summaryrefslogtreecommitdiff
path: root/pkg/cgroups
Commit message (Collapse)AuthorAge
* cgroups: use cgroup.controllers to read controllersGiuseppe Scrivano2021-10-12
| | | | | | | | | | | | | use the cgroup.controllers file instead of cgroup.subtree_control to read the list of controllers available in the current cgroup. Closes: https://github.com/containers/podman/issues/11931 [NO TESTS NEEDED] we have disabled this test in the CI because it is difficult to know what controllers are going to be enabled for rootless under all conditions we test. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* cgroup-info: check if user.slice is valid before accessing valueAditya Rajan2021-09-07
| | | | | | | | | Prevent hitting `panic: runtime error: index out of range [1] with length 1` while performing `podman info` when unexpected values for user.slice is found. [NO TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Globally replace http:// with https://Daniel J Walsh2021-08-27
| | | | | | [NO TESTS NEEDED] Hopefully existing tests will find issues. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix panic condition in cgroups.getAvailableControllerszhangguanzhang2021-06-15
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Podman info add support for status of cgroup controllersflouthoc2021-05-24
| | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* cgroups: force 64 bits to ParseUintGiuseppe Scrivano2021-04-09
| | | | | | | | | | | | [NO TESTS NEEDED] force bitsSize==64 so that the string is always parsed to a uint64 instead of using the native int size, that could be not big enough on 32 bits arches. Closes: https://github.com/containers/podman/issues/9979 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #9464 from giuseppe/fix-cgroupv1-statsOpenShift Merge Robot2021-02-22
|\ | | | | cgroup: change cgroup deletion logic on v1
| * cgroup: change cgroup deletion logic on v1Giuseppe Scrivano2021-02-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | do not raise an error if the cgroup exists at least on one controller. Previously it expected the cgroup to exists under all the controllers. [NO TESTS NEEDED] Closes: https://github.com/containers/podman/issues/9252 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | bump go module to v3Valentin Rothberg2021-02-22
|/ | | | | | | | | We missed bumping the go module, so let's do it now :) * Automated go code with github.com/sirkon/go-imports-rename * Manually via `vgrep podman/v2` the rest Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Enable whitespace linterPaul Holzinger2021-02-11
| | | | | | | | Use the whitespace linter and fix the reported problems. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Don't fail if one of the cgroups is not setupDaniel J Walsh2021-01-27
| | | | | | | | | | | It is fairly common for certain cgroups controllers to not be enabled on a system. We should Warn when this happens versus failing, when doing podman stats command. This way users can get information from the other controllers. Fixes: https://github.com/containers/podman/issues/8588 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* SpellingJosh Soref2020-12-22
| | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* pkg/cgroups/createCgroupv2Path: nitsKir Kolyshkin2020-10-05
| | | | | | | | | | | | 1. Check the path validity before trying to read the cgroup.controllers. 2. Do not hardcode "/sys/fs/cgroup". 3. Simplify creating the "+this +that" string. 4. Do not wrap ioutil.WriteFile error. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Remove excessive error wrappingKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | In case os.Open[File], os.Mkdir[All], ioutil.ReadFile and the like fails, the error message already contains the file name and the operation that fails, so there is no need to wrap the error with something like "open %s failed". While at it - replace a few places with os.Open, ioutil.ReadAll with ioutil.ReadFile. - replace errors.Wrapf with errors.Wrap for cases where there are no %-style arguments. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Turn on More lintersDaniel J Walsh2020-06-15
| | | | | | | | | - misspell - prealloc - unparam - nakedret Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* cgroup: skip unified if we are using v1Peter Hunt2020-05-12
| | | | | | | | There exists a chance for a node to be booted in v1, but have reminents of v2. An example is this CRI-O ci run: https://deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gcs/origin-federated-results/pr-logs/pull/cri-o_cri-o/3565/test_pull_request_crio_critest_fedora/11243/ We fail because we are incorrectly writing to the unified path, because we are v1. We should not write to the unified path if we are v1 Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Fix invalid container path comparison for pid cgroupSascha Grunert2020-04-14
| | | | | | | This fixes the behavior to return nil for the PIDs cgroup if the container path is empty. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Do not error on pids.current stats if ctr.path is emptySascha Grunert2020-04-07
| | | | | | | | | | If the ctr.path is empty, then we do not try to access `/sys/fs/cgroup/pids/pids.current` any more because this path will be wrong in any case. We now return and do not set the PIDs stats. Refers to https://github.com/cri-o/cri-o/issues/3522 Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* update systemd & dbus dependenciesValentin Rothberg2020-03-10
| | | | | | | | Update the outdated systemd and dbus dependencies which are now provided as go modules. This will further tighten our dependencies and releases and pave the way for the upcoming auto-update feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* stats: add SystemUsageGiuseppe Scrivano2020-02-12
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Use cgroupv2 super magic from golang.org/x/sys/unixSascha Grunert2020-01-21
| | | | | | | We can use this constant from the already existing sys/unix package instead of defining it by our own. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* make lint: enable gocriticValentin Rothberg2020-01-13
| | | | | | | `gocritic` is a powerful linter that helps in preventing certain kinds of errors as well as enforcing a coding style. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* cgroups: read correctly the CPU statsGiuseppe Scrivano2019-11-01
| | | | | | the two values were incorrectly switched. Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
* rootless: automatically create a systemd scopeGiuseppe Scrivano2019-09-12
| | | | | | | | | | | | | | | | | | | | | when running in rootless mode and using systemd as cgroup manager create automatically a systemd scope when the user doesn't own the current cgroup. This solves a couple of issues: on cgroup v2 it is necessary that a process before it can moved to a different cgroup tree must be in a directory owned by the unprivileged user. This is not always true, e.g. when creating a session with su -l. Closes: https://github.com/containers/libpod/issues/3937 Also, for running systemd in a container it was before necessary to specify "systemd-run --scope --user podman ...", now this is done automatically as part of this PR. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix error message on podman stats on cgroups v1 rootless environmentsDaniel J Walsh2019-08-19
| | | | | | | podman stats does not work in rootless environments with cgroups V1. Fix error message and document this fact. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* pkg/cgroups: use DBUS session when rootlessGiuseppe Scrivano2019-08-14
| | | | | | | | use the DBUS user session when running in rootless mode. Closes: https://github.com/containers/libpod/issues/3801 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* golangci-lint round #3baude2019-07-21
| | | | | | | this is the third round of preparing to use the golangci-lint on our code base. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3564 from giuseppe/cgroupsv2-no-controllers-last-pathOpenShift Merge Robot2019-07-13
|\ | | | | cgroupsv2: do not enable controllers for the last component
| * cgroupsv2: do not enable controllers for the last componentGiuseppe Scrivano2019-07-12
| | | | | | | | | | | | | | | | | | | | | | do not automatically enable the controllers for the last path component. It is necessary as once there are enabled controllers in a cgroup, it won't possible to add processes to it. Fix conmon being moved to the correct cgroup path when using --cgroup-manager cgroupfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | cgroups: fix a leak when using cgroupfsGiuseppe Scrivano2019-07-11
| | | | | | | | | | | | | | be sure to load all the existing handlers, so that they can also be freed in addition to the handlers we treat differently. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | cgroups: attempt a recursive rmdirGiuseppe Scrivano2019-07-11
|/ | | | | | | if the cgroup cannot be deleted, then attempt to delete all its subdirectories and try again. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* cgroups: skip not existing cpuacct filesGiuseppe Scrivano2019-07-10
| | | | | | | | if the cpuacct file doesn't exist, ignore it instead of erroring out. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1728242 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* cgroups: support creating cgroupsv2 pathsGiuseppe Scrivano2019-07-10
| | | | | | | | | drop the limitation of not supporting creating new cgroups v2 paths. Every controller enabled /sys/fs/cgroup will be propagated down to the created path. This won't work for rootless cgroupsv2, but it is not an issue for now, as this code is used only by CRI-O. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* cgroups: fix times conversionGiuseppe Scrivano2019-07-02
| | | | | | convert the time we read in microseconds to nanoseconds. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* pkg, cgroups: add initial support for cgroup v2Giuseppe Scrivano2019-06-26
| | | | | | | | | | | | | | | | | This is an initial implementation of cgroup v2 support for pkg/cgroups. It currently works with crun, with this patch: https://github.com/giuseppe/crun/pull/49). It adds the pieces for: - set PID limit to 1 - retrieve stats so that "podman stats" work. the only missing part is the support for reading per CPU stats (that is cpuacct.usage_percpu on cgroup v1), so for now it always returns an empty result. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* libpod: use pkg/cgroups instead of containerd/cgroupsGiuseppe Scrivano2019-06-26
| | | | | | use the new implementation for dealing with cgroups. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* pkg: new package cgroupsGiuseppe Scrivano2019-06-26
provide a package for managing cgroups. This is not supposed to be a complete implementation with all the features supported by cgroups, but it is a minimal implementation designed around what libpod needs and it is currently using. For example, it is currently possible to Apply only the pids limit, as it is used by libpod for stopping containers, any other Apply will just fail. The main goal here is to have a minimal library where we have full control, so we can start playing with cgroup v2. When the need arises, we can add more features. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>