From a249c98db8269186a2a5eec7e209979940ee77ef Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 12 Sep 2019 14:33:10 +0200 Subject: linux: fix systemd with --cgroupns=private When --cgroupns=private is used we need to mount a new cgroup file system so that it points to the correct namespace. Needs: https://github.com/containers/crun/pull/88 Signed-off-by: Giuseppe Scrivano --- libpod/container_internal_linux.go | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) (limited to 'libpod') diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 9f16389e6..4bbbef5db 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -491,12 +491,29 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro if unified { g.RemoveMount("/sys/fs/cgroup") - sourcePath := filepath.Join("/sys/fs/cgroup") - systemdMnt := spec.Mount{ - Destination: "/sys/fs/cgroup", - Type: "bind", - Source: sourcePath, - Options: []string{"bind", "private", "rw"}, + hasCgroupNs := false + for _, ns := range c.config.Spec.Linux.Namespaces { + if ns.Type == spec.CgroupNamespace { + hasCgroupNs = true + break + } + } + + var systemdMnt spec.Mount + if hasCgroupNs { + systemdMnt = spec.Mount{ + Destination: "/sys/fs/cgroup", + Type: "cgroup", + Source: "cgroup", + Options: []string{"private", "rw"}, + } + } else { + systemdMnt = spec.Mount{ + Destination: "/sys/fs/cgroup", + Type: "bind", + Source: "/sys/fs/cgroup", + Options: []string{"bind", "private", "rw"}, + } } g.AddMount(systemdMnt) } else { -- cgit v1.2.3-54-g00ecf