From ed9d298fb492ed416dadfbab3704737fbb11480f Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Tue, 25 Nov 2025 12:47:19 +0100 Subject: [PATCH] fix noMoveProcess in SetupRootless Based on the description in commit 63ef557 this was added so that the migrate command does not move the pause process into a separate cgroup. It should however not disable the rejoining of the userns when the pause process join failed. BEcause of this we end up calling migrate without a userns and that then can fail if there are actual contianer it tries to cleanup. Fixes: 63ef5576ed ("command: migrate doesn't move process to cgroup") Signed-off-by: Paul Holzinger --- pkg/domain/infra/abi/system_linux.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pkg/domain/infra/abi/system_linux.go b/pkg/domain/infra/abi/system_linux.go index 4a9ebbd77f..1cfbef3ab2 100644 --- a/pkg/domain/infra/abi/system_linux.go +++ b/pkg/domain/infra/abi/system_linux.go @@ -76,9 +76,6 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool, if became { os.Exit(ret) } - if noMoveProcess { - return nil - } // if there is no pid file, try to join existing containers, and create a pause process. ctrs, err := ic.Libpod.GetRunningContainers() @@ -95,7 +92,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool, became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, paths) } else { became, ret, err = rootless.BecomeRootInUserNS(pausePidPath) - if err == nil { + if err == nil && !noMoveProcess { systemd.MovePauseProcessToScope(pausePidPath) } }