Merge pull request #16377 from giuseppe/add-check-for-valid-pod-syste…

…md-cgroup runtime: add check for valid pod systemd cgroup
containers · Nov 4, 2022 · 5aa32e4 · 5aa32e4
2 parents e3d174a + cac4919
commit 5aa32e4
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
@@ -382,6 +382,13 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 					if err != nil {
 						return nil, fmt.Errorf("retrieving pod %s cgroup: %w", pod.ID(), err)
 					}
+					expectPodCgroup, err := ctr.expectPodCgroup()
+					if err != nil {
+						return nil, err
+					}
+					if expectPodCgroup && podCgroup == "" {
+						return nil, fmt.Errorf("pod %s cgroup is not set: %w", pod.ID(), define.ErrInternal)
+					}
 					ctr.config.CgroupParent = podCgroup
 				case rootless.IsRootless() && ctr.config.CgroupsMode != cgroupSplit:
 					ctr.config.CgroupParent = SystemdDefaultRootlessCgroupParent

diff --git a/test/upgrade/test-upgrade.bats b/test/upgrade/test-upgrade.bats
@@ -320,6 +320,10 @@ failed    | exited     | 17
     run_podman pod start mypod
     is "$output" "[0-9a-f]\\{64\\}" "podman pod start"
 
+    # run a container in an existing pod
+    run_podman run --pod=mypod --ipc=host --rm $IMAGE echo it works
+    is "$output" ".*it works.*" "podman run --pod"
+
     run_podman pod ps
     is "$output" ".*mypod.*" "podman pod ps shows name"
     is "$output" ".*Running.*" "podman pod ps shows running state"