-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--cgroup-parent
has no effect
#10173
Comments
You probably need to use |
I already invoke Podman with |
Are you running the script as root, or a non-root user? |
Non-root - that is why I acquire the scope via systemd. My goal is to collect accounting information when the container exists, so that's why I would like to run in a separate cgroup. |
Out of curiosity: can you try the |
Could you be more specific? I am rather noob when it comes to the implementation of containers so I probably miss the relation between podman and runc. Where should I specify |
Add to your |
When I issue the podman commands with:
I expect that it should run under |
The crun bit does sound like a bug, then. @giuseppe PTAL |
And the |
The |
Yeh, but it creates it outside the specified |
Ah, yes - that definitely does sound like a bug. |
No matter how deep I create the hierarchy of cgroups, |
Looking at the code further: it looks like we're not actually doing anything with cgroups (just setting the path to "") in the rootless Podman + cgroupfs case. @giuseppe Did we do this for a specific reason? And if so, should cgroupfs + |
Is there a reason why |
I think that is an error. If |
I think we should have: diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index eb70f92a9..254fd2fe6 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2224,12 +2224,11 @@ func (c *Container) getOCICgroupPath() (string, error) {
}
cgroupManager := c.CgroupManager()
switch {
+ case c.config.CgroupParent != "":
+ return c.config.CgroupParent, nil
case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)) || c.config.NoCgroups:
return "", nil
case c.config.CgroupsMode == cgroupSplit:
- if c.config.CgroupParent != "" {
- return c.config.CgroupParent, nil
- }
selfCgroup, err := utils.GetOwnCgroup()
if err != nil {
return "", err |
PR here: #10177 |
if --cgroup-parent is specified, always honor it without doing any detection whether cgroups are supported or not. Closes: containers#10173 Signed-off-by: Giuseppe Scrivano <[email protected]>
It works, thank you. |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
Podman creates container's cgroup under parent's cgroup instead of the one specified via
--cgroup-parent
.Steps to reproduce the issue:
Follow this script:
Describe the results you received:
Podman creates container's cgroup under parent's cgroup instead of the one specified via
--cgroup-parent
.Describe the results you expected:
Podman creates the container's cgroup under the cgroup specified via
---cgroup-parent
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
Ubuntu 20.04 on a desktop
The text was updated successfully, but these errors were encountered: