system: add warning when running rootless on cgroupv1 #17589
Conversation
openshift-ci
bot
added
release-note-none
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
approved
|
Quick note: this is likely to cause yet more test breakage when we enable cgroupsv1 tests in Debian (and/or in RHEL gating tests). I don't know which tests will fail, but new warnings == new test failures. |
cmd/podman/system/service_abi.go
Outdated
| @@ -106,6 +108,13 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities | |||
| // Close the fd right away to not leak it during the entire time of the service. | |||
| devNullfile.Close() | |||
|
|
|||
| cgroupv2, _ := cgroups.IsCgroup2UnifiedMode() | |||
| fmt.Printf("rootless.IsRootless() && !cgroupv2 %v %v\n", rootless.IsRootless(), cgroupv2) | |||
There was a problem hiding this comment.
yes sorry for leaving that, dropped now.
edsantiago
added
the
do-not-merge/work-in-progress
|
I am sorry, I know this is rude: I am adding a do-not-merge label. #17305 is really, really close to merging. @cevich has labored many many hours on it over many weeks. I would like that one to merge first, then this one (17589, the warning-message) to rebase and deal with the fallout from the warning message. It is not fair to impose that burden on Chris, or worse on some poor random person who gets the union of both PRs without that conflict resolution. Thank you for understanding. |
|
What are you talking about? 17305 was no effort at all. Passed CI moments after I first pushed it! Thanks Ed, I'm a bit bias, but I agree 😁 17305 has been a proper epic PR with a distro-switch and dredging up of so many long-untested pathways. It was bound to be the nightmare and I'm not surprised conflicts were quick to arise. |
giuseppe
force-pushed
the
add-warning-rootless-system-service-cgroupv1
branch
from
cc15231 to
65432e4
Compare
when running rootless on cgroupv1, Podman+OCI runtime do not setup a separate cgroup for the container. Spawned containers will run in the same cgroup as the podman system service process, thus will be killed when the cgroup is destroyed, as it is the case when running as a systemd service. [NO NEW TESTS NEEDED] Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2170444 Signed-off-by: Giuseppe Scrivano <[email protected]>
giuseppe
force-pushed
the
add-warning-rootless-system-service-cgroupv1
branch
from
65432e4 to
4b3b944
Compare
no that is completely fine. Thanks for blocking it and not causing more issues to the long-standing PR :-) rebased and pushed a new version |
|
LGTM |
|
/lgtm |
openshift-ci
bot
added
the
do-not-merge/hold
edsantiago
removed
do-not-merge/work-in-progress
|
Holds canceled. Thank you! |
github-actions
bot
added
the
locked - please file new issue/PR
when running rootless on cgroupv1, Podman+OCI runtime do not setup a separate cgroup for the container. Spawned containers will run in the same cgroup as the podman system service process, thus will be killed when the cgroup is destroyed, as it is the case when running as a systemd service.
[NO NEW TESTS NEEDED]
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2170444
Does this PR introduce a user-facing change?