From 08f76bf7a50e0ff5953a613c51ddc417a3f2d783 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 15 Dec 2020 12:45:24 +0100 Subject: [PATCH 1/2] libpod, conmon: change log level for rootless Change the log level when running as rootless when moving conmon to a different cgroup. Closes: https://github.com/containers/podman/issues/8721 Signed-off-by: Giuseppe Scrivano --- libpod/oci_conmon_linux.go | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 307b9bc549..7e0a1d4577 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -1433,6 +1433,14 @@ func (r *ConmonOCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec } if mustCreateCgroup { + // Usually rootless users are not allowed to configure cgroupfs. + // There are cases though, where it is allowed, e.g. if the cgroup + // is manually configured and chowned). Avoid detecting all + // such cases and simply use a lower log level. + logLevel := logrus.WarnLevel + if rootless.IsRootless() { + logLevel = logrus.InfoLevel + } // TODO: This should be a switch - we are not guaranteed that // there are only 2 valid cgroup managers cgroupParent := ctr.CgroupParent() @@ -1447,17 +1455,17 @@ func (r *ConmonOCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec logrus.Infof("Running conmon under slice %s and unitName %s", realCgroupParent, unitName) if err := utils.RunUnderSystemdScope(cmd.Process.Pid, realCgroupParent, unitName); err != nil { - logrus.Warnf("Failed to add conmon to systemd sandbox cgroup: %v", err) + logrus.StandardLogger().Logf(logLevel, "Failed to add conmon to systemd sandbox cgroup: %v", err) } } else { cgroupPath := filepath.Join(ctr.config.CgroupParent, "conmon") control, err := cgroups.New(cgroupPath, &spec.LinuxResources{}) if err != nil { - logrus.Warnf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err) + logrus.StandardLogger().Logf(logLevel, "Failed to add conmon to cgroupfs sandbox cgroup: %v", err) } else if err := control.AddPid(cmd.Process.Pid); err != nil { // we need to remove this defer and delete the cgroup once conmon exits // maybe need a conmon monitor? - logrus.Warnf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err) + logrus.StandardLogger().Logf(logLevel, "Failed to add conmon to cgroupfs sandbox cgroup: %v", err) } } } From 8bfba70185cf0d0eba3b98dbc2defebf97ffb3e4 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 15 Dec 2020 20:07:34 +0100 Subject: [PATCH 2/2] contrib: drop mirror.chpc.utah.edu:443 remove unused mirror from list of required host/ports: the host is unreachable due to DNS misconfiguration, and it doesn't look like we need it for anything anyway. Signed-off-by: Giuseppe Scrivano --- contrib/cirrus/required_host_ports.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/contrib/cirrus/required_host_ports.txt b/contrib/cirrus/required_host_ports.txt index 85a6c26bee..140e2c32fb 100644 --- a/contrib/cirrus/required_host_ports.txt +++ b/contrib/cirrus/required_host_ports.txt @@ -5,7 +5,6 @@ registry.fedoraproject.org 443 mirrors.fedoraproject.org 443 dl.fedoraproject.org 443 ewr.edge.kernel.org 443 -mirror.chpc.utah.edu 443 mirror.clarkson.edu 443 mirror.umd.edu 443 mirror.vcu.edu 443