diff options
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/container_internal_linux.go | 50 | ||||
-rw-r--r-- | libpod/oci.go | 11 | ||||
-rw-r--r-- | libpod/runtime.go | 16 |
3 files changed, 57 insertions, 20 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 72b0d3a74..6dbd53fbf 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -466,30 +466,48 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro g.AddMount(tmpfsMnt) } - // rootless containers have no write access to /sys/fs/cgroup, so don't - // add any mount into the container. - if !rootless.IsRootless() { - cgroupPath, err := c.CGroupPath() - if err != nil { - return err - } - sourcePath := filepath.Join("/sys/fs/cgroup/systemd", cgroupPath) + unified, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return err + } + + g.RemoveMount("/sys/fs/cgroup") + if unified { + sourcePath := filepath.Join("/sys/fs/cgroup") systemdMnt := spec.Mount{ - Destination: "/sys/fs/cgroup/systemd", + Destination: "/sys/fs/cgroup", Type: "bind", Source: sourcePath, - Options: []string{"bind", "private"}, + Options: []string{"bind", "private", "rw"}, } g.AddMount(systemdMnt) } else { - systemdMnt := spec.Mount{ - Destination: "/sys/fs/cgroup/systemd", - Type: "bind", - Source: "/sys/fs/cgroup/systemd", - Options: []string{"bind", "nodev", "noexec", "nosuid"}, + // rootless containers have no write access to /sys/fs/cgroup, so don't + // add any mount into the container. + if !rootless.IsRootless() { + cgroupPath, err := c.CGroupPath() + if err != nil { + return err + } + sourcePath := filepath.Join("/sys/fs/cgroup", cgroupPath) + + systemdMnt := spec.Mount{ + Destination: "/sys/fs/cgroup", + Type: "bind", + Source: sourcePath, + Options: []string{"bind", "private"}, + } + g.AddMount(systemdMnt) + } else { + systemdMnt := spec.Mount{ + Destination: "/sys/fs/cgroup", + Type: "bind", + Source: "/sys/fs/cgroup", + Options: []string{"bind", "nodev", "noexec", "nosuid"}, + } + g.AddMount(systemdMnt) } - g.AddMount(systemdMnt) } return nil diff --git a/libpod/oci.go b/libpod/oci.go index 193e66aaf..2eb004b84 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -106,8 +106,19 @@ func newOCIRuntime(name string, paths []string, conmonPath string, runtimeCfg *R } foundPath = true runtime.path = path + logrus.Debugf("using runtime %q", path) break } + + // Search the $PATH as last fallback + if !foundPath { + if foundRuntime, err := exec.LookPath(name); err == nil { + foundPath = true + runtime.path = foundRuntime + logrus.Debugf("using runtime %q from $PATH: %q", name, foundRuntime) + } + } + if !foundPath { return nil, errors.Wrapf(define.ErrInvalidArg, "no valid executable found for OCI runtime %s", name) } diff --git a/libpod/runtime.go b/libpod/runtime.go index bb6bfbfcc..ffdbc32f1 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -5,6 +5,7 @@ import ( "fmt" "io/ioutil" "os" + "os/exec" "os/user" "path/filepath" "strings" @@ -740,8 +741,19 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) { } foundConmon = true runtime.conmonPath = path + logrus.Debugf("using conmon: %q", path) break } + + // Search the $PATH as last fallback + if !foundConmon { + if conmon, err := exec.LookPath("conmon"); err == nil { + foundConmon = true + runtime.conmonPath = conmon + logrus.Debugf("using conmon from $PATH: %q", conmon) + } + } + if !foundConmon { return errors.Wrapf(define.ErrInvalidArg, "could not find a working conmon binary (configured options: %v)", @@ -938,10 +950,6 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) { // Initialize remaining OCI runtimes for name, paths := range runtime.config.OCIRuntimes { - if len(paths) == 0 { - return errors.Wrapf(define.ErrInvalidArg, "must provide at least 1 path to OCI runtime %s", name) - } - supportsJSON := false for _, r := range runtime.config.RuntimeSupportsJSON { if r == name { |