opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-20 00:27:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

Support running podman under a root v2 cgroup

Browse Source 
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
This commit is contained in:
Jason T. Greene
2022-05-20 21:19:38 -05:00
parent 5c51e1d26e
commit 94e82121bf
8 changed files with 51 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
utils/testdata/cgroup.empty vendored Normal file
View File

1
utils/testdata/cgroup.other vendored Normal file
View File

@ -0,0 +1 @@
0::/other

1
utils/testdata/cgroup.root vendored Normal file
View File

@ -0,0 +1 @@
0::/

14
utils/utils_supported.go
View File

@ -64,7 +64,7 @@ func RunUnderSystemdScope(pid int, slice string, unitName string) error {
return nil
}
func getCgroupProcess(procFile string) (string, error) {
func getCgroupProcess(procFile string, allowRoot bool) (string, error) {
f, err := os.Open(procFile)
if err != nil {
return "", err
@ -72,7 +72,7 @@ func getCgroupProcess(procFile string) (string, error) {
defer f.Close()
scanner := bufio.NewScanner(f)
cgroup := "/"
cgroup := ""
for scanner.Scan() {
line := scanner.Text()
parts := strings.SplitN(line, ":", 3)
@ -87,7 +87,7 @@ func getCgroupProcess(procFile string) (string, error) {
cgroup = parts[2]
}
}
if cgroup == "/" {
if len(cgroup) == 0 || (!allowRoot && cgroup == "/") {
return "", errors.Errorf("could not find cgroup mount in %q", procFile)
}
return cgroup, nil
@ -95,12 +95,16 @@ func getCgroupProcess(procFile string) (string, error) {
// GetOwnCgroup returns the cgroup for the current process.
func GetOwnCgroup() (string, error) {
return getCgroupProcess("/proc/self/cgroup")
return getCgroupProcess("/proc/self/cgroup", true)
}
func GetOwnCgroupDisallowRoot() (string, error) {
return getCgroupProcess("/proc/self/cgroup", false)
}
// GetCgroupProcess returns the cgroup for the specified process process.
func GetCgroupProcess(pid int) (string, error) {
return getCgroupProcess(fmt.Sprintf("/proc/%d/cgroup", pid))
return getCgroupProcess(fmt.Sprintf("/proc/%d/cgroup", pid), true)
}
// MoveUnderCgroupSubtree moves the PID under a cgroup subtree.

26
utils/utils_test.go Normal file
View File

@ -0,0 +1,26 @@
//go:build linux || darwin
// +build linux darwin
package utils
import (
"testing"
"github.com/stretchr/testify/assert"
)
func TestCgroupProcess(t *testing.T) {
val, err := getCgroupProcess("testdata/cgroup.root", true)
assert.Nil(t, err)
assert.Equal(t, "/", val)
_, err = getCgroupProcess("testdata/cgroup.root", false)
assert.NotNil(t, err)
val, err = getCgroupProcess("testdata/cgroup.other", true)
assert.Nil(t, err)
assert.Equal(t, "/other", val)
_, err = getCgroupProcess("testdata/cgroup.empty", true)
assert.NotNil(t, err)
}

4
utils/utils_windows.go
View File

@ -17,6 +17,10 @@ func GetOwnCgroup() (string, error) {
return "", errors.New("not implemented for windows")
}
func GetOwnCgroupDisallowRoot() (string, error) {
return "", errors.New("not implemented for windows")
}
func GetCgroupProcess(pid int) (string, error) {
return "", errors.New("not implemented for windows")
}