|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when running in rootless mode and using systemd as cgroup manager
create automatically a systemd scope when the user doesn't own the
current cgroup.
This solves a couple of issues:
on cgroup v2 it is necessary that a process before it can moved to a
different cgroup tree must be in a directory owned by the unprivileged
user. This is not always true, e.g. when creating a session with su
-l.
Closes: https://github.com/containers/libpod/issues/3937
Also, for running systemd in a container it was before necessary to
specify "systemd-run --scope --user podman ...", now this is done
automatically as part of this PR.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
provide a package for managing cgroups. This is not supposed to be a
complete implementation with all the features supported by cgroups,
but it is a minimal implementation designed around what libpod needs
and it is currently using.
For example, it is currently possible to Apply only the pids limit,
as it is used by libpod for stopping containers, any other Apply will
just fail.
The main goal here is to have a minimal library where we have full
control, so we can start playing with cgroup v2.
When the need arises, we can add more features.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|