libpod: create the cgroup pod before containers

When a container is created and it is part of a pod, we ensure the pod cgroup exists so limits can be applied on the pod cgroup. Closes: containers#19175 Signed-off-by: Giuseppe Scrivano <[email protected]>
giuseppe · Sep 8, 2023 · b8f6a12 · b8f6a12
1 parent 331b3c2
commit b8f6a12
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
@@ -1028,6 +1028,19 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error {
 	shutdown.Inhibit()
 	defer shutdown.Uninhibit()
 
+	// If the container is part of a pod, make sure the pod cgroup is created before the container
+	// so the limits can be applied.
+	if c.PodID() != "" {
+		pod, err := c.runtime.LookupPod(c.PodID())
+		if err != nil {
+			return err
+		}
+
+		if _, err := c.runtime.platformMakePod(pod, &pod.config.ResourceLimits); err != nil {
+			return err
+		}
+	}
+
 	// With the spec complete, do an OCI create
 	if _, err = c.ociRuntime.CreateContainer(c, nil); err != nil {
 		return err