opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-25 03:52:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13061 from flouthoc/podman-vm-delegate-subsystem

Browse Source 
ignition, machine: delegate `cpu,io,memory,pid cgroup controllers` to machine's non-root users.
This commit is contained in:
OpenShift Merge Robot
2022-01-28 11:16:10 -05:00
committed by GitHub
parent 1b544b7424 6f2b027b38
commit c2f4747fea
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/machine/ignition.go
View File

@ -246,6 +246,10 @@ netns="bridge"
` `
rootContainers := `[engine] rootContainers := `[engine]
machine_enabled=true machine_enabled=true
`
delegateConf := `[Service]
Delegate=memory pids cpu io
` `
// Add a fake systemd service to get the user socket rolling // Add a fake systemd service to get the user socket rolling
@ -280,6 +284,24 @@ machine_enabled=true
Mode: intToPtr(0744), Mode: intToPtr(0744),
}, },
}) })
// Set delegate.conf so cpu,io subsystem is delegated to non-root users as well for cgroupv2
// by default
files = append(files, File{
Node: Node{
Group: getNodeGrp("root"),
Path: "/etc/systemd/system/user@.service.d/delegate.conf",
User: getNodeUsr("root"),
},
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: encodeDataURLPtr(delegateConf),
},
Mode: intToPtr(0644),
},
})
// Add a file into linger // Add a file into linger
files = append(files, File{ files = append(files, File{
Node: Node{ Node: Node{