12
"github.com/containers/common/pkg/cgroups"
13
"github.com/containers/podman/v5/libpod/define"
14
"github.com/containers/podman/v5/pkg/rootless"
15
"github.com/containers/storage/pkg/fileutils"
16
spec "github.com/opencontainers/runtime-spec/specs-go"
17
"github.com/opencontainers/selinux/go-selinux/label"
18
"github.com/sirupsen/logrus"
19
"golang.org/x/sys/unix"
22
func cgroupExist(path string) bool {
23
cgroupv2, _ := cgroups.IsCgroup2UnifiedMode()
26
fullPath = filepath.Join("/sys/fs/cgroup", path)
28
fullPath = filepath.Join("/sys/fs/cgroup/memory", path)
30
return fileutils.Exists(fullPath) == nil
36
func systemdSliceFromPath(parent, name string, resources *spec.LinuxResources) (string, error) {
37
cgroupPath, systemdPath, err := assembleSystemdCgroupName(parent, name)
42
logrus.Debugf("Created cgroup path %s for parent %s and name %s", systemdPath, parent, name)
44
if !cgroupExist(cgroupPath) {
45
if err := makeSystemdCgroup(systemdPath, resources); err != nil {
46
return "", fmt.Errorf("creating cgroup %s: %w", cgroupPath, err)
50
logrus.Debugf("Created cgroup %s", systemdPath)
52
return cgroupPath, nil
55
func getDefaultSystemdCgroup() string {
56
if rootless.IsRootless() {
57
return SystemdDefaultRootlessCgroupParent
59
return SystemdDefaultCgroupParent
63
func makeSystemdCgroup(path string, resources *spec.LinuxResources) error {
64
res, err := GetLimits(resources)
68
controller, err := cgroups.NewSystemd(getDefaultSystemdCgroup(), &res)
73
if rootless.IsRootless() {
74
return controller.CreateSystemdUserUnit(path, rootless.GetRootlessUID())
76
err = controller.CreateSystemdUnit(path)
84
func deleteSystemdCgroup(path string, resources *spec.LinuxResources) error {
85
res, err := GetLimits(resources)
89
controller, err := cgroups.NewSystemd(getDefaultSystemdCgroup(), &res)
93
if rootless.IsRootless() {
94
conn, err := cgroups.UserConnection(rootless.GetRootlessUID())
99
return controller.DeleteByPathConn(path, conn)
102
return controller.DeleteByPath(path)
109
func assembleSystemdCgroupName(baseSlice, newSlice string) (string, string, error) {
110
const sliceSuffix = ".slice"
112
if !strings.HasSuffix(baseSlice, sliceSuffix) {
113
return "", "", fmt.Errorf("cannot assemble cgroup path with base %q - must end in .slice: %w", baseSlice, define.ErrInvalidArg)
116
noSlice := strings.TrimSuffix(baseSlice, sliceSuffix)
117
systemdPath := fmt.Sprintf("%s/%s-%s%s", baseSlice, noSlice, newSlice, sliceSuffix)
119
if rootless.IsRootless() {
122
uid := rootless.GetRootlessUID()
123
raw := fmt.Sprintf("user.slice/%s-%d.slice/user@%d.service/%s/%s-%s%s", noSlice, uid, uid, baseSlice, noSlice, newSlice, sliceSuffix)
124
return raw, systemdPath, nil
126
return systemdPath, systemdPath, nil
129
var lvpRelabel = label.Relabel
130
var lvpInitLabels = label.InitLabels
131
var lvpReleaseLabel = label.ReleaseLabel
135
func LabelVolumePath(path, mountLabel string) error {
136
if mountLabel == "" {
138
_, mountLabel, err = lvpInitLabels([]string{})
140
return fmt.Errorf("getting default mountlabels: %w", err)
142
if err := lvpReleaseLabel(mountLabel); err != nil {
143
return fmt.Errorf("releasing label %q: %w", mountLabel, err)
147
if err := lvpRelabel(path, mountLabel, true); err != nil {
148
if errors.Is(err, unix.ENOTSUP) {
149
logrus.Debugf("Labeling not supported on %q", path)
151
return fmt.Errorf("setting selinux label for %s to %q as shared: %w", path, mountLabel, err)
158
func Unmount(mount string) {
159
if err := unix.Unmount(mount, unix.MNT_DETACH); err != nil {
160
if err != syscall.EINVAL {
161
logrus.Warnf("Failed to unmount %s : %v", mount, err)
163
logrus.Debugf("failed to unmount %s : %v", mount, err)