From cd91a40931fee4e42a18fc988507b2483905d4f2 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Mon, 23 Oct 2023 12:41:27 +0200 Subject: [PATCH 1/2] lxd/instance/drivers: Check running status with `InitPID` for cgroups Cgroup storage limits are not applied when the container starts up. That is because `IsRunning` returns `false` during the container startup. This commits fixes this issue by relying on `InitPID` instead of `IsRunning`. The former will return a positive integer if the container is running even if the container is not fully set up yet. Fixes #12343 Signed-off-by: Thomas Hipp --- lxd/instance/drivers/driver_lxc.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lxd/instance/drivers/driver_lxc.go b/lxd/instance/drivers/driver_lxc.go index 4f8ec40f988d..cfc8b24e688c 100644 --- a/lxd/instance/drivers/driver_lxc.go +++ b/lxd/instance/drivers/driver_lxc.go @@ -1746,7 +1746,10 @@ func (d *lxc) deviceHandleMounts(mounts []deviceConfig.MountEntryItem) error { // DeviceEventHandler actions the results of a RunConfig after an event has occurred on a device. func (d *lxc) DeviceEventHandler(runConf *deviceConfig.RunConfig) error { // Device events can only be processed when the container is running. - if !d.IsRunning() { + // We use InitPID here rather than IsRunning because this task can be triggered during the + // container startup process, which is during the time that the start lock is held, which causes + // IsRunning to return false (because the container hasn't fully started yet). + if d.InitPID() <= 0 { return nil } @@ -4012,8 +4015,12 @@ func (d *lxc) CGroupSet(key string, value string) error { return err } - // Make sure the container is running - if !d.IsRunning() { + // Make sure the container is running. + // We use InitPID here rather than IsRunning because this task can be triggered during the container's + // startup process, which is during the time that the start lock is held, which causes IsRunning to + // return false (because the container hasn't fully started yet) but it is sufficiently started to + // have its cgroup disk limits set. + if d.InitPID() <= 0 { return fmt.Errorf("Can't set cgroups on a stopped container") } From 6136424a2fe3b57f7f10893ab1246e7fbcf2f10a Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Mon, 23 Oct 2023 14:07:40 +0200 Subject: [PATCH 2/2] lxd/instance/drivers: Extend error message in deviceAddCgroupRules Signed-off-by: Thomas Hipp --- lxd/instance/drivers/driver_lxc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/instance/drivers/driver_lxc.go b/lxd/instance/drivers/driver_lxc.go index cfc8b24e688c..3297fcd78ac8 100644 --- a/lxd/instance/drivers/driver_lxc.go +++ b/lxd/instance/drivers/driver_lxc.go @@ -1523,7 +1523,7 @@ func (d *lxc) deviceAddCgroupRules(cgroups []deviceConfig.RunConfigItem) error { // Add the new device cgroup rule. err := d.CGroupSet(rule.Key, rule.Value) if err != nil { - return fmt.Errorf("Failed to add cgroup rule for device") + return fmt.Errorf("Failed to add cgroup rule for device: %w", err) } }