Merge pull request #4228 from giuseppe/detect-no-systemd-session

rootless: detect no system session with --cgroup-manager=systemd
2019-10-24 01:20:25 +02:00 · 2019-10-24 01:20:25 +02:00 · 674dc2bc75
parent 299a430759 13fe146840
commit 674dc2bc75
3 changed files with 40 additions and 14 deletions
--- a/cmd/podman/main_local.go
+++ b/cmd/podman/main_local.go
@ -174,14 +174,13 @@ func setupRootless(cmd *cobra.Command, args []string) error {
 		if err != nil {
 			return err
 		}
-
+		conf, err := runtime.GetConfig()
+		if err != nil {
+			return err
+		}
 		if !ownsCgroup {
 			unitName := fmt.Sprintf("podman-%d.scope", os.Getpid())
 			if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil {
-				conf, err2 := runtime.GetConfig()
-				if err2 != nil {
-					return err2
-				}
 				if conf.CgroupManager == libpod.SystemdCgroupsManager {
 					logrus.Warnf("Failed to add podman to systemd sandbox cgroup: %v", err)
 				} else {
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@ -1474,6 +1474,25 @@ func (r *Runtime) GetOCIRuntimePath() string {
 // TODO Once runc has support for cgroups, this function should be removed.
 func cgroupV2Check(configPath string, tmpConfig *RuntimeConfig) error {
 	if !tmpConfig.CgroupCheck && rootless.IsRootless() {
+		if tmpConfig.CgroupManager == SystemdCgroupsManager {
+			// If we are running rootless and the systemd manager is requested, be sure that dbus is accessible
+			session := os.Getenv("DBUS_SESSION_BUS_ADDRESS")
+			hasSession := session != ""
+			if hasSession && strings.HasPrefix(session, "unix:path=") {
+				_, err := os.Stat(strings.TrimPrefix(session, "unix:path="))
+				hasSession = err == nil
+			}
+
+			if !hasSession {
+				logrus.Warningf("The cgroups manager is set to systemd but there is no systemd user session available")
+				logrus.Warningf("For using systemd, you may need to login using an user session")
+				logrus.Warningf("Alternatively, you can enable lingering with: `loginctl enable-linger %d` (possibily as root)", rootless.GetRootlessUID())
+				logrus.Warningf("Falling back to --cgroup-manager=cgroupfs")
+
+				tmpConfig.CgroupManager = CgroupfsCgroupsManager
+			}
+
+		}
 		cgroupsV2, err := cgroups.IsCgroup2UnifiedMode()
 		if err != nil {
 			return err
@ -1487,7 +1506,7 @@ func cgroupV2Check(configPath string, tmpConfig *RuntimeConfig) error {
 			}
 			tmpConfig.CgroupCheck = true
 			tmpConfig.OCIRuntime = path
-			file, err := os.OpenFile(configPath, os.O_RDWR|os.O_CREATE, 0666)
+			file, err := os.OpenFile(configPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0666)
 			if err != nil {
 				return errors.Wrapf(err, "cannot open file %s", configPath)
 			}
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@ -300,6 +300,15 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM

 	blockAccessToKernelFilesystems(config, &g)

+	var runtimeConfig *libpod.RuntimeConfig
+
+	if runtime != nil {
+		runtimeConfig, err = runtime.GetConfig()
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	// RESOURCES - PIDS
 	if config.Resources.PidsLimit > 0 {
 		// if running on rootless on a cgroupv1 machine or using the cgroupfs manager, pids
@ -312,11 +321,7 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
 			if err != nil {
 				return nil, err
 			}
-			runtimeConfig, err := runtime.GetConfig()
-			if err != nil {
-				return nil, err
-			}
-			if (!cgroup2 || runtimeConfig.CgroupManager != libpod.SystemdCgroupsManager) && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() {
+			if (!cgroup2 || (runtimeConfig != nil && runtimeConfig.CgroupManager != libpod.SystemdCgroupsManager)) && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() {
 				setPidLimit = false
 			}
 		}
@ -411,10 +416,13 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
 		if !addedResources {
 			configSpec.Linux.Resources = &spec.LinuxResources{}
 		}
-		if addedResources && !cgroup2 {
-			return nil, errors.New("invalid configuration, cannot set resources with rootless containers not using cgroups v2 unified mode")
+
+		canUseResources := cgroup2 && runtimeConfig != nil && (runtimeConfig.CgroupManager == libpod.SystemdCgroupsManager)
+
+		if addedResources && !canUseResources {
+			return nil, errors.New("invalid configuration, cannot specify resource limits without cgroups v2 and --cgroup-manager=systemd")
 		}
-		if !cgroup2 {
+		if !canUseResources {
 			// Force the resources block to be empty instead of having default values.
 			configSpec.Linux.Resources = &spec.LinuxResources{}
 		}