stats: fix cgroup path for rootless containers

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-05-17 23:26:08 +08:00 · 2019-06-19 14:22:09 +02:00
parent 1778bfa5fe
commit e27fef335a
5 changed files with 33 additions and 4 deletions
--- a/libpod/container.go
+++ b/libpod/container.go
@ -14,6 +14,7 @@ import (
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/libpod/lock"
 	"github.com/containers/libpod/pkg/namespaces"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/storage"
 	"github.com/cri-o/ocicni/pkg/ocicni"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
@ -52,6 +53,10 @@ const CgroupfsDefaultCgroupParent = "/libpod_parent"
 // manager in libpod
 const SystemdDefaultCgroupParent = "machine.slice"

+// SystemdDefaultRootlessCgroupParent is the cgroup parent for the systemd cgroup
+// manager in libpod when running as rootless
+const SystemdDefaultRootlessCgroupParent = "user.slice"
+
 // JournaldLogging is the string conmon expects to specify journald logging
 const JournaldLogging = "journald"

@ -1109,6 +1114,10 @@ func (c *Container) CGroupPath() (string, error) {
 	case CgroupfsCgroupsManager:
 		return filepath.Join(c.config.CgroupParent, fmt.Sprintf("libpod-%s", c.ID())), nil
 	case SystemdCgroupsManager:
+		if rootless.IsRootless() {
+			uid := rootless.GetRootlessUID()
+			return filepath.Join(c.config.CgroupParent, fmt.Sprintf("user-%d.slice/user@%d.service/user.slice", uid, uid), createUnitName("libpod", c.ID())), nil
+		}
 		return filepath.Join(c.config.CgroupParent, createUnitName("libpod", c.ID())), nil
 	default:
 		return "", errors.Wrapf(define.ErrInvalidArg, "unsupported CGroup manager %s in use", c.runtime.config.CgroupManager)
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@ -23,6 +23,7 @@ import (
 	"github.com/containers/libpod/libpod/define"
 	crioAnnotations "github.com/containers/libpod/pkg/annotations"
 	"github.com/containers/libpod/pkg/apparmor"
+	"github.com/containers/libpod/pkg/cgroups"
 	"github.com/containers/libpod/pkg/criu"
 	"github.com/containers/libpod/pkg/lookup"
 	"github.com/containers/libpod/pkg/resolvconf"
@ -350,7 +351,11 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 		g.AddProcessEnv("container", "libpod")
 	}

-	if rootless.IsRootless() {
+	unified, err := cgroups.IsCgroup2UnifiedMode()
+	if err != nil {
+		return nil, err
+	}
+	if rootless.IsRootless() && !unified {
 		g.SetLinuxCgroupsPath("")
 	} else if c.runtime.config.CgroupManager == SystemdCgroupsManager {
 		// When runc is set to use Systemd as a cgroup manager, it
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@ -191,6 +191,8 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container, restore bo
 					return nil, errors.Wrapf(err, "error retrieving pod %s cgroup", pod.ID())
 				}
 				ctr.config.CgroupParent = podCgroup
+			} else if rootless.IsRootless() {
+				ctr.config.CgroupParent = SystemdDefaultRootlessCgroupParent
 			} else {
 				ctr.config.CgroupParent = SystemdDefaultCgroupParent
 			}
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@ -12,6 +12,7 @@ import (
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/libpod/events"
 	"github.com/containers/libpod/pkg/cgroups"
+	"github.com/containers/libpod/pkg/rootless"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@ -78,7 +79,11 @@ func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (*Pod,
 		}
 	case SystemdCgroupsManager:
 		if pod.config.CgroupParent == "" {
+			if rootless.IsRootless() {
+				pod.config.CgroupParent = SystemdDefaultRootlessCgroupParent
+			} else {
 				pod.config.CgroupParent = SystemdDefaultCgroupParent
+			}
 		} else if len(pod.config.CgroupParent) < 6 || !strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") {
 			return nil, errors.Wrapf(define.ErrInvalidArg, "did not receive systemd slice as cgroup parent when using systemd to manage cgroups")
 		}
--- a/libpod/util_linux.go
+++ b/libpod/util_linux.go
@ -8,6 +8,7 @@ import (

 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/pkg/cgroups"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@ -33,9 +34,16 @@ func systemdSliceFromPath(parent, name string) (string, error) {
 	return cgroupPath, nil
 }

+func getDefaultSystemdCgroup() string {
+	if rootless.IsRootless() {
+		return SystemdDefaultRootlessCgroupParent
+	}
+	return SystemdDefaultCgroupParent
+}
+
 // makeSystemdCgroup creates a systemd CGroup at the given location.
 func makeSystemdCgroup(path string) error {
-	controller, err := cgroups.NewSystemd(SystemdDefaultCgroupParent)
+	controller, err := cgroups.NewSystemd(getDefaultSystemdCgroup())
 	if err != nil {
 		return err
 	}
@ -45,7 +53,7 @@ func makeSystemdCgroup(path string) error {

 // deleteSystemdCgroup deletes the systemd cgroup at the given location
 func deleteSystemdCgroup(path string) error {
-	controller, err := cgroups.NewSystemd(SystemdDefaultCgroupParent)
+	controller, err := cgroups.NewSystemd(getDefaultSystemdCgroup())
 	if err != nil {
 		return err
 	}