opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-19 07:09:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Do not mount sysfs as rootless in more cases

Browse Source 
We can't mount sysfs as rootless unless we manage the network
namespace. Problem: slirp4netns is now creating and managing a
network namespace separate from the OCI runtime, so we can't
mount sysfs in many circumstances. The `crun` OCI runtime will
automatically handle this by falling back to a bind mount, but
`runc` will not, so we didn't notice until RHEL gating tests ran
on the new branch.

Signed-off-by: Matthew Heon <mheon@redhat.com>
This commit is contained in:
Matthew Heon
2020-12-02 15:01:46 -05:00
parent ce45b71dcf
commit 95c45773d7
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
test/e2e/run_memory_test.go
View File

@@ -38,7 +38,7 @@ var _ = Describe("Podman run memory", func() {
var session *PodmanSessionIntegration
if CGROUPSV2 {
session = podmanTest.Podman([]string{"run", "--memory=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.max"})
session = podmanTest.Podman([]string{"run", "--memory=40m", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.max"})
} else {
session = podmanTest.Podman([]string{"run", "--memory=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.limit_in_bytes"})
}
@@ -55,7 +55,7 @@ var _ = Describe("Podman run memory", func() {
var session *PodmanSessionIntegration
if CGROUPSV2 {
session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"})
session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"})
} else {
session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"})
}
@@ -81,7 +81,7 @@ var _ = Describe("Podman run memory", func() {
var session *PodmanSessionIntegration
if CGROUPSV2 {
session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"})
session = podmanTest.Podman([]string{"run", "--net=none", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"})
} else {
session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"})
}

2
test/e2e/run_test.go
View File

@@ -1267,7 +1267,7 @@ USER mail`
It("podman run verify pids-limit", func() {
SkipIfCgroupV1("pids-limit not supported on cgroup V1")
limit := "4321"
session := podmanTest.Podman([]string{"run", "--pids-limit", limit, "--rm", ALPINE, "cat", "/sys/fs/cgroup/pids.max"})
session := podmanTest.Podman([]string{"run", "--pids-limit", limit, "--net=none", "--rm", ALPINE, "cat", "/sys/fs/cgroup/pids.max"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(ContainSubstring(limit))