Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.1] libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed. #3921

Merged
merged 1 commit into from
Jul 16, 2023
Merged

[1.1] libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed. #3921

merged 1 commit into from
Jul 16, 2023

Conversation

jiusanzhou
Copy link
Contributor

This is a backport of #3804 to release-1.1 branch. Original description follows.

In code we have frozen the cgroup to avoid the processes get an occasional "permission denied" error, while the systemd's application of device rules is done disruptively. When the processes in the container can not be frozen over 2 seconds (which defined in fs/freezer.go), we still update the cgroup which resulting the container get an occasional "permission denied" error in some cases.

Return error directly without updating cgroup, when freeze fails.

Fixes: #3803

@jiusanzhou
libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed.
6bc3f22 
In code we have frozen the cgroup to avoid the processes get
an occasional "permission denied" error, while the systemd's application of device
rules is done disruptively. When the processes in the container can not
be frozen over 2 seconds (which defined in fs/freezer.go),
we still update the cgroup which resulting the container get an occasional
"permission denied" error in some cases.

Return error directly without updating cgroup, when freeze fails.

Fixes: opencontainers#3803

Signed-off-by: Zoe <[email protected]>
@jiusanzhou
Copy link
Contributor Author

@kolyshkin PTAL

@jiusanzhou jiusanzhou mentioned this pull request Jul 4, 2023
Merged
@kolyshkin kolyshkin added this to the 1.1.8 milestone Jul 7, 2023
@lifubang lifubang merged commit 096277c into opencontainers:release-1.1 Jul 16, 2023
@AkihiroSuda AkihiroSuda mentioned this pull request Jul 18, 2023
Merged
@bzsuni bzsuni mentioned this pull request Jul 20, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kolyshkin kolyshkin kolyshkin approved these changes

@lifubang lifubang lifubang approved these changes

@AkihiroSuda AkihiroSuda Awaiting requested review from AkihiroSuda

Assignees
No one assigned
Labels
area/cgroupv1 area/systemd backport/1.1-pr A backport PR to release-1.1 status/4-merge
Projects
None yet
Milestone
1.1.8
Development

Successfully merging this pull request may close these issues.
3 participants
@jiusanzhou @lifubang @kolyshkin