diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index a870117d93..8a452f3403 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -600,6 +600,13 @@ func SkipIfNotRootless(reason string) { } } +func SkipIfNotSystemd(manager, reason string) { + checkReason(reason) + if manager != "systemd" { + ginkgo.Skip("[notSystemd]: " + reason) + } +} + func SkipIfNotFedora() { info := GetHostDistributionInfo() if info.Distribution != "fedora" { diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 19060ecdc4..7d367cccf5 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1185,6 +1185,37 @@ USER mail` Expect(found).To(BeTrue()) }) + It("podman run with cgroups=split", func() { + SkipIfNotSystemd(podmanTest.CgroupManager, "do not test --cgroups=split if not running on systemd") + SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users") + SkipIfRemote("--cgroups=split cannot be used in remote mode") + + container := podmanTest.Podman([]string{"run", "--rm", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"}) + container.WaitWithDefaultTimeout() + Expect(container.ExitCode()).To(Equal(0)) + lines := container.OutputToStringArray() + + cgroup := "" + for _, line := range lines { + parts := strings.SplitN(line, ":", 3) + if !CGROUPSV2 { + // ignore unified on cgroup v1 + // both runc and crun do not set it. + if parts[1] == "" { + continue + } + } + if parts[2] == "/" { + continue + } + if cgroup == "" { + cgroup = parts[2] + continue + } + Expect(cgroup).To(Equal(parts[2])) + } + }) + It("podman run with cgroups=disabled runs without cgroups", func() { SkipIfRootless("FIXME: I believe this should work but need to fix this test") SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users") diff --git a/utils/utils_supported.go b/utils/utils_supported.go index 6f517dc72e..73313cf5ee 100644 --- a/utils/utils_supported.go +++ b/utils/utils_supported.go @@ -81,16 +81,9 @@ func getCgroupProcess(procFile string) (string, error) { cgroup = line[3:] break } - // root cgroup, skip it - if parts[2] == "/" { - continue - } - // The process must have the same cgroup path for all controllers - // The OCI runtime spec file allow us to specify only one path. - if cgroup != "/" && cgroup != parts[2] { - return "", errors.Errorf("cgroup configuration not supported, the process is in two different cgroups") + if len(parts[2]) > len(cgroup) { + cgroup = parts[2] } - cgroup = parts[2] } if cgroup == "/" { return "", errors.Errorf("could not find cgroup mount in %q", procFile) @@ -150,6 +143,11 @@ func moveUnderCgroup(cgroup, subtree string, processes []uint32) error { // If it is not using unified mode, the cgroup v2 hierarchy is // usually mounted under /sys/fs/cgroup/unified cgroupRoot = filepath.Join(cgroupRoot, "unified") + + // Ignore the unified mount if it doesn't exist + if _, err := os.Stat(cgroupRoot); err != nil && os.IsNotExist(err) { + continue + } } else if parts[1] != "" { // Assume the controller is mounted at /sys/fs/cgroup/$CONTROLLER. controller := strings.TrimPrefix(parts[1], "name=") @@ -161,7 +159,7 @@ func moveUnderCgroup(cgroup, subtree string, processes []uint32) error { parentCgroup = parts[2] } newCgroup := filepath.Join(cgroupRoot, parentCgroup, subtree) - if err := os.Mkdir(newCgroup, 0755); err != nil && !os.IsExist(err) { + if err := os.MkdirAll(newCgroup, 0755); err != nil && !os.IsExist(err) { return err } @@ -183,6 +181,9 @@ func moveUnderCgroup(cgroup, subtree string, processes []uint32) error { return err } for _, pid := range bytes.Split(processesData, []byte("\n")) { + if len(pid) == 0 { + continue + } if _, err := f.Write(pid); err != nil { logrus.Warnf("Cannot move process %s to cgroup %q", string(pid), newCgroup) }