From 7f994a80de4e416fdfc347737ba9a65b056555c4 Mon Sep 17 00:00:00 2001
From: Charlie Doern <cdoern@redhat.com>
Date: Tue, 28 Jun 2022 16:32:17 -0400
Subject: only create crgoup when not rootless if using cgroupfs

[NO NEW TESTS NEEDED] now that podman's cgroup config tries to initialize controllers, cgroupfs errors out on pod creation
we need to mimic the behavior that used to exist and only create the cgroup when running as rootful

Signed-off-by: Charlie Doern <cdoern@redhat.com>
---
 libpod/runtime_pod_linux.go | 33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

(limited to 'libpod')

diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index 00017ca21..1f9ebe724 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -78,21 +78,24 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option
 					pod.state.CgroupPath = filepath.Join(pod.config.CgroupParent, pod.ID())
 					if p.InfraContainerSpec != nil {
 						p.InfraContainerSpec.CgroupParent = pod.state.CgroupPath
-						res, err := GetLimits(p.InfraContainerSpec.ResourceLimits)
-						if err != nil {
-							return nil, err
-						}
-						// Need to both create and update the cgroup
-						// rather than create a new path in c/common for pod cgroup creation
-						// just create as if it is a ctr and then update figures out that we need to
-						// populate the resource limits on the pod level
-						cgc, err := cgroups.New(pod.state.CgroupPath, &res)
-						if err != nil {
-							return nil, err
-						}
-						err = cgc.Update(&res)
-						if err != nil {
-							return nil, err
+						// cgroupfs + rootless = permission denied when creating the cgroup.
+						if !rootless.IsRootless() {
+							res, err := GetLimits(p.InfraContainerSpec.ResourceLimits)
+							if err != nil {
+								return nil, err
+							}
+							// Need to both create and update the cgroup
+							// rather than create a new path in c/common for pod cgroup creation
+							// just create as if it is a ctr and then update figures out that we need to
+							// populate the resource limits on the pod level
+							cgc, err := cgroups.New(pod.state.CgroupPath, &res)
+							if err != nil {
+								return nil, err
+							}
+							err = cgc.Update(&res)
+							if err != nil {
+								return nil, err
+							}
 						}
 					}
 				}
-- 
cgit v1.2.3-54-g00ecf