mirror of
https://github.com/containers/podman.git
synced 2025-07-08 13:36:28 +08:00
Merge pull request #11606 from giuseppe/always-move-pause-process-to-scope
runtime: move pause process to scope
This commit is contained in:
@ -35,6 +35,7 @@ import (
|
|||||||
"github.com/containers/podman/v3/pkg/rootless"
|
"github.com/containers/podman/v3/pkg/rootless"
|
||||||
"github.com/containers/podman/v3/pkg/systemd"
|
"github.com/containers/podman/v3/pkg/systemd"
|
||||||
"github.com/containers/podman/v3/pkg/util"
|
"github.com/containers/podman/v3/pkg/util"
|
||||||
|
"github.com/containers/podman/v3/utils"
|
||||||
"github.com/containers/storage"
|
"github.com/containers/storage"
|
||||||
"github.com/containers/storage/pkg/unshare"
|
"github.com/containers/storage/pkg/unshare"
|
||||||
"github.com/docker/docker/pkg/namesgenerator"
|
"github.com/docker/docker/pkg/namesgenerator"
|
||||||
@ -543,6 +544,7 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if became {
|
if became {
|
||||||
|
utils.MovePauseProcessToScope(pausePid)
|
||||||
os.Exit(ret)
|
os.Exit(ret)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3,16 +3,12 @@ package abi
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strconv"
|
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/containers/common/pkg/config"
|
"github.com/containers/common/pkg/config"
|
||||||
"github.com/containers/podman/v3/libpod"
|
|
||||||
"github.com/containers/podman/v3/libpod/define"
|
"github.com/containers/podman/v3/libpod/define"
|
||||||
"github.com/containers/podman/v3/pkg/cgroups"
|
"github.com/containers/podman/v3/pkg/cgroups"
|
||||||
"github.com/containers/podman/v3/pkg/domain/entities"
|
"github.com/containers/podman/v3/pkg/domain/entities"
|
||||||
@ -72,11 +68,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool)
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
runsUnderSystemd := utils.RunsOnSystemd()
|
||||||
initCommand, err := ioutil.ReadFile("/proc/1/comm")
|
|
||||||
// On errors, default to systemd
|
|
||||||
runsUnderSystemd := err != nil || strings.TrimRight(string(initCommand), "\n") == "systemd"
|
|
||||||
|
|
||||||
unitName := fmt.Sprintf("podman-%d.scope", os.Getpid())
|
unitName := fmt.Sprintf("podman-%d.scope", os.Getpid())
|
||||||
if runsUnderSystemd || conf.Engine.CgroupManager == config.SystemdCgroupsManager {
|
if runsUnderSystemd || conf.Engine.CgroupManager == config.SystemdCgroupsManager {
|
||||||
if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil {
|
if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil {
|
||||||
@ -120,18 +112,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool)
|
|||||||
}
|
}
|
||||||
|
|
||||||
became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
|
became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
|
||||||
|
utils.MovePauseProcessToScope(pausePidPath)
|
||||||
if err := movePauseProcessToScope(ic.Libpod); err != nil {
|
|
||||||
conf, err2 := ic.Config(context.Background())
|
|
||||||
if err2 != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if conf.Engine.CgroupManager == config.SystemdCgroupsManager {
|
|
||||||
logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err)
|
|
||||||
} else {
|
|
||||||
logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Error(errors.Wrapf(err, "invalid internal status, try resetting the pause process with %q", os.Args[0]+" system migrate"))
|
logrus.Error(errors.Wrapf(err, "invalid internal status, try resetting the pause process with %q", os.Args[0]+" system migrate"))
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
@ -142,27 +123,6 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool)
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func movePauseProcessToScope(r *libpod.Runtime) error {
|
|
||||||
tmpDir, err := r.TmpDir()
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
pausePidPath, err := util.GetRootlessPauseProcessPidPathGivenDir(tmpDir)
|
|
||||||
if err != nil {
|
|
||||||
return errors.Wrapf(err, "could not get pause process pid file path")
|
|
||||||
}
|
|
||||||
data, err := ioutil.ReadFile(pausePidPath)
|
|
||||||
if err != nil {
|
|
||||||
return errors.Wrapf(err, "cannot read pause pid file")
|
|
||||||
}
|
|
||||||
pid, err := strconv.ParseUint(string(data), 10, 0)
|
|
||||||
if err != nil {
|
|
||||||
return errors.Wrapf(err, "cannot parse pid file %s", pausePidPath)
|
|
||||||
}
|
|
||||||
|
|
||||||
return utils.RunUnderSystemdScope(int(pid), "user.slice", "podman-pause.scope")
|
|
||||||
}
|
|
||||||
|
|
||||||
// SystemPrune removes unused data from the system. Pruning pods, containers, volumes and images.
|
// SystemPrune removes unused data from the system. Pruning pods, containers, volumes and images.
|
||||||
func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.SystemPruneOptions) (*entities.SystemPruneReport, error) {
|
func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.SystemPruneOptions) (*entities.SystemPruneReport, error) {
|
||||||
var systemPruneReport = new(entities.SystemPruneReport)
|
var systemPruneReport = new(entities.SystemPruneReport)
|
||||||
|
@ -4,10 +4,12 @@ import (
|
|||||||
"bytes"
|
"bytes"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
|
|
||||||
"github.com/containers/podman/v3/libpod/define"
|
"github.com/containers/podman/v3/libpod/define"
|
||||||
"github.com/containers/storage/pkg/archive"
|
"github.com/containers/storage/pkg/archive"
|
||||||
@ -155,3 +157,43 @@ func RemoveScientificNotationFromFloat(x float64) (float64, error) {
|
|||||||
}
|
}
|
||||||
return result, nil
|
return result, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
runsOnSystemdOnce sync.Once
|
||||||
|
runsOnSystemd bool
|
||||||
|
)
|
||||||
|
|
||||||
|
// RunsOnSystemd returns whether the system is using systemd
|
||||||
|
func RunsOnSystemd() bool {
|
||||||
|
runsOnSystemdOnce.Do(func() {
|
||||||
|
initCommand, err := ioutil.ReadFile("/proc/1/comm")
|
||||||
|
// On errors, default to systemd
|
||||||
|
runsOnSystemd = err != nil || strings.TrimRight(string(initCommand), "\n") == "systemd"
|
||||||
|
})
|
||||||
|
return runsOnSystemd
|
||||||
|
}
|
||||||
|
|
||||||
|
func moveProcessToScope(pidPath, slice, scope string) error {
|
||||||
|
data, err := ioutil.ReadFile(pidPath)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrapf(err, "cannot read pid file %s", pidPath)
|
||||||
|
}
|
||||||
|
pid, err := strconv.ParseUint(string(data), 10, 0)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrapf(err, "cannot parse pid file %s", pidPath)
|
||||||
|
}
|
||||||
|
return RunUnderSystemdScope(int(pid), slice, scope)
|
||||||
|
}
|
||||||
|
|
||||||
|
// MovePauseProcessToScope moves the pause process used for rootless mode to keep the namespaces alive to
|
||||||
|
// a separate scope.
|
||||||
|
func MovePauseProcessToScope(pausePidPath string) {
|
||||||
|
err := moveProcessToScope(pausePidPath, "user.slice", "podman-pause.scope")
|
||||||
|
if err != nil {
|
||||||
|
if RunsOnSystemd() {
|
||||||
|
logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err)
|
||||||
|
} else {
|
||||||
|
logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Reference in New Issue
Block a user