From 8b5823a62d1149b59a08d652809d2d117e7b46eb Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Sat, 25 Aug 2018 18:50:59 +0200 Subject: rootless: don't use kill --all The OCI runtime might use the cgroups to see what PIDs are inside the container, but that doesn't work with rootless containers. Closes: https://github.com/containers/libpod/issues/1337 Signed-off-by: Giuseppe Scrivano Closes: #1331 Approved by: rhatdan --- libpod/oci.go | 12 +++++++++++- test/e2e/rootless_test.go | 4 ++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/libpod/oci.go b/libpod/oci.go index 4f0fbe8e9..240f53885 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -591,7 +591,17 @@ func (r *OCIRuntime) stopContainer(ctr *Container, timeout uint) error { } } - if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.path, "kill", "--all", ctr.ID(), "KILL"); err != nil { + var args []string + if rootless.IsRootless() { + // we don't use --all for rootless containers as the OCI runtime might use + // the cgroups to determine the PIDs, but for rootless containers there is + // not any. + args = []string{"kill", ctr.ID(), "KILL"} + } else { + args = []string{"kill", "--all", ctr.ID(), "KILL"} + } + + if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.path, args...); err != nil { // Again, check if the container is gone. If it is, exit cleanly. err := unix.Kill(ctr.state.PID, 0) if err == unix.ESRCH { diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go index 195f403e1..255aaae41 100644 --- a/test/e2e/rootless_test.go +++ b/test/e2e/rootless_test.go @@ -117,6 +117,10 @@ var _ = Describe("Podman rootless", func() { Expect(cmd.ExitCode()).To(Equal(0)) Expect(cmd.LineInOutputContains("hello")).To(BeTrue()) + cmd = podmanTest.PodmanAsUser([]string{"rm", "-l", "-f"}, 1000, 1000, env) + cmd.WaitWithDefaultTimeout() + Expect(cmd.ExitCode()).To(Equal(0)) + allArgs = append([]string{"run", "-d"}, args...) allArgs = append(allArgs, "--security-opt", "seccomp=unconfined", "--rootfs", mountPath, "unshare", "-r", "unshare", "-r", "top") cmd = podmanTest.PodmanAsUser(allArgs, 1000, 1000, env) -- cgit v1.2.3-54-g00ecf