aboutsummaryrefslogtreecommitdiff
path: root/pkg/cgroups
Commit message (Collapse)AuthorAge
* Fix invalid container path comparison for pid cgroupSascha Grunert2020-04-14
| | | | | | | This fixes the behavior to return nil for the PIDs cgroup if the container path is empty. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Do not error on pids.current stats if ctr.path is emptySascha Grunert2020-04-07
| | | | | | | | | | If the ctr.path is empty, then we do not try to access `/sys/fs/cgroup/pids/pids.current` any more because this path will be wrong in any case. We now return and do not set the PIDs stats. Refers to https://github.com/cri-o/cri-o/issues/3522 Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* update systemd & dbus dependenciesValentin Rothberg2020-03-10
| | | | | | | | Update the outdated systemd and dbus dependencies which are now provided as go modules. This will further tighten our dependencies and releases and pave the way for the upcoming auto-update feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* stats: add SystemUsageGiuseppe Scrivano2020-02-12
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Use cgroupv2 super magic from golang.org/x/sys/unixSascha Grunert2020-01-21
| | | | | | | We can use this constant from the already existing sys/unix package instead of defining it by our own. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* make lint: enable gocriticValentin Rothberg2020-01-13
| | | | | | | `gocritic` is a powerful linter that helps in preventing certain kinds of errors as well as enforcing a coding style. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* cgroups: read correctly the CPU statsGiuseppe Scrivano2019-11-01
| | | | | | the two values were incorrectly switched. Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
* rootless: automatically create a systemd scopeGiuseppe Scrivano2019-09-12
| | | | | | | | | | | | | | | | | | | | | when running in rootless mode and using systemd as cgroup manager create automatically a systemd scope when the user doesn't own the current cgroup. This solves a couple of issues: on cgroup v2 it is necessary that a process before it can moved to a different cgroup tree must be in a directory owned by the unprivileged user. This is not always true, e.g. when creating a session with su -l. Closes: https://github.com/containers/libpod/issues/3937 Also, for running systemd in a container it was before necessary to specify "systemd-run --scope --user podman ...", now this is done automatically as part of this PR. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix error message on podman stats on cgroups v1 rootless environmentsDaniel J Walsh2019-08-19
| | | | | | | podman stats does not work in rootless environments with cgroups V1. Fix error message and document this fact. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* pkg/cgroups: use DBUS session when rootlessGiuseppe Scrivano2019-08-14
| | | | | | | | use the DBUS user session when running in rootless mode. Closes: https://github.com/containers/libpod/issues/3801 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* golangci-lint round #3baude2019-07-21
| | | | | | | this is the third round of preparing to use the golangci-lint on our code base. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3564 from giuseppe/cgroupsv2-no-controllers-last-pathOpenShift Merge Robot2019-07-13
|\ | | | | cgroupsv2: do not enable controllers for the last component
| * cgroupsv2: do not enable controllers for the last componentGiuseppe Scrivano2019-07-12
| | | | | | | | | | | | | | | | | | | | | | do not automatically enable the controllers for the last path component. It is necessary as once there are enabled controllers in a cgroup, it won't possible to add processes to it. Fix conmon being moved to the correct cgroup path when using --cgroup-manager cgroupfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | cgroups: fix a leak when using cgroupfsGiuseppe Scrivano2019-07-11
| | | | | | | | | | | | | | be sure to load all the existing handlers, so that they can also be freed in addition to the handlers we treat differently. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | cgroups: attempt a recursive rmdirGiuseppe Scrivano2019-07-11
|/ | | | | | | if the cgroup cannot be deleted, then attempt to delete all its subdirectories and try again. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* cgroups: skip not existing cpuacct filesGiuseppe Scrivano2019-07-10
| | | | | | | | if the cpuacct file doesn't exist, ignore it instead of erroring out. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1728242 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* cgroups: support creating cgroupsv2 pathsGiuseppe Scrivano2019-07-10
| | | | | | | | | drop the limitation of not supporting creating new cgroups v2 paths. Every controller enabled /sys/fs/cgroup will be propagated down to the created path. This won't work for rootless cgroupsv2, but it is not an issue for now, as this code is used only by CRI-O. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* cgroups: fix times conversionGiuseppe Scrivano2019-07-02
| | | | | | convert the time we read in microseconds to nanoseconds. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* pkg, cgroups: add initial support for cgroup v2Giuseppe Scrivano2019-06-26
| | | | | | | | | | | | | | | | | This is an initial implementation of cgroup v2 support for pkg/cgroups. It currently works with crun, with this patch: https://github.com/giuseppe/crun/pull/49). It adds the pieces for: - set PID limit to 1 - retrieve stats so that "podman stats" work. the only missing part is the support for reading per CPU stats (that is cpuacct.usage_percpu on cgroup v1), so for now it always returns an empty result. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* libpod: use pkg/cgroups instead of containerd/cgroupsGiuseppe Scrivano2019-06-26
| | | | | | use the new implementation for dealing with cgroups. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* pkg: new package cgroupsGiuseppe Scrivano2019-06-26
provide a package for managing cgroups. This is not supposed to be a complete implementation with all the features supported by cgroups, but it is a minimal implementation designed around what libpod needs and it is currently using. For example, it is currently possible to Apply only the pids limit, as it is used by libpod for stopping containers, any other Apply will just fail. The main goal here is to have a minimal library where we have full control, so we can start playing with cgroup v2. When the need arises, we can add more features. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>