containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4228 from giuseppe/detect-no-systemd-session 

rootless: detect no system session with --cgroup-manager=systemd
This commit is contained in:
OpenShift Merge Robot 2019-10-24 01:20:25 +02:00 committed by GitHub
parent 299a430759 13fe146840
commit 674dc2bc75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 40 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/podman/main_local.go
View File

@ -174,14 +174,13 @@ func setupRootless(cmd *cobra.Command, args []string) error {
if err != nil { if err != nil {
return err return err
} }
conf, err := runtime.GetConfig()
if err != nil {
return err
}
if !ownsCgroup { if !ownsCgroup {
unitName := fmt.Sprintf("podman-%d.scope", os.Getpid()) unitName := fmt.Sprintf("podman-%d.scope", os.Getpid())
if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil { if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil {
conf, err2 := runtime.GetConfig()
if err2 != nil {
return err2
}
if conf.CgroupManager == libpod.SystemdCgroupsManager { if conf.CgroupManager == libpod.SystemdCgroupsManager {
logrus.Warnf("Failed to add podman to systemd sandbox cgroup: %v", err) logrus.Warnf("Failed to add podman to systemd sandbox cgroup: %v", err)
} else { } else {

21
libpod/runtime.go
View File

@ -1474,6 +1474,25 @@ func (r *Runtime) GetOCIRuntimePath() string {
// TODO Once runc has support for cgroups, this function should be removed. // TODO Once runc has support for cgroups, this function should be removed.
func cgroupV2Check(configPath string, tmpConfig *RuntimeConfig) error { func cgroupV2Check(configPath string, tmpConfig *RuntimeConfig) error {
if !tmpConfig.CgroupCheck && rootless.IsRootless() { if !tmpConfig.CgroupCheck && rootless.IsRootless() {
if tmpConfig.CgroupManager == SystemdCgroupsManager {
// If we are running rootless and the systemd manager is requested, be sure that dbus is accessible
session := os.Getenv("DBUS_SESSION_BUS_ADDRESS")
hasSession := session != ""
if hasSession && strings.HasPrefix(session, "unix:path=") {
_, err := os.Stat(strings.TrimPrefix(session, "unix:path="))
hasSession = err == nil
}
if !hasSession {
logrus.Warningf("The cgroups manager is set to systemd but there is no systemd user session available")
logrus.Warningf("For using systemd, you may need to login using an user session")
logrus.Warningf("Alternatively, you can enable lingering with: `loginctl enable-linger %d` (possibily as root)", rootless.GetRootlessUID())
logrus.Warningf("Falling back to --cgroup-manager=cgroupfs")
tmpConfig.CgroupManager = CgroupfsCgroupsManager
}
}
cgroupsV2, err := cgroups.IsCgroup2UnifiedMode() cgroupsV2, err := cgroups.IsCgroup2UnifiedMode()
if err != nil { if err != nil {
return err return err
@ -1487,7 +1506,7 @@ func cgroupV2Check(configPath string, tmpConfig *RuntimeConfig) error {
} }
tmpConfig.CgroupCheck = true tmpConfig.CgroupCheck = true
tmpConfig.OCIRuntime = path tmpConfig.OCIRuntime = path
file, err := os.OpenFile(configPath, os.O_RDWR|os.O_CREATE, 0666) file, err := os.OpenFile(configPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0666)
if err != nil { if err != nil {
return errors.Wrapf(err, "cannot open file %s", configPath) return errors.Wrapf(err, "cannot open file %s", configPath)
} }

24
pkg/spec/spec.go
View File

@ -300,6 +300,15 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
blockAccessToKernelFilesystems(config, &g) blockAccessToKernelFilesystems(config, &g)
var runtimeConfig *libpod.RuntimeConfig
if runtime != nil {
runtimeConfig, err = runtime.GetConfig()
if err != nil {
return nil, err
}
}
// RESOURCES - PIDS // RESOURCES - PIDS
if config.Resources.PidsLimit > 0 { if config.Resources.PidsLimit > 0 {
// if running on rootless on a cgroupv1 machine or using the cgroupfs manager, pids // if running on rootless on a cgroupv1 machine or using the cgroupfs manager, pids
@ -312,11 +321,7 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
if err != nil { if err != nil {
return nil, err return nil, err
} }
runtimeConfig, err := runtime.GetConfig() if (!cgroup2 || (runtimeConfig != nil && runtimeConfig.CgroupManager != libpod.SystemdCgroupsManager)) && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() {
if err != nil {
return nil, err
}
if (!cgroup2 || runtimeConfig.CgroupManager != libpod.SystemdCgroupsManager) && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() {
setPidLimit = false setPidLimit = false
} }
} }
@ -411,10 +416,13 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
if !addedResources { if !addedResources {
configSpec.Linux.Resources = &spec.LinuxResources{} configSpec.Linux.Resources = &spec.LinuxResources{}
} }
if addedResources && !cgroup2 {
return nil, errors.New("invalid configuration, cannot set resources with rootless containers not using cgroups v2 unified mode") canUseResources := cgroup2 && runtimeConfig != nil && (runtimeConfig.CgroupManager == libpod.SystemdCgroupsManager)
if addedResources && !canUseResources {
return nil, errors.New("invalid configuration, cannot specify resource limits without cgroups v2 and --cgroup-manager=systemd")
} }
if !cgroup2 { if !canUseResources {
// Force the resources block to be empty instead of having default values. // Force the resources block to be empty instead of having default values.
configSpec.Linux.Resources = &spec.LinuxResources{} configSpec.Linux.Resources = &spec.LinuxResources{}
} }