Skip to content

Commit b554b05

Browse files
ebkalderonebkalderon
committed
Fix rootless container pause/resume
It turns out that rootless `conmon`, along with `podman`/CRI-O, require `cgroup` V2 in order to pause/resume containers. This commit swaps the use of `--syslog` for `--systemd-cgroup` and documents how to set up `cgroup` V2 in the "Troubleshooting" guide in `README.md`.
1 parent 4a41b3c commit b554b05

File tree

3 files changed

+22
-2
lines changed

3 files changed

+22
-2
lines changed

README.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,3 +107,18 @@ yourself for use with `light-containerd`:
107107
USERNAME=$(whoami) # Alternatively, use a user group that you belong to.
108108
sudo usermod --add-subuids 165536-169631 --add-subgids 165536-169631 "$USERNAME"
109109
```
110+
111+
### 2) System must support `cgroup` V2
112+
113+
> Required for _container pause/resume_
114+
115+
At the time of writing, only Fedora Linux ≥31 adopts `cgroup` V2 by default.
116+
Provided you are running `systemd` ≥226 with Linux ≥4.2, you may add the
117+
following kernel boot parameter and restart to enable `cgroup` V2:
118+
119+
```text
120+
systemd.unified_cgroup_hierarchy=1
121+
```
122+
123+
This mounts both `cgroupfs` and `cgroupfs2` in a unified filesystem hierarchy,
124+
safely allowing any existing `cgroup` V1 applications to continue working.

src/container.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,8 @@ impl Container {
4545
let child = Command::new(CONMON_BIN)
4646
.stdout(Stdio::piped())
4747
.stderr(Stdio::piped())
48-
.args(&["--syslog", "--log-level=debug"])
48+
.arg("--log-level=debug")
49+
.arg("--systemd-cgroup") // Required for rootless pause/resume.
4950
.arg("--terminal") // Passes `--console-sock` to `crun`.
5051
.args(&["--cid", &id])
5152
.args(&["--cuuid", &uuid_str])

src/main.rs

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,10 @@ async fn main() -> anyhow::Result<()> {
7979
// TODO: Use `warp` to host REST endpoints.
8080
let engine = Engine::new();
8181
engine.create("busybox").await?;
82-
tokio::time::sleep(std::time::Duration::from_secs(1000)).await;
82+
tokio::time::sleep(std::time::Duration::from_secs(5)).await;
83+
engine.pause("busybox").await?;
84+
tokio::time::sleep(std::time::Duration::from_secs(5)).await;
85+
engine.resume("busybox").await?;
86+
tokio::time::sleep(std::time::Duration::from_secs(5)).await;
8387
Ok(())
8488
}

0 commit comments

Comments
 (0)