mirror of
https://github.com/opencontainers/runc.git
synced 2025-04-18 19:44:09 +03:00
bf15cc99b1
Tested with both Podman (master) and Moby (master), on Ubuntu 19.10 . $ podman --cgroup-manager=systemd run -it --rm --runtime=runc \ --cgroupns=host --memory 42m --cpus 0.42 --pids-limit 42 alpine / # cat /proc/self/cgroup 0::/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope / # cat /sys/fs/cgroup/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope/memory.max 44040192 / # cat /sys/fs/cgroup/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope/cpu.max 42000 100000 / # cat /sys/fs/cgroup/user.slice/user-1001.slice/user@1001.service/user.slice/libpod-132ff0d72245e6f13a3bbc6cdc5376886897b60ac59eaa8dea1df7ab959cbf1c.scope/pids.max 42 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
55 lines
1.2 KiB
Go
55 lines
1.2 KiB
Go
// +build linux
|
|
|
|
package main
|
|
|
|
import (
|
|
"os"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/system"
|
|
"github.com/urfave/cli"
|
|
)
|
|
|
|
func shouldUseRootlessCgroupManager(context *cli.Context) (bool, error) {
|
|
if context != nil {
|
|
b, err := parseBoolOrAuto(context.GlobalString("rootless"))
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
// nil b stands for "auto detect"
|
|
if b != nil {
|
|
return *b, nil
|
|
}
|
|
}
|
|
if os.Geteuid() != 0 {
|
|
return true, nil
|
|
}
|
|
if !system.RunningInUserNS() {
|
|
// euid == 0 , in the initial ns (i.e. the real root)
|
|
return false, nil
|
|
}
|
|
// euid = 0, in a userns.
|
|
// As we are unaware of cgroups path, we can't determine whether we have the full
|
|
// access to the cgroups path.
|
|
// Either way, we can safely decide to use the rootless cgroups manager.
|
|
return true, nil
|
|
}
|
|
|
|
func shouldHonorXDGRuntimeDir() bool {
|
|
if os.Getenv("XDG_RUNTIME_DIR") == "" {
|
|
return false
|
|
}
|
|
if os.Geteuid() != 0 {
|
|
return true
|
|
}
|
|
if !system.RunningInUserNS() {
|
|
// euid == 0 , in the initial ns (i.e. the real root)
|
|
// in this case, we should use /run/runc and ignore
|
|
// $XDG_RUNTIME_DIR (e.g. /run/user/0) for backward
|
|
// compatibility.
|
|
return false
|
|
}
|
|
// euid = 0, in a userns.
|
|
u, ok := os.LookupEnv("USER")
|
|
return !ok || u != "root"
|
|
}
|