From ae5a5b51b068f62c8ec71bb9ec555d2c5c5f4f37 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 16 Sep 2021 12:14:02 +0200 Subject: system: always move pause process when running on systemd when running on a systemd with systemd, always try to move the pause process to its own scope. Signed-off-by: Giuseppe Scrivano (cherry picked from commit 9c1e27fdd536f6026efe3da4360755a3e9135ca8) --- utils/utils.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'utils') diff --git a/utils/utils.go b/utils/utils.go index 2e415130e..e2760d225 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -4,10 +4,12 @@ import ( "bytes" "fmt" "io" + "io/ioutil" "os" "os/exec" "strconv" "strings" + "sync" "github.com/containers/podman/v3/libpod/define" "github.com/containers/storage/pkg/archive" @@ -155,3 +157,18 @@ func RemoveScientificNotationFromFloat(x float64) (float64, error) { } return result, nil } + +var ( + runsOnSystemdOnce sync.Once + runsOnSystemd bool +) + +// RunsOnSystemd returns whether the system is using systemd +func RunsOnSystemd() bool { + runsOnSystemdOnce.Do(func() { + initCommand, err := ioutil.ReadFile("/proc/1/comm") + // On errors, default to systemd + runsOnSystemd = err != nil || strings.TrimRight(string(initCommand), "\n") == "systemd" + }) + return runsOnSystemd +} -- cgit v1.2.3-54-g00ecf From e6fe5d6312e1569b688baeb1aa1cee3030921076 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 16 Sep 2021 12:44:45 +0200 Subject: system: move MovePauseProcessToScope to utils Signed-off-by: Giuseppe Scrivano (cherry picked from commit 72534a74b3c2ff35ae1711a890406a6bce5fa44f) --- pkg/domain/infra/abi/system.go | 24 +----------------------- utils/utils.go | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 23 deletions(-) (limited to 'utils') diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index 7140618bb..e326f26a8 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -3,12 +3,10 @@ package abi import ( "context" "fmt" - "io/ioutil" "net/url" "os" "os/exec" "path/filepath" - "strconv" "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/libpod/define" @@ -114,14 +112,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) } became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths) - - if err := movePauseProcessToScope(pausePidPath); err != nil { - if utils.RunsOnSystemd() { - logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) - } else { - logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) - } - } + utils.MovePauseProcessToScope(pausePidPath) if err != nil { logrus.Error(errors.Wrapf(err, "invalid internal status, try resetting the pause process with %q", os.Args[0]+" system migrate")) os.Exit(1) @@ -132,19 +123,6 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) return nil } -func movePauseProcessToScope(pausePidPath string) error { - data, err := ioutil.ReadFile(pausePidPath) - if err != nil { - return errors.Wrapf(err, "cannot read pause pid file") - } - pid, err := strconv.ParseUint(string(data), 10, 0) - if err != nil { - return errors.Wrapf(err, "cannot parse pid file %s", pausePidPath) - } - - return utils.RunUnderSystemdScope(int(pid), "user.slice", "podman-pause.scope") -} - // SystemPrune removes unused data from the system. Pruning pods, containers, volumes and images. func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.SystemPruneOptions) (*entities.SystemPruneReport, error) { var systemPruneReport = new(entities.SystemPruneReport) diff --git a/utils/utils.go b/utils/utils.go index e2760d225..185ac4865 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -172,3 +172,28 @@ func RunsOnSystemd() bool { }) return runsOnSystemd } + +func moveProcessToScope(pidPath, slice, scope string) error { + data, err := ioutil.ReadFile(pidPath) + if err != nil { + return errors.Wrapf(err, "cannot read pid file %s", pidPath) + } + pid, err := strconv.ParseUint(string(data), 10, 0) + if err != nil { + return errors.Wrapf(err, "cannot parse pid file %s", pidPath) + } + return RunUnderSystemdScope(int(pid), slice, scope) +} + +// MovePauseProcessToScope moves the pause process used for rootless mode to keep the namespaces alive to +// a separate scope. +func MovePauseProcessToScope(pausePidPath string) { + err := moveProcessToScope(pausePidPath, "user.slice", "podman-pause.scope") + if err != nil { + if RunsOnSystemd() { + logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } else { + logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) + } + } +} -- cgit v1.2.3-54-g00ecf From 046fa274086e97ad73532c039e61fc7833ce859a Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 20 Sep 2021 09:35:24 +0200 Subject: utils: raise warning only on cgroupv2 if it is not running on cgroup v2, print only a debug message since rootless users cannot create the cgroup. commit 9c1e27fdd536f6026efe3da4360755a3e9135ca8 introduced the regression. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano (cherry picked from commit 4caca0969863f5b8d13ff377ed1cc24d4033ed1a) --- utils/utils.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'utils') diff --git a/utils/utils.go b/utils/utils.go index 185ac4865..b08630d2f 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -12,6 +12,7 @@ import ( "sync" "github.com/containers/podman/v3/libpod/define" + "github.com/containers/podman/v3/pkg/cgroups" "github.com/containers/storage/pkg/archive" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -190,7 +191,11 @@ func moveProcessToScope(pidPath, slice, scope string) error { func MovePauseProcessToScope(pausePidPath string) { err := moveProcessToScope(pausePidPath, "user.slice", "podman-pause.scope") if err != nil { - if RunsOnSystemd() { + unified, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + logrus.Warnf("Failed to detect if running with cgroup unified: %v", err) + } + if RunsOnSystemd() && unified { logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) } else { logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) -- cgit v1.2.3-54-g00ecf From 331ce0f7ee2736d5f012ea6a6d2aba77213e3956 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 20 Sep 2021 09:42:35 +0200 Subject: utils: return error message from StartTransientUnit Signed-off-by: Giuseppe Scrivano (cherry picked from commit eea5d251267d070d7920008056e3e4d603cae204) --- utils/utils_supported.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'utils') diff --git a/utils/utils_supported.go b/utils/utils_supported.go index ebc870d26..1404e3194 100644 --- a/utils/utils_supported.go +++ b/utils/utils_supported.go @@ -47,10 +47,10 @@ func RunUnderSystemdScope(pid int, slice string, unitName string) error { // On errors check if the cgroup already exists, if it does move the process there if props, err := conn.GetUnitTypeProperties(unitName, "Scope"); err == nil { if cgroup, ok := props["ControlGroup"].(string); ok && cgroup != "" { - if err := moveUnderCgroup(cgroup, "", []uint32{uint32(pid)}); err != nil { - return err + if err := moveUnderCgroup(cgroup, "", []uint32{uint32(pid)}); err == nil { + return nil } - return nil + // On errors return the original error message we got from StartTransientUnit. } } return err -- cgit v1.2.3-54-g00ecf