-
Notifications
You must be signed in to change notification settings - Fork 762
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow rootless buildah to set resource limits on cgroup V2 #3594
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@nalind @giuseppe This seems to work, but Buildah is getting a different cgroupfs mounted then Podman.
But Buildah sees
Any idea what I am doing wrong? |
are you adding a With cgroupv2 we do that by default, while on cgroupv1 by default it is |
Ok it looks like buildah does not do anything with cgroupns. We need to add that support. |
I've looked and we already use a cgroupns. I think we are hitting: containers/crun#765 |
Do we have a new crun release? |
I'll work on a new one now, I need to fix the CI first :/ I've also found another issue in Buildah while debugging this PR: #3614 |
tagging one: containers/crun#770 |
the new builds are on Bodhi |
4753038
to
b899f75
Compare
d2bf90d
to
ed556f0
Compare
ac7c9f7
to
818a01e
Compare
Verifying containers/common#854 |
b42bb16
to
55596e1
Compare
@vrothberg Latest containers/common filters patch is passing here now. |
@nalind @giuseppe @flouthoc @vrothberg @TomSweeneyRedHat @umohnani8 This is ready to review. |
LGTM |
DefaultAction Action `json:"defaultAction"` | ||
DefaultAction Action `json:"defaultAction"` | ||
|
||
// DefaultErrnoRet is obsolete, please use DefaultErrno |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to update our seccomp handling in chroot
to account for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@giuseppe PTAL
@@ -61,7 +63,8 @@ func (r *Runtime) Import(ctx context.Context, path string, options *ImportOption | |||
u, err := url.ParseRequestURI(path) | |||
if err == nil && u.Scheme != "" { | |||
// If source is a URL, download the file. | |||
file, err := r.downloadFromURL(path) | |||
fmt.Printf("Downloading from %q\n", path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a bug?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vrothberg PTAL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's preserving previous behavior, see containers/common@2f3c4bcdfdcf. But I am for changing the behavior. Libraries should not print on stdout.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well that should happen in a separate PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, that's what I also wrote in the PR of containers/common@2f3c4bcdfdcf. It may require changes to Podman to preserve behavior but I did not investigate.
First move podman/pkg/cgroups into Buildah. Only set resources to nil on non cgroupsv2 systems in rootless mode. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The changes in here LGTM. Are we holding this for an update to common to fix the printf and/or updates to Podman? |
First move podman/pkg/cgroups into Buildah.
Only set resources to nil on non cgroupsv2 systems in rootless mode.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
What type of PR is this?
What this PR does / why we need it:
How to verify it
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?