| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
If the ctr.path is empty, then we do not try to access
`/sys/fs/cgroup/pids/pids.current` any more because this path will be
wrong in any case. We now return and do not set the PIDs stats.
Refers to https://github.com/cri-o/cri-o/issues/3522
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|
|
|
|
|
|
|
| |
Update the outdated systemd and dbus dependencies which are now provided
as go modules. This will further tighten our dependencies and releases
and pave the way for the upcoming auto-update feature.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
We can use this constant from the already existing sys/unix package
instead of defining it by our own.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|
|
|
|
|
|
| |
`gocritic` is a powerful linter that helps in preventing certain kinds
of errors as well as enforcing a coding style.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
| |
the two values were incorrectly switched.
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when running in rootless mode and using systemd as cgroup manager
create automatically a systemd scope when the user doesn't own the
current cgroup.
This solves a couple of issues:
on cgroup v2 it is necessary that a process before it can moved to a
different cgroup tree must be in a directory owned by the unprivileged
user. This is not always true, e.g. when creating a session with su
-l.
Closes: https://github.com/containers/libpod/issues/3937
Also, for running systemd in a container it was before necessary to
specify "systemd-run --scope --user podman ...", now this is done
automatically as part of this PR.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
podman stats does not work in rootless environments with cgroups V1.
Fix error message and document this fact.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
| |
use the DBUS user session when running in rootless mode.
Closes: https://github.com/containers/libpod/issues/3801
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
this is the third round of preparing to use the golangci-lint on our
code base.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
cgroupsv2: do not enable controllers for the last component
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
do not automatically enable the controllers for the last path
component. It is necessary as once there are enabled controllers in a
cgroup, it won't possible to add processes to it.
Fix conmon being moved to the correct cgroup path when using
--cgroup-manager cgroupfs.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
be sure to load all the existing handlers, so that they can also be
freed in addition to the handlers we treat differently.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
| |
if the cgroup cannot be deleted, then attempt to delete all its
subdirectories and try again.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
| |
if the cpuacct file doesn't exist, ignore it instead of erroring out.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1728242
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
| |
drop the limitation of not supporting creating new cgroups v2 paths.
Every controller enabled /sys/fs/cgroup will be propagated down to the
created path. This won't work for rootless cgroupsv2, but it is not
an issue for now, as this code is used only by CRI-O.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
| |
convert the time we read in microseconds to nanoseconds.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an initial implementation of cgroup v2 support for
pkg/cgroups. It currently works with crun, with this patch:
https://github.com/giuseppe/crun/pull/49).
It adds the pieces for:
- set PID limit to 1
- retrieve stats so that "podman stats" work.
the only missing part is the support for reading per
CPU stats (that is cpuacct.usage_percpu on cgroup v1), so for now it
always returns an empty result.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
| |
use the new implementation for dealing with cgroups.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
provide a package for managing cgroups. This is not supposed to be a
complete implementation with all the features supported by cgroups,
but it is a minimal implementation designed around what libpod needs
and it is currently using.
For example, it is currently possible to Apply only the pids limit,
as it is used by libpod for stopping containers, any other Apply will
just fail.
The main goal here is to have a minimal library where we have full
control, so we can start playing with cgroup v2.
When the need arises, we can add more features.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|