containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14764 from cdoern/cgroup 

limit cgroupfs when rootless
This commit is contained in:
openshift-ci[bot] 2022-06-29 13:00:03 +00:00 committed by GitHub
parent 6e910a08db 7f994a80de
commit dd924c4078
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libpod/runtime_pod_linux.go
View File

@ -78,6 +78,8 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option
pod.state.CgroupPath = filepath.Join(pod.config.CgroupParent, pod.ID()) pod.state.CgroupPath = filepath.Join(pod.config.CgroupParent, pod.ID())
if p.InfraContainerSpec != nil { if p.InfraContainerSpec != nil {
p.InfraContainerSpec.CgroupParent = pod.state.CgroupPath p.InfraContainerSpec.CgroupParent = pod.state.CgroupPath
// cgroupfs + rootless = permission denied when creating the cgroup.
if !rootless.IsRootless() {
res, err := GetLimits(p.InfraContainerSpec.ResourceLimits) res, err := GetLimits(p.InfraContainerSpec.ResourceLimits)
if err != nil { if err != nil {
return nil, err return nil, err
@ -97,6 +99,7 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option
} }
} }
} }
}
case config.SystemdCgroupsManager: case config.SystemdCgroupsManager:
if pod.config.CgroupParent == "" { if pod.config.CgroupParent == "" {
if rootless.IsRootless() { if rootless.IsRootless() {