opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-26 18:54:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8561 from mheon/fix_gating

Browse Source 
Do not mount sysfs as rootless in more cases
This commit is contained in:
OpenShift Merge Robot
2020-12-07 11:38:18 -05:00
committed by GitHub
parent 225907536f 95c45773d7
commit aac03d4a32
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/specgen/generate/oci.go
View File

@ -165,7 +165,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
inUserNS = true inUserNS = true
} }
} }
if inUserNS && s.NetNS.IsHost() { if inUserNS && s.NetNS.NSMode != specgen.NoNetwork {
canMountSys = false canMountSys = false
} }

6
test/e2e/run_memory_test.go
View File

@ -38,7 +38,7 @@ var _ = Describe("Podman run memory", func() {
var session *PodmanSessionIntegration var session *PodmanSessionIntegration
if CGROUPSV2 { if CGROUPSV2 {
session = podmanTest.Podman([]string{"run", "--memory=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.max"}) session = podmanTest.Podman([]string{"run", "--memory=40m", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.max"})
} else { } else {
session = podmanTest.Podman([]string{"run", "--memory=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.limit_in_bytes"}) session = podmanTest.Podman([]string{"run", "--memory=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.limit_in_bytes"})
} }
@ -55,7 +55,7 @@ var _ = Describe("Podman run memory", func() {
var session *PodmanSessionIntegration var session *PodmanSessionIntegration
if CGROUPSV2 { if CGROUPSV2 {
session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"}) session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"})
} else { } else {
session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"}) session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"})
} }
@ -81,7 +81,7 @@ var _ = Describe("Podman run memory", func() {
var session *PodmanSessionIntegration var session *PodmanSessionIntegration
if CGROUPSV2 { if CGROUPSV2 {
session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"}) session = podmanTest.Podman([]string{"run", "--net=none", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"})
} else { } else {
session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"}) session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"})
} }

2
test/e2e/run_test.go
View File

@ -1300,7 +1300,7 @@ USER mail`
It("podman run verify pids-limit", func() { It("podman run verify pids-limit", func() {
SkipIfCgroupV1("pids-limit not supported on cgroup V1") SkipIfCgroupV1("pids-limit not supported on cgroup V1")
limit := "4321" limit := "4321"
session := podmanTest.Podman([]string{"run", "--pids-limit", limit, "--rm", ALPINE, "cat", "/sys/fs/cgroup/pids.max"}) session := podmanTest.Podman([]string{"run", "--pids-limit", limit, "--net=none", "--rm", ALPINE, "cat", "/sys/fs/cgroup/pids.max"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0)) Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(ContainSubstring(limit)) Expect(session.OutputToString()).To(ContainSubstring(limit))