cmd/create: Use the host's cgroup namespace for the Toolbx container
Podman creates a private cgroup namespace for containers on cgroups v2 by default. The host's cgroupfs is mounted at /sys/fs/cgroup giving an inconsistent view of the cgroups. Toolbx doesn't intend to provide a segregated security domain. So, there is no need for a cgroup namespace and Toolbx containers can just use the host's namespace. Having a private cgroup namespace for containers isn't currently causing problems for any use-case, but it did come in handy when investigating how to run a non-nested display server from within a Toolbx container on a virtual terminal. Since this requires a change to the 'podman create' arguments, it's not going to have an effect on existing containers, and re-creating containers is annoying for users. So, it might be better to get ahead of the curve and do it preemptively. https://github.com/containers/toolbox/issues/992 Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
This commit is contained in:
Sebastian Wick
Debarshi Ray
parent
8bb9fc6bc4
commit
9979c275e8
1 changed files with 1 additions and 0 deletions
|
|
@ -403,6 +403,7 @@ func createContainer(container, image, release string, showCommandToEnter bool)
|
|||
createArgs := []string{
|
||||
"--log-level", logLevelString,
|
||||
"create",
|
||||
"--cgroupns", "host",
|
||||
"--dns", "none",
|
||||
"--env", toolboxPathEnvArg,
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue