ cgroupPath := filepath.Join(ctr.config.CgroupParent, fmt.Sprintf("libpod-%s", ctr.ID()), "conmon")
+ control, err := cgroups.New(cgroups.V1, cgroups.StaticPath(cgroupPath), &spec.LinuxResources{})
+ if err != nil {
logrus.Warnf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err)
+ } else {
+ // we need to remove this defer and delete the cgroup once conmon exits
+ // maybe need a conmon monitor?
+ if err := control.Add(cgroups.Process{Pid: cmd.Process.Pid}); err != nil {
+ logrus.Warnf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err)
+ }
}
}
}
diff --git a/libpod/runtime.go b/libpod/runtime.go
index b208bc718..05b8134b8 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -183,7 +183,9 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {
configPath := ConfigPath
foundConfig := true
- if _, err := os.Stat(OverrideConfigPath); err == nil {
+ if os.Getuid() != 0 {
+ foundConfig = false
+ } else if _, err := os.Stat(OverrideConfigPath); err == nil {
// Use the override configuration path
configPath = OverrideConfigPath
} else if _, err := os.Stat(ConfigPath); err != nil {