Fix cgroup mode handling in api server

Also change code to globably be consistent when refering to capatilized Cgroup. Fixed: https://github.com/containers/podman/issues/12550 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-01-13 14:52:56 -05:00 · 2022-01-13 14:52:56 -05:00 · 607cb80bf7
parent a15dfb3648
commit 607cb80bf7
3 changed files with 44 additions and 0 deletions
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@ -229,6 +229,10 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 		}
 	}

+	if s.CgroupsMode == "" {
+		s.CgroupsMode = rtc.Cgroups()
+	}
+
 	// If caller did not specify Pids Limits load default
 	if s.ResourceLimits == nil || s.ResourceLimits.Pids == nil {
 		if s.CgroupsMode != "disabled" {
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@ -8,6 +8,7 @@ import (
 	"strings"
 	"time"

+	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/podman/v3/cmd/podman/parse"
 	"github.com/containers/podman/v3/libpod/define"
@ -490,6 +491,14 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 	}
 	s.CgroupParent = c.CgroupParent
 	s.CgroupsMode = c.CgroupsMode
+	if s.CgroupsMode == "" {
+		rtc, err := config.Default()
+		if err != nil {
+			return err
+		}
+
+		s.CgroupsMode = rtc.Cgroups()
+	}

 	s.Groups = c.GroupAdd

--- a/test/e2e/containers_conf_test.go
+++ b/test/e2e/containers_conf_test.go
@ -484,4 +484,35 @@ var _ = Describe("Podman run", func() {
 		Expect(result).Should(Exit(125))
 		Expect(result.ErrorToString()).To(ContainSubstring(errorString))
 	})
+
+	It("podman containers.conf cgroups=disabled", func() {
+		if !strings.Contains(podmanTest.OCIRuntime, "crun") {
+			Skip("FIXME: requires crun")
+		}
+		conffile := filepath.Join(podmanTest.TempDir, "container.conf")
+
+		err := ioutil.WriteFile(conffile, []byte("[containers]\ncgroups=\"disabled\"\n"), 0755)
+		Expect(err).To(BeNil())
+
+		result := podmanTest.Podman([]string{"create", ALPINE, "true"})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(0))
+
+		inspect := podmanTest.Podman([]string{"inspect", "--format", "{{ .HostConfig.Cgroups }}", result.OutputToString()})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.OutputToString()).To(Not(Equal("disabled")))
+
+		os.Setenv("CONTAINERS_CONF", conffile)
+		if IsRemote() {
+			podmanTest.RestartRemoteService()
+		}
+		result = podmanTest.Podman([]string{"create", ALPINE, "true"})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(0))
+
+		inspect = podmanTest.Podman([]string{"inspect", "--format", "{{ .HostConfig.Cgroups }}", result.OutputToString()})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.OutputToString()).To(Equal("disabled"))
+	})
+
 })