From 3c24d1fda2c0b0d55c963deaf13900101a40bfb3 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Wed, 15 Sep 2021 13:40:16 -0400 Subject: Remove pod create options `--cpus` and `--cpuset-cpus` These are not presently functional - we need a rewrite of how the pod cgroup is handled first. Signed-off-by: Matthew Heon --- libpod/define/pod_inspect.go | 12 ------ libpod/pod.go | 89 -------------------------------------------- libpod/pod_api.go | 6 --- 3 files changed, 107 deletions(-) (limited to 'libpod') diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go index f91fd198d..b88d4f279 100644 --- a/libpod/define/pod_inspect.go +++ b/libpod/define/pod_inspect.go @@ -51,12 +51,6 @@ type InspectPodData struct { // Containers gives a brief summary of all containers in the pod and // their current status. Containers []InspectPodContainerInfo `json:"Containers,omitempty"` - // CPUPeriod contains the CPU period of the pod - CPUPeriod uint64 `json:"cpu_period,omitempty"` - // CPUQuota contains the CPU quota of the pod - CPUQuota int64 `json:"cpu_quota,omitempty"` - // CPUSetCPUs contains linux specific CPU data for the pod - CPUSetCPUs string `json:"cpuset_cpus,omitempty"` } // InspectPodInfraConfig contains the configuration of the pod's infra @@ -97,12 +91,6 @@ type InspectPodInfraConfig struct { Networks []string // NetworkOptions are additional options for each network NetworkOptions map[string][]string - // CPUPeriod contains the CPU period of the pod - CPUPeriod uint64 `json:"cpu_period,omitempty"` - // CPUQuota contains the CPU quota of the pod - CPUQuota int64 `json:"cpu_quota,omitempty"` - // CPUSetCPUs contains linux specific CPU data for the container - CPUSetCPUs string `json:"cpuset_cpus,omitempty"` // Pid is the PID namespace mode of the pod's infra container PidNS string `json:"pid_ns,omitempty"` // UserNS is the usernamespace that all the containers in the pod will join. diff --git a/libpod/pod.go b/libpod/pod.go index e4516b354..0d5d629cd 100644 --- a/libpod/pod.go +++ b/libpod/pod.go @@ -1,7 +1,6 @@ package libpod import ( - "context" "fmt" "sort" "time" @@ -99,65 +98,6 @@ func (p *Pod) Namespace() string { return p.config.Namespace } -// ResourceLim returns the cpuset resource limits for the pod -func (p *Pod) ResourceLim() *specs.LinuxResources { - resCopy := &specs.LinuxResources{} - empty := &specs.LinuxResources{ - CPU: &specs.LinuxCPU{}, - } - infra, err := p.runtime.GetContainer(p.state.InfraContainerID) - if err != nil { - return empty - } - conf := infra.config.Spec - if err != nil { - return empty - } - if conf.Linux == nil || conf.Linux.Resources == nil { - return empty - } - if err = JSONDeepCopy(conf.Linux.Resources, resCopy); err != nil { - return nil - } - if resCopy.CPU != nil { - return resCopy - } - - return empty -} - -// CPUPeriod returns the pod CPU period -func (p *Pod) CPUPeriod() uint64 { - if p.state.InfraContainerID == "" { - return 0 - } - infra, err := p.runtime.GetContainer(p.state.InfraContainerID) - if err != nil { - return 0 - } - conf := infra.config.Spec - if conf != nil && conf.Linux != nil && conf.Linux.Resources != nil && conf.Linux.Resources.CPU != nil && conf.Linux.Resources.CPU.Period != nil { - return *conf.Linux.Resources.CPU.Period - } - return 0 -} - -// CPUQuota returns the pod CPU quota -func (p *Pod) CPUQuota() int64 { - if p.state.InfraContainerID == "" { - return 0 - } - infra, err := p.runtime.GetContainer(p.state.InfraContainerID) - if err != nil { - return 0 - } - conf := infra.config.Spec - if conf != nil && conf.Linux != nil && conf.Linux.Resources != nil && conf.Linux.Resources.CPU != nil && conf.Linux.Resources.CPU.Quota != nil { - return *conf.Linux.Resources.CPU.Quota - } - return 0 -} - // PidMode returns the PID mode given by the user ex: pod, private... func (p *Pod) PidMode() string { infra, err := p.runtime.GetContainer(p.state.InfraContainerID) @@ -282,35 +222,6 @@ func (p *Pod) CgroupPath() (string, error) { if err := p.updatePod(); err != nil { return "", err } - if p.state.CgroupPath != "" { - return p.state.CgroupPath, nil - } - if p.state.InfraContainerID == "" { - return "", errors.Wrap(define.ErrNoSuchCtr, "pod has no infra container") - } - - id, err := p.infraContainerID() - if err != nil { - return "", err - } - - if id != "" { - ctr, err := p.infraContainer() - if err != nil { - return "", errors.Wrapf(err, "could not get infra") - } - if ctr != nil { - ctr.Start(context.Background(), true) - cgroupPath, err := ctr.CGroupPath() - fmt.Println(cgroupPath) - if err != nil { - return "", errors.Wrapf(err, "could not get container cgroup") - } - p.state.CgroupPath = cgroupPath - p.save() - return cgroupPath, nil - } - } return p.state.CgroupPath, nil } diff --git a/libpod/pod_api.go b/libpod/pod_api.go index 5f4d983b9..4c3b1b0b7 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -592,9 +592,6 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) { infraConfig.StaticIP = infra.Config().ContainerNetworkConfig.StaticIP infraConfig.NoManageResolvConf = infra.Config().UseImageResolvConf infraConfig.NoManageHosts = infra.Config().UseImageHosts - infraConfig.CPUPeriod = p.CPUPeriod() - infraConfig.CPUQuota = p.CPUQuota() - infraConfig.CPUSetCPUs = p.ResourceLim().CPU.Cpus infraConfig.PidNS = p.PidMode() infraConfig.UserNS = p.UserNSMode() @@ -642,9 +639,6 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) { SharedNamespaces: sharesNS, NumContainers: uint(len(containers)), Containers: ctrs, - CPUSetCPUs: p.ResourceLim().CPU.Cpus, - CPUPeriod: p.CPUPeriod(), - CPUQuota: p.CPUQuota(), } return &inspectData, nil -- cgit v1.2.3-54-g00ecf From fd8d332a4e440462f2dc8fbd1de4c291187fd92a Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 10 Sep 2021 10:06:45 +0200 Subject: test: enable --cgroup-parent test and fix it for running with runc. Closes: https://github.com/containers/podman/issues/11165 Signed-off-by: Giuseppe Scrivano --- libpod/container_internal_linux.go | 10 +++++----- test/e2e/run_cgroup_parent_test.go | 32 ++++++++++++++------------------ 2 files changed, 19 insertions(+), 23 deletions(-) (limited to 'libpod') diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index eabe8efd2..ae029dc62 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2489,11 +2489,6 @@ func (c *Container) getOCICgroupPath() (string, error) { switch { case c.config.NoCgroups: return "", nil - case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)): - if !isRootlessCgroupSet(c.config.CgroupParent) { - return "", nil - } - return c.config.CgroupParent, nil case c.config.CgroupsMode == cgroupSplit: if c.config.CgroupParent != "" { return c.config.CgroupParent, nil @@ -2510,6 +2505,11 @@ func (c *Container) getOCICgroupPath() (string, error) { systemdCgroups := fmt.Sprintf("%s:libpod:%s", path.Base(c.config.CgroupParent), c.ID()) logrus.Debugf("Setting CGroups for container %s to %s", c.ID(), systemdCgroups) return systemdCgroups, nil + case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)): + if c.config.CgroupParent == "" || !isRootlessCgroupSet(c.config.CgroupParent) { + return "", nil + } + fallthrough case cgroupManager == config.CgroupfsCgroupsManager: cgroupPath := filepath.Join(c.config.CgroupParent, fmt.Sprintf("libpod-%s", c.ID())) logrus.Debugf("Setting CGroup path for container %s to %s", c.ID(), cgroupPath) diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go index 82b6c3057..e0e1d4b1d 100644 --- a/test/e2e/run_cgroup_parent_test.go +++ b/test/e2e/run_cgroup_parent_test.go @@ -13,6 +13,8 @@ import ( . "github.com/onsi/gomega/gexec" ) +const cgroupRoot = "/sys/fs/cgroup" + var _ = Describe("Podman run with --cgroup-parent", func() { var ( tempdir string @@ -64,7 +66,6 @@ var _ = Describe("Podman run with --cgroup-parent", func() { }) Specify("always honor --cgroup-parent", func() { - Skip("https://github.com/containers/podman/issues/11165") SkipIfCgroupV1("test not supported in cgroups v1") if Containerized() || podmanTest.CgroupManager == "cgroupfs" { Skip("Requires Systemd cgroup manager support") @@ -78,36 +79,31 @@ var _ = Describe("Podman run with --cgroup-parent", func() { Expect(run).Should(Exit(0)) cid := run.OutputToString() - exec := podmanTest.Podman([]string{"exec", cid, "cat", "/proc/self/cgroup"}) + exec := podmanTest.Podman([]string{"exec", cid, "cat", "/proc/1/cgroup"}) exec.WaitWithDefaultTimeout() Expect(exec).Should(Exit(0)) containerCgroup := strings.TrimRight(strings.Replace(exec.OutputToString(), "0::", "", -1), "\n") - content, err := ioutil.ReadFile(filepath.Join("/sys/fs/cgroup", containerCgroup, "cgroup.procs")) - Expect(err).To(BeNil()) - // Move the container process to a sub cgroup - subCgroupPath := filepath.Join(filepath.Join("/sys/fs/cgroup", containerCgroup, "old-container")) - - err = os.MkdirAll(subCgroupPath, 0755) + content, err := ioutil.ReadFile(filepath.Join(cgroupRoot, containerCgroup, "cgroup.procs")) Expect(err).To(BeNil()) - - err = ioutil.WriteFile(filepath.Join(subCgroupPath, "cgroup.procs"), content, 0644) + oldSubCgroupPath := filepath.Join(filepath.Join(cgroupRoot, containerCgroup, "old-container")) + err = os.MkdirAll(oldSubCgroupPath, 0755) + Expect(err).To(BeNil()) + err = ioutil.WriteFile(filepath.Join(oldSubCgroupPath, "cgroup.procs"), content, 0644) Expect(err).To(BeNil()) - cgroup := filepath.Dir(containerCgroup) + newCgroup := fmt.Sprintf("%s/new-container", containerCgroup) + err = os.MkdirAll(filepath.Join(cgroupRoot, newCgroup), 0755) + Expect(err).To(BeNil()) - run = podmanTest.Podman([]string{"--cgroup-manager=cgroupfs", "run", "-d", fmt.Sprintf("--cgroup-parent=%s", cgroup), fedoraMinimal, "sleep", "100"}) + run = podmanTest.Podman([]string{"--cgroup-manager=cgroupfs", "run", "--rm", "--cgroupns=host", fmt.Sprintf("--cgroup-parent=%s", newCgroup), fedoraMinimal, "cat", "/proc/self/cgroup"}) run.WaitWithDefaultTimeout() Expect(run).Should(Exit(0)) + cgroupEffective := strings.TrimRight(strings.Replace(run.OutputToString(), "0::", "", -1), "\n") - exec = podmanTest.Podman([]string{"exec", cid, "cat", "/proc/self/cgroup"}) - exec.WaitWithDefaultTimeout() - Expect(exec).Should(Exit(0)) - cgroupEffective := filepath.Dir(strings.TrimRight(strings.Replace(exec.OutputToString(), "0::", "", -1), "\n")) - - Expect(cgroupEffective).To(Equal(cgroup)) + Expect(newCgroup).To(Equal(filepath.Dir(cgroupEffective))) }) Specify("valid --cgroup-parent using slice", func() { -- cgit v1.2.3-54-g00ecf From b6789c3d5f763b2b7ff9a795e1a046de745bd3eb Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 13 Sep 2021 15:52:49 +0200 Subject: fix restart always with rootlessport When a container is automatically restarted due its restart policy and the container uses rootless cni networking with ports forwarded we have to start a new rootlessport process since it exits with conmon. Signed-off-by: Paul Holzinger --- libpod/container_internal.go | 9 +++ libpod/networking_linux.go | 1 + test/system/500-networking.bats | 119 ++++++++++++++++++++++++++-------------- 3 files changed, 88 insertions(+), 41 deletions(-) (limited to 'libpod') diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 4d1a25541..18b80475b 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -293,6 +293,15 @@ func (c *Container) handleRestartPolicy(ctx context.Context) (_ bool, retErr err } } + // setup rootlesskit port forwarder again since it dies when conmon exits + // we use rootlesskit port forwarder only as rootless and when bridge network is used + if rootless.IsRootless() && c.config.NetMode.IsBridge() && len(c.config.PortMappings) > 0 { + err := c.runtime.setupRootlessPortMappingViaRLK(c, c.state.NetNS.Path()) + if err != nil { + return false, err + } + } + if c.state.State == define.ContainerStateStopped { // Reinitialize the container if we need to if err := c.reinit(ctx, true); err != nil { diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 9aa6cab15..b0d4e0b2d 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -718,6 +718,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { // set up port forwarder for CNI-in-slirp4netns netnsPath := ctr.state.NetNS.Path() // TODO: support slirp4netns port forwarder as well + // make sure to fix this container.handleRestartPolicy() as well return r.setupRootlessPortMappingViaRLK(ctr, netnsPath) } return nil diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index ad5891dd9..bdedfae19 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -32,7 +32,6 @@ load helpers # Bind-mount this file with a different name to a container running httpd run_podman run -d --name myweb -p "$HOST_PORT:80" \ - --restart always \ -v $INDEX1:/var/www/index.txt:Z \ -w /var/www \ $IMAGE /bin/busybox-extras httpd -f -p 80 @@ -67,46 +66,6 @@ load helpers run_podman 125 port myweb 99/tcp is "$output" 'Error: failed to find published port "99/tcp"' - # Tests #10310: podman will restart slirp4netns on container restart - run_podman container inspect --format "{{.State.Pid}}" $cid - pid=$output - - # Kill the process; podman restart policy will bring up a new container. - # -9 is crucial: busybox httpd ignores all other signals. - kill -9 $pid - # Wait for process to exit - retries=30 - while kill -0 $pid; do - sleep 0.5 - retries=$((retries - 1)) - if [[ $retries -eq 0 ]]; then - die "Process $pid (container $cid) refused to die" - fi - done - - # Wait for container to restart - retries=20 - while :;do - run_podman container inspect --format "{{.State.Pid}}" myweb - # pid is 0 as long as the container is not running - if [[ $output -ne 0 ]]; then - if [[ $output == $pid ]]; then - die "This should never happen! Restarted container has same PID ($output) as killed one!" - fi - break - fi - sleep 0.5 - retries=$((retries - 1)) - if [[ $retries -eq 0 ]]; then - die "Timed out waiting for container to restart" - fi - done - - # Verify http contents again: curl from localhost - # Use retry since it can take a moment until the new container is ready - run curl --retry 2 -s $SERVER/index.txt - is "$output" "$random_1" "curl 127.0.0.1:/index.txt after restart" - # Clean up run_podman stop -t 1 myweb run_podman rm myweb @@ -476,4 +435,82 @@ load helpers run_podman network rm -f $netname $netname2 } +@test "podman network after restart" { + random_1=$(random_string 30) + + HOST_PORT=$(random_free_port) + SERVER=http://127.0.0.1:$HOST_PORT + + # Create a test file with random content + INDEX1=$PODMAN_TMPDIR/hello.txt + echo $random_1 > $INDEX1 + + local netname=testnet-$(random_string 10) + run_podman network create $netname + is "$output" ".*/cni/net.d/$netname.conflist" "output of 'network create'" + + for network in "slirp4netns" "$netname"; do + # Start container with the restart always policy + run_podman run -d --name myweb -p "$HOST_PORT:80" \ + --restart always \ + --network $network \ + -v $INDEX1:/var/www/index.txt:Z \ + -w /var/www \ + $IMAGE /bin/busybox-extras httpd -f -p 80 + cid=$output + + # Tests #10310: podman will restart slirp4netns on container restart + run_podman container inspect --format "{{.State.Pid}}" $cid + pid=$output + + # Kill the process; podman restart policy will bring up a new container. + # -9 is crucial: busybox httpd ignores all other signals. + kill -9 $pid + # Wait for process to exit + retries=30 + while kill -0 $pid; do + sleep 0.5 + retries=$((retries - 1)) + if [[ $retries -eq 0 ]]; then + die "Process $pid (container $cid) refused to die" + fi + done + + # Wait for container to restart + retries=20 + while :;do + run_podman container inspect --format "{{.State.Pid}}" $cid + # pid is 0 as long as the container is not running + if [[ $output -ne 0 ]]; then + if [[ $output == $pid ]]; then + die "This should never happen! Restarted container has same PID ($output) as killed one!" + fi + break + fi + sleep 0.5 + retries=$((retries - 1)) + if [[ $retries -eq 0 ]]; then + die "Timed out waiting for container to restart" + fi + done + + # Verify http contents again: curl from localhost + # Use retry since it can take a moment until the new container is ready + run curl --retry 2 -s $SERVER/index.txt + is "$output" "$random_1" "curl 127.0.0.1:/index.txt after auto restart" + + run_podman restart $cid + # Verify http contents again: curl from localhost + # Use retry since it can take a moment until the new container is ready + run curl --retry 2 -s $SERVER/index.txt + is "$output" "$random_1" "curl 127.0.0.1:/index.txt after podman restart" + + run_podman stop -t 0 $cid + run_podman rm -f $cid + done + + # Cleanup network + run_podman network rm $netname +} + # vim: filetype=sh -- cgit v1.2.3-54-g00ecf From 0ca62196a0432355365ba2db0c20934fa36d8039 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Tue, 14 Sep 2021 11:13:28 +0200 Subject: libpod: rootful close binded ports For rootful users ports are forwarded via iptables. To make sure no other process tries to use them, libpod will bind the ports and pass the fds to conmon. There seems to be race when a container is restarted because libpod tries to bind the port before the conmon process exited. The problem only hapens with the podman service because it keeps the connection open. Once we have the fd and passed it to conmon the podman service should close the connection. To verify run `sudo ss -tulpn` and check that only the conmon process keeps the port open. Previously you would also see the podman server process listed. Signed-off-by: Paul Holzinger --- libpod/oci_conmon_linux.go | 1 + libpod/oci_util.go | 13 +++++++++++++ 2 files changed, 14 insertions(+) (limited to 'libpod') diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 924df2310..8a823e4fc 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -1138,6 +1138,7 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co if err != nil { return err } + filesToClose = append(filesToClose, ports...) // Leak the port we bound in the conmon process. These fd's won't be used // by the container and conmon will keep the ports busy so that another diff --git a/libpod/oci_util.go b/libpod/oci_util.go index 1cafd5863..f2843b09b 100644 --- a/libpod/oci_util.go +++ b/libpod/oci_util.go @@ -68,6 +68,12 @@ func bindPorts(ports []ocicni.PortMapping) ([]*os.File, error) { return nil, errors.Wrapf(err, "cannot get file for UDP socket") } files = append(files, f) + // close the listener + // note that this does not affect the fd, see the godoc for server.File() + err = server.Close() + if err != nil { + logrus.Warnf("failed to close connection: %v", err) + } case "tcp": var ( @@ -96,6 +102,13 @@ func bindPorts(ports []ocicni.PortMapping) ([]*os.File, error) { return nil, errors.Wrapf(err, "cannot get file for TCP socket") } files = append(files, f) + // close the listener + // note that this does not affect the fd, see the godoc for server.File() + err = server.Close() + if err != nil { + logrus.Warnf("failed to close connection: %v", err) + } + case "sctp": if !notifySCTP { notifySCTP = true -- cgit v1.2.3-54-g00ecf From 901cf71a6091e2a556a52f89c62ca446dbc5cd06 Mon Sep 17 00:00:00 2001 From: Anders F Björklund Date: Mon, 13 Sep 2021 22:00:12 +0200 Subject: Show variant and codename of the distribution MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Along with the name (id) and the version(_id) But only show the information if is available Examples: Fedora CoreOS, Ubuntu Focal [NO TESTS NEEDED] Signed-off-by: Anders F Björklund --- docs/source/markdown/podman-info.1.md | 1 + libpod/define/info.go | 2 ++ libpod/info.go | 6 ++++++ 3 files changed, 9 insertions(+) (limited to 'libpod') diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md index 7127f9026..21ca35eef 100644 --- a/docs/source/markdown/podman-info.1.md +++ b/docs/source/markdown/podman-info.1.md @@ -42,6 +42,7 @@ host: cpus: 8 distribution: distribution: fedora + variant: workstation version: "34" eventLogger: journald hostname: localhost.localdomain diff --git a/libpod/define/info.go b/libpod/define/info.go index 73df80087..f4aa0031c 100644 --- a/libpod/define/info.go +++ b/libpod/define/info.go @@ -78,7 +78,9 @@ type IDMappings struct { // for libpod type DistributionInfo struct { Distribution string `json:"distribution"` + Variant string `json:"variant,omitempty"` Version string `json:"version"` + Codename string `json:"codename,omitempty"` } // ConmonInfo describes the conmon executable being used diff --git a/libpod/info.go b/libpod/info.go index 31ec9cdc1..2eba4bbff 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -370,9 +370,15 @@ func (r *Runtime) GetHostDistributionInfo() define.DistributionInfo { if strings.HasPrefix(l.Text(), "ID=") { dist.Distribution = strings.TrimPrefix(l.Text(), "ID=") } + if strings.HasPrefix(l.Text(), "VARIANT_ID=") { + dist.Variant = strings.Trim(strings.TrimPrefix(l.Text(), "VARIANT_ID="), "\"") + } if strings.HasPrefix(l.Text(), "VERSION_ID=") { dist.Version = strings.Trim(strings.TrimPrefix(l.Text(), "VERSION_ID="), "\"") } + if strings.HasPrefix(l.Text(), "VERSION_CODENAME=") { + dist.Codename = strings.Trim(strings.TrimPrefix(l.Text(), "VERSION_CODENAME="), "\"") + } } return dist } -- cgit v1.2.3-54-g00ecf From 5532cd488b0dd174ebf5675991b4fe8fb1ff9edd Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 14 Sep 2021 12:16:13 +0200 Subject: libpod: honor --cgroups=split also with pods Honor --cgroups=split also when the container is running in a pod. Signed-off-by: Giuseppe Scrivano --- libpod/container_internal_linux.go | 3 --- test/e2e/run_test.go | 53 +++++++++++++++++++++++--------------- 2 files changed, 32 insertions(+), 24 deletions(-) (limited to 'libpod') diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index ae029dc62..4194a0d93 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2490,9 +2490,6 @@ func (c *Container) getOCICgroupPath() (string, error) { case c.config.NoCgroups: return "", nil case c.config.CgroupsMode == cgroupSplit: - if c.config.CgroupParent != "" { - return c.config.CgroupParent, nil - } selfCgroup, err := utils.GetOwnCgroup() if err != nil { return "", err diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index cb61aba21..ec4b0d997 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1296,31 +1296,42 @@ USER mail`, BB) SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users") SkipIfRemote("--cgroups=split cannot be used in remote mode") - container := podmanTest.Podman([]string{"run", "--rm", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"}) - container.WaitWithDefaultTimeout() - Expect(container).Should(Exit(0)) - lines := container.OutputToStringArray() - - cgroup := "" - for _, line := range lines { - parts := strings.SplitN(line, ":", 3) - if !CGROUPSV2 { - // ignore unified on cgroup v1. - // both runc and crun do not set it. - // crun does not set named hierarchies. - if parts[1] == "" || strings.Contains(parts[1], "name=") { + checkLines := func(lines []string) { + cgroup := "" + for _, line := range lines { + parts := strings.SplitN(line, ":", 3) + if len(parts) < 2 { continue } + if !CGROUPSV2 { + // ignore unified on cgroup v1. + // both runc and crun do not set it. + // crun does not set named hierarchies. + if parts[1] == "" || strings.Contains(parts[1], "name=") { + continue + } + } + if parts[2] == "/" { + continue + } + if cgroup == "" { + cgroup = parts[2] + continue + } + Expect(cgroup).To(Equal(parts[2])) } - if parts[2] == "/" { - continue - } - if cgroup == "" { - cgroup = parts[2] - continue - } - Expect(cgroup).To(Equal(parts[2])) } + + container := podmanTest.Podman([]string{"run", "--rm", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"}) + container.WaitWithDefaultTimeout() + Expect(container).Should(Exit(0)) + checkLines(container.OutputToStringArray()) + + // check that --cgroups=split is honored also when a container runs in a pod + container = podmanTest.Podman([]string{"run", "--rm", "--pod", "new:split-test-pod", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"}) + container.WaitWithDefaultTimeout() + Expect(container).Should(Exit(0)) + checkLines(container.OutputToStringArray()) }) It("podman run with cgroups=disabled runs without cgroups", func() { -- cgit v1.2.3-54-g00ecf