Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

move rootless netns slirp4netns process to systemd user.slice #13159

Merged
merged 1 commit into from
Feb 8, 2022
Merged

move rootless netns slirp4netns process to systemd user.slice #13159

merged 1 commit into from
Feb 8, 2022

Conversation

Luap99
Copy link
Member

@Luap99 Luap99 commented Feb 7, 2022

When running podman inside systemd user units, it is possible that
systemd kills the rootless netns slirp4netns process because it was
started in the default unit cgroup. When the unit is stopped all
processes in that cgroup are killed. Since the slirp4netns process is
run once for all containers it should not be killed. To make sure
systemd will not kill the process we move it to the user.slice.

Fixes #13153

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 7, 2022
@Luap99
Copy link
Member Author

Luap99 commented Feb 7, 2022

@mheon @giuseppe PTAL

@mheon
Copy link
Member

mheon commented Feb 7, 2022

Sure, LGTM

vrothberg
vrothberg reviewed Feb 7, 2022
View reviewed changes
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
@edsantiago PTAL

@rhatdan
Copy link
Member

rhatdan commented Feb 7, 2022

/lgtm
/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Feb 7, 2022
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Feb 7, 2022
giuseppe
giuseppe approved these changes Feb 7, 2022
View reviewed changes
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 7, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: giuseppe, Luap99

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

edsantiago
edsantiago reviewed Feb 7, 2022
View reviewed changes
Copy link
Member

@edsantiago edsantiago left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few concerns, not enough to block.

test/system/250-systemd.bats Show resolved Hide resolved
test/system/250-systemd.bats Outdated Show resolved Hide resolved
test/system/250-systemd.bats Show resolved Hide resolved
@Luap99
move rootless netns slirp4netns process to systemd user.slice
8d0fb0a 
When running podman inside systemd user units, it is possible that
systemd kills the rootless netns slirp4netns process because it was
started in the default unit cgroup. When the unit is stopped all
processes in that cgroup are killed. Since the slirp4netns process is
run once for all containers it should not be killed. To make sure
systemd will not kill the process we move it to the user.slice.

Fixes containers#13153

Signed-off-by: Paul Holzinger <[email protected]>
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Feb 7, 2022
@edsantiago
Copy link
Member

LGTM

vrothberg
vrothberg reviewed Feb 8, 2022
View reviewed changes
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Feb 8, 2022
@Luap99
Copy link
Member Author

Luap99 commented Feb 8, 2022

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Feb 8, 2022
@openshift-merge-robot openshift-merge-robot merged commit cbd0980 into containers:main Feb 8, 2022
@Luap99 Luap99 deleted the slirp4-scope branch February 8, 2022 12:42
@edsantiago edsantiago mentioned this pull request Feb 9, 2022
Closed
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@vrothberg vrothberg vrothberg left review comments

@edsantiago edsantiago edsantiago left review comments

@giuseppe giuseppe giuseppe approved these changes

Assignees

@rhatdan rhatdan

@vrothberg vrothberg

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

container can't connect to outer IPs (routing issue?)
7 participants
@Luap99 @mheon @rhatdan @edsantiago @giuseppe @vrothberg @openshift-merge-robot