Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

Fix bug in cgroup creation logic for rootless containers with podman #2177

Closed
amshinde opened this issue Nov 9, 2019 · 0 comments · Fixed by #2178
Closed

Fix bug in cgroup creation logic for rootless containers with podman #2177

amshinde opened this issue Nov 9, 2019 · 0 comments · Fixed by #2178
Labels
bug Incorrect behaviour needs-review Needs to be assessed by the team.

Comments

@amshinde
Copy link
Member

amshinde commented Nov 9, 2019

We should not be creating cgroups for rootless case. But the current logic in place does not implement this correctly.

@amshinde amshinde added bug Incorrect behaviour needs-review Needs to be assessed by the team. labels Nov 9, 2019
amshinde added a commit to amshinde/kata-runtime that referenced this issue Nov 9, 2019
We do not want to create cgroups in case of rootless.
Fix the logic to implement this.

Fixes kata-containers#2177

Signed-off-by: Archana Shinde <[email protected]>
amshinde added a commit to amshinde/kata-runtime that referenced this issue Nov 11, 2019
We do not want to create cgroups in case of rootless.
Fix the logic to implement this.

Fixes kata-containers#2177

Signed-off-by: Archana Shinde <[email protected]>
(cherry picked from commit f6ffb79)
egernst pushed a commit to egernst/runtime that referenced this issue Feb 9, 2021
This includes fix for CVE-2019-19921

3291d66b rootfs: do not permit /proc mounts to non-directories
55f8c254 temporarily disable CRIU tests
5c20ea14 fix merging kata-containers#2177 and kata-containers#2169
8541d9cf Fix race checking for process exit and waiting for exec fifo
52951a7c Fix race in tty integration test with slow startup
8ddd8920 libcontainer: add method to get cgroup config from cgroup
Manager
cd7c59d0 libcontainer: export createCgroupConfig
ec49f98d fs2: support legacy device spec (to pass CI)
88e8350d cgroup2: split fs2 from fs
41a20b58 Expose network interfaces via runc events
48b055c4 Makefile: allow overriding `docker` command
42690e68 Make event types public
faf1e44e cgroup2: ebpf: increase RLIM_MEMLOCK to avoid BPF_PROG_LOAD
error
ccd4436f .travis.yml: add Fedora 31 vagrant box (for cgroup2)
faf673ee cgroup2: port over eBPF device controller from crun
74a3fe5d cgroup2: do not parse /proc/cgroups
9c81440f cgroup2: allow mounting /sys/fs/cgroup in UserNS without
unsharing CgroupNS
13919f5d Remove the static_build build tag.
dbd771e4 cgroup2: implement `runc ps`
9996cf7d README.md: clarify cgroup2 support is not ready for production
d918e7f4 cpuset_v2: skip Apply when no limit is specified
033936ef io_v2.go: remove blkio v1 code
a610a848 criu: Ensure other users cannot read c/r files
b28f58f3 Set unified mountpoint in find mnt func
f017e0f9 checkpoint: Set descriptors.json file mode to 0600
4be50fe3 SECURITY: Add Security Policy
2111613c VERSION: back to development
28e58a0f Support different field counts of cpuaact.stats
e63b797f Handle ENODEV when accessing the freezer.state file
5e0e67d7 fix permission denied
056909bd Adds note about user ns for rootless containers

Fixes kata-containers#719

Signed-off-by: Archana Shinde <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Incorrect behaviour needs-review Needs to be assessed by the team.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant