podman-3.0.0-0.8.el9
- add missing patch file Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
parent
e2e36d3fb0
commit
2931b100d2
77
8561.patch
Normal file
77
8561.patch
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
From 95c45773d7dbca2880152de681c81f0a2afec99b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matthew Heon <mheon@redhat.com>
|
||||||
|
Date: Wed, 2 Dec 2020 15:01:46 -0500
|
||||||
|
Subject: [PATCH] Do not mount sysfs as rootless in more cases
|
||||||
|
|
||||||
|
We can't mount sysfs as rootless unless we manage the network
|
||||||
|
namespace. Problem: slirp4netns is now creating and managing a
|
||||||
|
network namespace separate from the OCI runtime, so we can't
|
||||||
|
mount sysfs in many circumstances. The `crun` OCI runtime will
|
||||||
|
automatically handle this by falling back to a bind mount, but
|
||||||
|
`runc` will not, so we didn't notice until RHEL gating tests ran
|
||||||
|
on the new branch.
|
||||||
|
|
||||||
|
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
||||||
|
---
|
||||||
|
pkg/specgen/generate/oci.go | 2 +-
|
||||||
|
test/e2e/run_memory_test.go | 6 +++---
|
||||||
|
test/e2e/run_test.go | 2 +-
|
||||||
|
3 files changed, 5 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
|
||||||
|
index 8454458a8a..9649873fd1 100644
|
||||||
|
--- a/pkg/specgen/generate/oci.go
|
||||||
|
+++ b/pkg/specgen/generate/oci.go
|
||||||
|
@@ -165,7 +165,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
|
||||||
|
inUserNS = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- if inUserNS && s.NetNS.IsHost() {
|
||||||
|
+ if inUserNS && s.NetNS.NSMode != specgen.NoNetwork {
|
||||||
|
canMountSys = false
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go
|
||||||
|
index b3913c1e62..ad3a2b54fd 100644
|
||||||
|
--- a/test/e2e/run_memory_test.go
|
||||||
|
+++ b/test/e2e/run_memory_test.go
|
||||||
|
@@ -38,7 +38,7 @@ var _ = Describe("Podman run memory", func() {
|
||||||
|
var session *PodmanSessionIntegration
|
||||||
|
|
||||||
|
if CGROUPSV2 {
|
||||||
|
- session = podmanTest.Podman([]string{"run", "--memory=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.max"})
|
||||||
|
+ session = podmanTest.Podman([]string{"run", "--memory=40m", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.max"})
|
||||||
|
} else {
|
||||||
|
session = podmanTest.Podman([]string{"run", "--memory=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.limit_in_bytes"})
|
||||||
|
}
|
||||||
|
@@ -55,7 +55,7 @@ var _ = Describe("Podman run memory", func() {
|
||||||
|
var session *PodmanSessionIntegration
|
||||||
|
|
||||||
|
if CGROUPSV2 {
|
||||||
|
- session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"})
|
||||||
|
+ session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"})
|
||||||
|
} else {
|
||||||
|
session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"})
|
||||||
|
}
|
||||||
|
@@ -81,7 +81,7 @@ var _ = Describe("Podman run memory", func() {
|
||||||
|
var session *PodmanSessionIntegration
|
||||||
|
|
||||||
|
if CGROUPSV2 {
|
||||||
|
- session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"})
|
||||||
|
+ session = podmanTest.Podman([]string{"run", "--net=none", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"})
|
||||||
|
} else {
|
||||||
|
session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"})
|
||||||
|
}
|
||||||
|
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
|
||||||
|
index 0d65a3e596..5831bb2f9f 100644
|
||||||
|
--- a/test/e2e/run_test.go
|
||||||
|
+++ b/test/e2e/run_test.go
|
||||||
|
@@ -1267,7 +1267,7 @@ USER mail`
|
||||||
|
It("podman run verify pids-limit", func() {
|
||||||
|
SkipIfCgroupV1("pids-limit not supported on cgroup V1")
|
||||||
|
limit := "4321"
|
||||||
|
- session := podmanTest.Podman([]string{"run", "--pids-limit", limit, "--rm", ALPINE, "cat", "/sys/fs/cgroup/pids.max"})
|
||||||
|
+ session := podmanTest.Podman([]string{"run", "--pids-limit", limit, "--net=none", "--rm", ALPINE, "cat", "/sys/fs/cgroup/pids.max"})
|
||||||
|
session.WaitWithDefaultTimeout()
|
||||||
|
Expect(session.ExitCode()).To(Equal(0))
|
||||||
|
Expect(session.OutputToString()).To(ContainSubstring(limit))
|
Loading…
Reference in New Issue
Block a user