diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal.go | 4 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 34 | ||||
| -rw-r--r-- | libpod/runtime_pod_linux.go | 19 |
3 files changed, 42 insertions, 15 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 54558f3fc..b523c89e3 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1226,6 +1226,10 @@ func (c *Container) generateHosts() (string, error) { hosts += fmt.Sprintf("%s %s\n", fields[1], fields[0]) } } + if len(c.state.NetworkStatus) > 0 && len(c.state.NetworkStatus[0].IPs) > 0 { + ipAddress := strings.Split(c.state.NetworkStatus[0].IPs[0].Address.String(), "/")[0] + hosts += fmt.Sprintf("%s\t%s\n", ipAddress, c.Hostname()) + } return c.writeStringToRundir("hosts", hosts) } diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 7bf2c71ca..d89eefd3b 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -360,19 +360,31 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro g.AddMount(tmpfsMnt) } - cgroupPath, err := c.CGroupPath() - if err != nil { - return err - } - sourcePath := filepath.Join("/sys/fs/cgroup/systemd", cgroupPath) + // rootless containers have no write access to /sys/fs/cgroup, so don't + // add any mount into the container. + if !rootless.IsRootless() { + cgroupPath, err := c.CGroupPath() + if err != nil { + return err + } + sourcePath := filepath.Join("/sys/fs/cgroup/systemd", cgroupPath) - systemdMnt := spec.Mount{ - Destination: "/sys/fs/cgroup/systemd", - Type: "bind", - Source: sourcePath, - Options: []string{"bind", "private"}, + systemdMnt := spec.Mount{ + Destination: "/sys/fs/cgroup/systemd", + Type: "bind", + Source: sourcePath, + Options: []string{"bind", "private"}, + } + g.AddMount(systemdMnt) + } else { + systemdMnt := spec.Mount{ + Destination: "/sys/fs/cgroup/systemd", + Type: "bind", + Source: "/sys/fs/cgroup/systemd", + Options: []string{"bind", "nodev", "noexec", "nosuid"}, + } + g.AddMount(systemdMnt) } - g.AddMount(systemdMnt) return nil } diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index eb3d471dd..3d6fad52f 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -265,15 +265,26 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) } case CgroupfsCgroupsManager: // Delete the cgroupfs cgroup + // Make sure the conmon cgroup is deleted first + // Since the pod is almost gone, don't bother failing + // hard - instead, just log errors. v1CGroups := GetV1CGroups(getExcludedCGroups()) + conmonCgroupPath := filepath.Join(p.state.CgroupPath, "conmon") + conmonCgroup, err := cgroups.Load(v1CGroups, cgroups.StaticPath(conmonCgroupPath)) + if err != nil && err != cgroups.ErrCgroupDeleted { + return err + } + if err == nil { + if err := conmonCgroup.Delete(); err != nil { + logrus.Errorf("Error deleting pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err) + } + } cgroup, err := cgroups.Load(v1CGroups, cgroups.StaticPath(p.state.CgroupPath)) if err != nil && err != cgroups.ErrCgroupDeleted { return err - } else if err == nil { + } + if err == nil { if err := cgroup.Delete(); err != nil { - // The pod is already almost gone. - // No point in hard-failing if we fail - // this bit of cleanup. logrus.Errorf("Error deleting pod %s cgroup %s: %v", p.ID(), p.state.CgroupPath, err) } } |