container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-21 01:34:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13061 from flouthoc/podman-vm-delegate-subsystem

Browse source 
ignition, machine: delegate `cpu,io,memory,pid cgroup controllers` to machine's non-root users.
This commit is contained in:
OpenShift Merge Robot 2022-01-28 11:16:10 -05:00 committed by GitHub
parent 1b544b7424 6f2b027b38
commit c2f4747fea
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
pkg/machine/ignition.go
View file

@ -246,6 +246,10 @@ netns="bridge"
`
rootContainers := `[engine]
machine_enabled=true
`
delegateConf := `[Service]
Delegate=memory pids cpu io
`
// Add a fake systemd service to get the user socket rolling
@ -280,6 +284,24 @@ machine_enabled=true
Mode: intToPtr(0744),
},
})
// Set delegate.conf so cpu,io subsystem is delegated to non-root users as well for cgroupv2
// by default
files = append(files, File{
Node: Node{
Group: getNodeGrp("root"),
Path: "/etc/systemd/system/user@.service.d/delegate.conf",
User: getNodeUsr("root"),
},
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: encodeDataURLPtr(delegateConf),
},
Mode: intToPtr(0644),
},
})
// Add a file into linger
files = append(files, File{
Node: Node{