From 8b5823a62d1149b59a08d652809d2d117e7b46eb Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Sat, 25 Aug 2018 18:50:59 +0200
Subject: rootless: don't use kill --all

The OCI runtime might use the cgroups to see what PIDs
are inside the container, but that doesn't work with rootless
containers.

Closes: https://github.com/containers/libpod/issues/1337

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #1331
Approved by: rhatdan
---
 libpod/oci.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'libpod')

diff --git a/libpod/oci.go b/libpod/oci.go
index 4f0fbe8e9..240f53885 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -591,7 +591,17 @@ func (r *OCIRuntime) stopContainer(ctr *Container, timeout uint) error {
 		}
 	}
 
-	if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.path, "kill", "--all", ctr.ID(), "KILL"); err != nil {
+	var args []string
+	if rootless.IsRootless() {
+		// we don't use --all for rootless containers as the OCI runtime might use
+		// the cgroups to determine the PIDs, but for rootless containers there is
+		// not any.
+		args = []string{"kill", ctr.ID(), "KILL"}
+	} else {
+		args = []string{"kill", "--all", ctr.ID(), "KILL"}
+	}
+
+	if err := utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, r.path, args...); err != nil {
 		// Again, check if the container is gone. If it is, exit cleanly.
 		err := unix.Kill(ctr.state.PID, 0)
 		if err == unix.ESRCH {
-- 
cgit v1.2.3-54-g00ecf