containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libpod: pods do not use cgroups if --cgroups=disabled 

do not attempt to use cgroups with pods if the cgroups are disabled.
A similar check is already in place for containers.

Closes: https://github.com/containers/podman/issues/13411

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2022-03-03 13:23:07 +01:00
parent 7877b02aac
commit a901c919ab
No known key found for this signature in database
GPG Key ID: 67E38F7A8BA21772
2 changed files with 42 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
libpod/runtime_pod_linux.go
View File

@ -1,3 +1,4 @@
//go:build linux
// +build linux // +build linux
package libpod package libpod
@ -59,50 +60,52 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option
pod.valid = true pod.valid = true
// Check Cgroup parent sanity, and set it if it was not set // Check Cgroup parent sanity, and set it if it was not set
switch r.config.Engine.CgroupManager { if r.config.Cgroups() != "disabled" {
case config.CgroupfsCgroupsManager: switch r.config.Engine.CgroupManager {
canUseCgroup := !rootless.IsRootless() || isRootlessCgroupSet(pod.config.CgroupParent) case config.CgroupfsCgroupsManager:
if canUseCgroup { canUseCgroup := !rootless.IsRootless() || isRootlessCgroupSet(pod.config.CgroupParent)
if canUseCgroup {
if pod.config.CgroupParent == "" {
pod.config.CgroupParent = CgroupfsDefaultCgroupParent
} else if strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") {
return nil, errors.Wrapf(define.ErrInvalidArg, "systemd slice received as cgroup parent when using cgroupfs")
}
// If we are set to use pod cgroups, set the cgroup parent that
// all containers in the pod will share
// No need to create it with cgroupfs - the first container to
// launch should do it for us
if pod.config.UsePodCgroup {
pod.state.CgroupPath = filepath.Join(pod.config.CgroupParent, pod.ID())
if p.InfraContainerSpec != nil {
p.InfraContainerSpec.CgroupParent = pod.state.CgroupPath
}
}
}
case config.SystemdCgroupsManager:
if pod.config.CgroupParent == "" { if pod.config.CgroupParent == "" {
pod.config.CgroupParent = CgroupfsDefaultCgroupParent if rootless.IsRootless() {
} else if strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") { pod.config.CgroupParent = SystemdDefaultRootlessCgroupParent
return nil, errors.Wrapf(define.ErrInvalidArg, "systemd slice received as cgroup parent when using cgroupfs") } else {
pod.config.CgroupParent = SystemdDefaultCgroupParent
}
} else if len(pod.config.CgroupParent) < 6 || !strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") {
return nil, errors.Wrapf(define.ErrInvalidArg, "did not receive systemd slice as cgroup parent when using systemd to manage cgroups")
} }
// If we are set to use pod cgroups, set the cgroup parent that // If we are set to use pod cgroups, set the cgroup parent that
// all containers in the pod will share // all containers in the pod will share
// No need to create it with cgroupfs - the first container to
// launch should do it for us
if pod.config.UsePodCgroup { if pod.config.UsePodCgroup {
pod.state.CgroupPath = filepath.Join(pod.config.CgroupParent, pod.ID()) cgroupPath, err := systemdSliceFromPath(pod.config.CgroupParent, fmt.Sprintf("libpod_pod_%s", pod.ID()))
if err != nil {
return nil, errors.Wrapf(err, "unable to create pod cgroup for pod %s", pod.ID())
}
pod.state.CgroupPath = cgroupPath
if p.InfraContainerSpec != nil { if p.InfraContainerSpec != nil {
p.InfraContainerSpec.CgroupParent = pod.state.CgroupPath p.InfraContainerSpec.CgroupParent = pod.state.CgroupPath
} }
} }
default:
return nil, errors.Wrapf(define.ErrInvalidArg, "unsupported Cgroup manager: %s - cannot validate cgroup parent", r.config.Engine.CgroupManager)
} }
case config.SystemdCgroupsManager:
if pod.config.CgroupParent == "" {
if rootless.IsRootless() {
pod.config.CgroupParent = SystemdDefaultRootlessCgroupParent
} else {
pod.config.CgroupParent = SystemdDefaultCgroupParent
}
} else if len(pod.config.CgroupParent) < 6 || !strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") {
return nil, errors.Wrapf(define.ErrInvalidArg, "did not receive systemd slice as cgroup parent when using systemd to manage cgroups")
}
// If we are set to use pod cgroups, set the cgroup parent that
// all containers in the pod will share
if pod.config.UsePodCgroup {
cgroupPath, err := systemdSliceFromPath(pod.config.CgroupParent, fmt.Sprintf("libpod_pod_%s", pod.ID()))
if err != nil {
return nil, errors.Wrapf(err, "unable to create pod cgroup for pod %s", pod.ID())
}
pod.state.CgroupPath = cgroupPath
if p.InfraContainerSpec != nil {
p.InfraContainerSpec.CgroupParent = pod.state.CgroupPath
}
}
default:
return nil, errors.Wrapf(define.ErrInvalidArg, "unsupported Cgroup manager: %s - cannot validate cgroup parent", r.config.Engine.CgroupManager)
} }
if pod.config.UsePodCgroup { if pod.config.UsePodCgroup {

5
test/e2e/containers_conf_test.go
View File

@ -562,6 +562,11 @@ var _ = Describe("Verify podman containers.conf usage", func() {
inspect = podmanTest.Podman([]string{"inspect", "--format", "{{ .HostConfig.Cgroups }}", result.OutputToString()}) inspect = podmanTest.Podman([]string{"inspect", "--format", "{{ .HostConfig.Cgroups }}", result.OutputToString()})
inspect.WaitWithDefaultTimeout() inspect.WaitWithDefaultTimeout()
Expect(inspect.OutputToString()).To(Equal("disabled")) Expect(inspect.OutputToString()).To(Equal("disabled"))
// Check we can also create a pod when cgroups=disabled
result = podmanTest.Podman([]string{"pod", "create"})
result.WaitWithDefaultTimeout()
Expect(result).Should(Exit(0))
}) })
It("podman containers.conf runtime", func() { It("podman containers.conf runtime", func() {