39 lines
1.4 KiB
Diff
39 lines
1.4 KiB
Diff
From 2132cc52fbf68f9bfaf5dd18a1a5a25ecdd37929 Mon Sep 17 00:00:00 2001
|
|
From: Kir Kolyshkin <kolyshkin@gmail.com>
|
|
Date: Thu, 23 Mar 2023 11:57:46 -0700
|
|
Subject: [PATCH] runc run: refuse a non-empty cgroup
|
|
|
|
Commit d08bc0c1b3bb2 ("runc run: warn on non-empty cgroup") introduced
|
|
a warning when a container is started in a non-empty cgroup. Such
|
|
configuration has lots of issues.
|
|
|
|
In addition to that, such configuration is not possible at all when
|
|
using the systemd cgroup driver.
|
|
|
|
As planned, let's promote this warning to an error, and fix the test
|
|
case accordingly.
|
|
|
|
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
|
---
|
|
libcontainer/factory_linux.go | 4 +---
|
|
1 file changed, 1 insertion(+), 3 deletions(-)
|
|
|
|
diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go
|
|
index e6c71ac3..39fc3121 100644
|
|
--- a/libcontainer/factory_linux.go
|
|
+++ b/libcontainer/factory_linux.go
|
|
@@ -179,9 +179,7 @@ func (l *LinuxFactory) Create(id string, config *configs.Config) (Container, err
|
|
return nil, fmt.Errorf("unable to get cgroup PIDs: %w", err)
|
|
}
|
|
if len(pids) != 0 {
|
|
- // TODO: return an error.
|
|
- logrus.Warnf("container's cgroup is not empty: %d process(es) found", len(pids))
|
|
- logrus.Warn("DEPRECATED: running container in a non-empty cgroup won't be supported in runc 1.2; https://github.com/opencontainers/runc/issues/3132")
|
|
+ return nil, fmt.Errorf("container's cgroup is not empty: %d process(es) found", len(pids))
|
|
}
|
|
}
|
|
|
|
--
|
|
2.33.0
|
|
|