From c13482501347bed6913822f5bd43f320d5911618 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 10 Nov 2025 08:45:32 -0500 Subject: [PATCH 01/25] TMT: Exclude podman packages from podman-next repo for tests podman-next copr repo packages have a much higher Epoch than packit copr packages, We should exclude the former from the testing environment as we intend to test the latter. Signed-off-by: Lokesh Mandvekar --- plans/system.fmf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/system.fmf b/plans/system.fmf index e41ffb805c3..6401ff757a9 100644 --- a/plans/system.fmf +++ b/plans/system.fmf @@ -21,7 +21,7 @@ prepare: if compgen -G $COPR_REPO_FILE > /dev/null; then sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE fi - dnf -y upgrade --allowerasing + dnf -y upgrade --allowerasing --exclude=podman* order: 20 adjust+: From 07e4b253c6605ece55c565af9096494ef6769c18 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 12 Nov 2025 09:19:48 -0500 Subject: [PATCH 02/25] Packit: Bump podman-next repo priority for cockpit tests TMT_TREE envvar is ok to use in this case as it will only be used on upstream packit tests. Signed-off-by: Lokesh Mandvekar --- contrib/packit-tmt/podman-next-setup.sh | 14 ++++++++++++++ plans/cockpit-podman.fmf | 6 ++++++ plans/system.fmf | 7 +------ 3 files changed, 21 insertions(+), 6 deletions(-) create mode 100644 contrib/packit-tmt/podman-next-setup.sh diff --git a/contrib/packit-tmt/podman-next-setup.sh b/contrib/packit-tmt/podman-next-setup.sh new file mode 100644 index 00000000000..ccfe8bf0898 --- /dev/null +++ b/contrib/packit-tmt/podman-next-setup.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -exo pipefail + +COPR_REPO_FILE="/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:rhcontainerbot:podman-next.repo" +if compgen -G "$COPR_REPO_FILE" > /dev/null; then + # We want the priority bump appended to the file, we're not looking + # to use a variable. + # shellcheck disable=SC2016 + sed -i -n '/^priority=/!p;$apriority=1' "$COPR_REPO_FILE" +fi +# We want all dependencies from podman-next except podman as podman will be fetched +# from the packit copr. +dnf -y upgrade --allowerasing --exclude=podman* diff --git a/plans/cockpit-podman.fmf b/plans/cockpit-podman.fmf index 94854701c5a..15f5a54897a 100644 --- a/plans/cockpit-podman.fmf +++ b/plans/cockpit-podman.fmf @@ -15,6 +15,12 @@ discover: execute: how: tmt +prepare: + when: initiator == packit + how: shell + script: bash $TMT_TREE/contrib/packit-tmt/podman-next-setup.sh + order: 20 + # not relevant for testing podman environment: TEST_AUDIT_NO_SELINUX: 1 diff --git a/plans/system.fmf b/plans/system.fmf index 6401ff757a9..63d9ad81b47 100644 --- a/plans/system.fmf +++ b/plans/system.fmf @@ -16,12 +16,7 @@ prepare: order: 10 - when: initiator == packit how: shell - script: | - COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo" - if compgen -G $COPR_REPO_FILE > /dev/null; then - sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE - fi - dnf -y upgrade --allowerasing --exclude=podman* + script: bash $TMT_TREE/contrib/packit-tmt/podman-next-setup.sh order: 20 adjust+: From fffb1b3ba80693858229078e7dc533f13d98a043 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 12 Nov 2025 14:30:47 -0500 Subject: [PATCH 03/25] Packit: move scripts to contrib/packit-tmt Signed-off-by: Lokesh Mandvekar --- .packit.yaml | 4 ++-- .../packit-tmt/packit-copr-rpm.sh | 9 ++++++--- .../packit-tmt/packit-rpm-git-commit.sh | 0 3 files changed, 8 insertions(+), 5 deletions(-) rename .packit-copr-rpm.sh => contrib/packit-tmt/packit-copr-rpm.sh (78%) rename .packit-rpm-git-commit.sh => contrib/packit-tmt/packit-rpm-git-commit.sh (100%) diff --git a/.packit.yaml b/.packit.yaml index 3e7827fbf31..37be3fda7ea 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -44,8 +44,8 @@ srpm_build_deps: - make actions: - fix-spec-file: "bash .packit-copr-rpm.sh" - pre-sync: "bash .packit-rpm-git-commit.sh" + fix-spec-file: "bash contrib/packit-tmt/packit-copr-rpm.sh" + pre-sync: "bash contrib/packit-tmt/packit-rpm-git-commit.sh" jobs: - job: copr_build diff --git a/.packit-copr-rpm.sh b/contrib/packit-tmt/packit-copr-rpm.sh similarity index 78% rename from .packit-copr-rpm.sh rename to contrib/packit-tmt/packit-copr-rpm.sh index 9200eaf6e53..ace24b916a7 100644 --- a/.packit-copr-rpm.sh +++ b/contrib/packit-tmt/packit-copr-rpm.sh @@ -6,16 +6,19 @@ set -exo pipefail -. .packit-rpm-git-commit.sh +TOP_GIT_DIR=$(git rev-parse --show-toplevel) + +. "$TOP_GIT_DIR"/contrib/packit-tmt/packit-rpm-git-commit.sh # Get Version from HEAD VERSION=$(grep '^const RawVersion' version/rawversion/version.go | cut -d\" -f2) # RPM Version can't take "-" -RPM_VERSION=$(echo $VERSION | sed -e 's/-/~/') +# shellcheck disable=SC2001 +RPM_VERSION=$(echo "$VERSION" | sed -e 's/-/~/') # Generate source tarball from HEAD -git-archive-all -C $(git rev-parse --show-toplevel) --prefix=$PACKAGE-$VERSION/ rpm/$PACKAGE-$VERSION.tar.gz +git-archive-all -C "$TOP_GIT_DIR" --prefix="$PACKAGE-$VERSION/" "$TOP_GIT_DIR/rpm/$PACKAGE-$VERSION.tar.gz" # RPM Spec modifications diff --git a/.packit-rpm-git-commit.sh b/contrib/packit-tmt/packit-rpm-git-commit.sh similarity index 100% rename from .packit-rpm-git-commit.sh rename to contrib/packit-tmt/packit-rpm-git-commit.sh From e860773c0d9d3a9cbe8637ed459bf7e68e257a57 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 3 Nov 2025 14:01:55 -0500 Subject: [PATCH 04/25] cmd/podman.persistentRunE(): Fatal linux check if no Cgroups v2 Will log and proceed on non-linux env. Signed-off-by: Lokesh Mandvekar --- cmd/podman/root.go | 2 ++ cmd/podman/root_cgroups_linux.go | 18 ++++++++++++++++++ cmd/podman/root_cgroups_unsupported.go | 7 +++++++ 3 files changed, 27 insertions(+) create mode 100644 cmd/podman/root_cgroups_linux.go create mode 100644 cmd/podman/root_cgroups_unsupported.go diff --git a/cmd/podman/root.go b/cmd/podman/root.go index bc4fccac657..ae9e0cf6313 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -248,6 +248,8 @@ func setupRemoteConnection(podmanConfig *entities.PodmanConfig) string { func persistentPreRunE(cmd *cobra.Command, args []string) error { logrus.Debugf("Called %s.PersistentPreRunE(%s)", cmd.Name(), strings.Join(os.Args, " ")) + checkSupportedCgroups() + // Help, completion and commands with subcommands are special cases, no need for more setup // Completion cmd is used to generate the shell scripts if cmd.Name() == "help" || cmd.Name() == "completion" || cmd.HasSubCommands() { diff --git a/cmd/podman/root_cgroups_linux.go b/cmd/podman/root_cgroups_linux.go new file mode 100644 index 00000000000..fee19873f46 --- /dev/null +++ b/cmd/podman/root_cgroups_linux.go @@ -0,0 +1,18 @@ +//go:build linux + +package main + +import ( + "github.com/sirupsen/logrus" + "go.podman.io/common/pkg/cgroups" +) + +func checkSupportedCgroups() { + unified, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + logrus.Fatalf("Error determining cgroups mode") + } + if !unified { + logrus.Fatalf("Cgroups v1 not supported") + } +} diff --git a/cmd/podman/root_cgroups_unsupported.go b/cmd/podman/root_cgroups_unsupported.go new file mode 100644 index 00000000000..0ec0c7c1d94 --- /dev/null +++ b/cmd/podman/root_cgroups_unsupported.go @@ -0,0 +1,7 @@ +//go:build !linux + +package main + +func checkSupportedCgroups() { + // NOP on Non Linux +} From f2c9fcd68fb5b0154295aef6d3b7c29d008d7087 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 3 Nov 2025 14:05:17 -0500 Subject: [PATCH 05/25] cmd/podman/containers/unpause: Remove cgroupv1 check This didn't error check for mounted cgroups, only errored for rootless cgroupsv1 containers. Safe to remove. Signed-off-by: Lokesh Mandvekar --- cmd/podman/containers/unpause.go | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/cmd/podman/containers/unpause.go b/cmd/podman/containers/unpause.go index dbde2c62e42..d6369930861 100644 --- a/cmd/podman/containers/unpause.go +++ b/cmd/podman/containers/unpause.go @@ -2,7 +2,6 @@ package containers import ( "context" - "errors" "fmt" "os" "strings" @@ -12,9 +11,7 @@ import ( "github.com/containers/podman/v6/cmd/podman/utils" "github.com/containers/podman/v6/cmd/podman/validate" "github.com/containers/podman/v6/pkg/domain/entities" - "github.com/containers/podman/v6/pkg/rootless" "github.com/spf13/cobra" - "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/completion" ) @@ -91,13 +88,6 @@ func unpause(_ *cobra.Command, args []string) error { var errs utils.OutputErrors args = utils.RemoveSlash(args) - if rootless.IsRootless() && !registry.IsRemote() { - cgroupv2, _ := cgroups.IsCgroup2UnifiedMode() - if !cgroupv2 { - return errors.New("unpause is not supported for cgroupv1 rootless containers") - } - } - for _, cidFile := range unpauseCidFiles { content, err := os.ReadFile(cidFile) if err != nil { From 4d404f1f1dd0e68281501e2e7ab6e5e1d867fe8a Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:14:07 -0500 Subject: [PATCH 06/25] libpod/container_internal*.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- libpod/container_internal.go | 41 +++---------- libpod/container_internal_linux.go | 98 ++++++------------------------ 2 files changed, 25 insertions(+), 114 deletions(-) diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 5ffe18c46e9..525329349f4 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -41,7 +41,6 @@ import ( "github.com/opencontainers/selinux/go-selinux/label" "github.com/sirupsen/logrus" "go.podman.io/common/libnetwork/etchosts" - "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/chown" "go.podman.io/common/pkg/config" "go.podman.io/common/pkg/hooks" @@ -1361,41 +1360,25 @@ func (c *Container) waitForHealthy(ctx context.Context) error { } // Whether a container should use `all` when stopping -func (c *Container) stopWithAll() (bool, error) { +func (c *Container) stopWithAll() bool { // If the container is running in a PID Namespace, then killing the // primary pid is enough to kill the container. If it is not running in // a pid namespace then the OCI Runtime needs to kill ALL processes in // the container's cgroup in order to make sure the container is stopped. all := !c.hasNamespace(spec.PIDNamespace) // We can't use --all if Cgroups aren't present. - // Rootless containers with Cgroups v1 and NoCgroups are both cases - // where this can happen. - if all { - if c.config.NoCgroups { - all = false - } else if rootless.IsRootless() { - // Only do this check if we need to - unified, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return false, err - } - if !unified { - all = false - } - } + // Rootless containers with NoCgroups is a case where this can happen. + if all && c.config.NoCgroups { + all = false } - - return all, nil + return all } // Internal, non-locking function to stop container func (c *Container) stop(timeout uint) error { logrus.Debugf("Stopping ctr %s (timeout %d)", c.ID(), timeout) - all, err := c.stopWithAll() - if err != nil { - return err - } + all := c.stopWithAll() // OK, the following code looks a bit weird but we have to make sure we can stop // containers with the restart policy always, to do this we have to set @@ -1502,7 +1485,7 @@ func (c *Container) waitForConmonToExitAndSave() error { // could open a pidfd on container PID1 before // this to get the real exit code... But I'm not // that dedicated. - all, _ := c.stopWithAll() + all := c.stopWithAll() if err := c.ociRuntime.StopContainer(c, 0, all); err != nil { logrus.Errorf("Error stopping container %s after Conmon exited prematurely: %v", c.ID(), err) } @@ -1559,16 +1542,6 @@ func (c *Container) pause() error { return fmt.Errorf("cannot pause without using Cgroups: %w", define.ErrNoCgroups) } - if rootless.IsRootless() { - cgroupv2, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return fmt.Errorf("failed to determine cgroupversion: %w", err) - } - if !cgroupv2 { - return fmt.Errorf("can not pause containers on rootless containers with cgroup V1: %w", define.ErrNoCgroups) - } - } - if c.state.HCUnitName != "" { if err := c.removeTransientFiles(context.Background(), c.config.StartupHealthCheckConfig != nil && !c.state.StartupHCPassed, diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 3bdbccf18ae..f4bd4734831 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -3,7 +3,6 @@ package libpod import ( - "errors" "fmt" "io/fs" "os" @@ -222,7 +221,7 @@ func (c *Container) reloadNetwork() error { // systemd expects to have /run, /run/lock and /tmp on tmpfs // It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal -func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error { +func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) { var containerUUIDSet bool for _, s := range c.config.Spec.Process.Env { if strings.HasPrefix(s, "container_uuid=") { @@ -265,11 +264,6 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro g.AddMount(tmpfsMnt) } - unified, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return err - } - hasCgroupNs := false for _, ns := range c.config.Spec.Linux.Namespaces { if ns.Type == spec.CgroupNamespace { @@ -278,71 +272,25 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro } } - if unified { - g.RemoveMount("/sys/fs/cgroup") + g.RemoveMount("/sys/fs/cgroup") - var systemdMnt spec.Mount - if hasCgroupNs { - systemdMnt = spec.Mount{ - Destination: "/sys/fs/cgroup", - Type: "cgroup", - Source: "cgroup", - Options: []string{"private", "rw"}, - } - } else { - systemdMnt = spec.Mount{ - Destination: "/sys/fs/cgroup", - Type: define.TypeBind, - Source: "/sys/fs/cgroup", - Options: []string{define.TypeBind, "private", "rw"}, - } + var systemdMnt spec.Mount + if hasCgroupNs { + systemdMnt = spec.Mount{ + Destination: "/sys/fs/cgroup", + Type: "cgroup", + Source: "cgroup", + Options: []string{"private", "rw"}, } - g.AddMount(systemdMnt) } else { - hasSystemdMount := MountExists(mounts, "/sys/fs/cgroup/systemd") - if hasCgroupNs && !hasSystemdMount { - return errors.New("cgroup namespace is not supported with cgroup v1 and systemd mode") - } - mountOptions := []string{define.TypeBind, "rprivate"} - - if !hasSystemdMount { - skipMount := hasSystemdMount - var statfs unix.Statfs_t - if err := unix.Statfs("/sys/fs/cgroup/systemd", &statfs); err != nil { - if errors.Is(err, os.ErrNotExist) { - // If the mount is missing on the host, we cannot bind mount it so - // just skip it. - skipMount = true - } - mountOptions = append(mountOptions, "nodev", "noexec", "nosuid") - } else { - if statfs.Flags&unix.MS_NODEV == unix.MS_NODEV { - mountOptions = append(mountOptions, "nodev") - } - if statfs.Flags&unix.MS_NOEXEC == unix.MS_NOEXEC { - mountOptions = append(mountOptions, "noexec") - } - if statfs.Flags&unix.MS_NOSUID == unix.MS_NOSUID { - mountOptions = append(mountOptions, "nosuid") - } - if statfs.Flags&unix.MS_RDONLY == unix.MS_RDONLY { - mountOptions = append(mountOptions, "ro") - } - } - if !skipMount { - systemdMnt := spec.Mount{ - Destination: "/sys/fs/cgroup/systemd", - Type: define.TypeBind, - Source: "/sys/fs/cgroup/systemd", - Options: mountOptions, - } - g.AddMount(systemdMnt) - g.AddLinuxMaskedPaths("/sys/fs/cgroup/systemd/release_agent") - } + systemdMnt = spec.Mount{ + Destination: "/sys/fs/cgroup", + Type: define.TypeBind, + Source: "/sys/fs/cgroup", + Options: []string{define.TypeBind, "private", "rw"}, } } - - return nil + g.AddMount(systemdMnt) } // Add an existing container's namespace to the spec @@ -383,16 +331,12 @@ func isRootlessCgroupSet(cgroup string) bool { } func (c *Container) expectPodCgroup() (bool, error) { - unified, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return false, err - } cgroupManager := c.CgroupManager() switch { case c.config.NoCgroups: return false, nil case cgroupManager == config.SystemdCgroupsManager: - return !rootless.IsRootless() || unified, nil + return true, nil case cgroupManager == config.CgroupfsCgroupsManager: return !rootless.IsRootless(), nil default: @@ -402,10 +346,6 @@ func (c *Container) expectPodCgroup() (bool, error) { // Get cgroup path in a format suitable for the OCI spec func (c *Container) getOCICgroupPath() (string, error) { - unified, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return "", err - } cgroupManager := c.CgroupManager() switch { case c.config.NoCgroups: @@ -423,7 +363,7 @@ func (c *Container) getOCICgroupPath() (string, error) { systemdCgroups := fmt.Sprintf("%s:libpod:%s", path.Base(c.config.CgroupParent), c.ID()) logrus.Debugf("Setting Cgroups for container %s to %s", c.ID(), systemdCgroups) return systemdCgroups, nil - case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)): + case (rootless.IsRootless() && cgroupManager == config.CgroupfsCgroupsManager): if c.config.CgroupParent == "" || !isRootlessCgroupSet(c.config.CgroupParent) { return "", nil } @@ -458,9 +398,7 @@ func (c *Container) addNetworkNamespace(g *generate.Generator) error { func (c *Container) addSystemdMounts(g *generate.Generator) error { if c.Systemd() { - if err := c.setupSystemd(g.Mounts(), *g); err != nil { - return err - } + c.setupSystemd(g.Mounts(), *g) } return nil } From 7c45f43a46b149bfbef0c8762245a8cda4962810 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 08:39:29 -0500 Subject: [PATCH 07/25] libpod/info_linux.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- libpod/info_linux.go | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/libpod/info_linux.go b/libpod/info_linux.go index c6ca56d81a6..67f1000d36e 100644 --- a/libpod/info_linux.go +++ b/libpod/info_linux.go @@ -30,14 +30,10 @@ func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error { return fmt.Errorf("getting Seccomp profile path: %w", err) } - // Cgroups version - unified, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return fmt.Errorf("reading cgroups mode: %w", err) - } - // Get Map of all available controllers - availableControllers, err := cgroups.AvailableControllers(nil, unified) + // FIXME: AvailableControllers should be further simplified once CGv1 removal + // in container-libs is complete. + availableControllers, err := cgroups.AvailableControllers(nil, true) if err != nil { return fmt.Errorf("getting available cgroup controllers: %w", err) } @@ -55,11 +51,7 @@ func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error { } info.Slirp4NetNS = define.SlirpInfo{} - cgroupVersion := "v1" - if unified { - cgroupVersion = "v2" - } - info.CgroupsVersion = cgroupVersion + info.CgroupsVersion = "v2" slirp4netnsPath := r.config.Engine.NetworkCmdPath if slirp4netnsPath == "" { From 5499b79c8e02354bbc85625349c509bd8198f24b Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 3 Nov 2025 14:28:50 -0500 Subject: [PATCH 08/25] libpod/runtime_linux.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- libpod/runtime_linux.go | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/libpod/runtime_linux.go b/libpod/runtime_linux.go index b8b6edc3de1..33c0c2cc679 100644 --- a/libpod/runtime_linux.go +++ b/libpod/runtime_linux.go @@ -12,21 +12,10 @@ import ( "github.com/containers/podman/v6/pkg/rootless" "github.com/containers/podman/v6/pkg/systemd" "github.com/sirupsen/logrus" - "go.podman.io/common/pkg/cgroups" ) func checkCgroups2UnifiedMode(runtime *Runtime) { - unified, _ := cgroups.IsCgroup2UnifiedMode() - // DELETE ON RHEL9 - if !unified { - _, ok := os.LookupEnv("PODMAN_IGNORE_CGROUPSV1_WARNING") - if !ok { - logrus.Warn("Using cgroups-v1 which is deprecated in favor of cgroups-v2 with Podman v5 and will be removed in a future version. Set environment variable `PODMAN_IGNORE_CGROUPSV1_WARNING` to hide this warning.") - } - } - // DELETE ON RHEL9 - - if unified && rootless.IsRootless() && !systemd.IsSystemdSessionValid(rootless.GetRootlessUID()) { + if rootless.IsRootless() && !systemd.IsSystemdSessionValid(rootless.GetRootlessUID()) { // If user is rootless and XDG_RUNTIME_DIR is found, podman will not proceed with /tmp directory // it will try to use existing XDG_RUNTIME_DIR // if current user has no write access to XDG_RUNTIME_DIR we will fail later From cb91d9083547cdd1524fc6dcb30011b48277e470 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 3 Nov 2025 14:29:37 -0500 Subject: [PATCH 09/25] libpod/runtime_pod_linux.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- libpod/runtime_pod_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index f5804decc07..b52b565ba5c 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -122,7 +122,7 @@ func (p *Pod) removePodCgroup() error { // hard - instead, just log errors. conmonCgroupPath := filepath.Join(p.state.CgroupPath, "conmon") conmonCgroup, err := cgroups.Load(conmonCgroupPath) - if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless { + if err != nil && err != cgroups.ErrCgroupDeleted { return fmt.Errorf("retrieving pod %s conmon cgroup: %w", p.ID(), err) } if err == nil { @@ -131,7 +131,7 @@ func (p *Pod) removePodCgroup() error { } } cgroup, err := cgroups.Load(p.state.CgroupPath) - if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless { + if err != nil && err != cgroups.ErrCgroupDeleted { return fmt.Errorf("retrieving pod %s cgroup: %w", p.ID(), err) } if err == nil { From 2e6a923f1ed31d692e960f852b31d3b551221f14 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 3 Nov 2025 14:30:55 -0500 Subject: [PATCH 10/25] pkg/domain/infra/runtime_libpod.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- pkg/domain/infra/runtime_libpod.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/pkg/domain/infra/runtime_libpod.go b/pkg/domain/infra/runtime_libpod.go index 8cfdce88a0e..3c2d02bbb04 100644 --- a/pkg/domain/infra/runtime_libpod.go +++ b/pkg/domain/infra/runtime_libpod.go @@ -20,7 +20,6 @@ import ( "github.com/containers/podman/v6/pkg/util" "github.com/sirupsen/logrus" flag "github.com/spf13/pflag" - "go.podman.io/common/pkg/cgroups" "go.podman.io/storage/pkg/idtools" "go.podman.io/storage/types" ) @@ -182,14 +181,6 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo if fs.Changed("cgroup-manager") { options = append(options, libpod.WithCgroupManager(cfg.ContainersConf.Engine.CgroupManager)) - } else { - unified, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return nil, err - } - if rootless.IsRootless() && !unified { - options = append(options, libpod.WithCgroupManager("cgroupfs")) - } } // TODO flag to set libpod static dir? From 72f8a01d9d4176e35ea0ef179356b53496ab7fd7 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 3 Nov 2025 14:37:52 -0500 Subject: [PATCH 11/25] pkg/specgen/generate/validate_linux.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- pkg/specgen/generate/validate_linux.go | 175 +------------------------ 1 file changed, 3 insertions(+), 172 deletions(-) diff --git a/pkg/specgen/generate/validate_linux.go b/pkg/specgen/generate/validate_linux.go index 317854fd27a..db129972c82 100644 --- a/pkg/specgen/generate/validate_linux.go +++ b/pkg/specgen/generate/validate_linux.go @@ -3,173 +3,17 @@ package generate import ( - "errors" - "fmt" "os" "path/filepath" - "reflect" - "github.com/containers/podman/v6/pkg/rootless" "github.com/containers/podman/v6/pkg/specgen" - "github.com/opencontainers/runtime-spec/specs-go" "go.podman.io/common/pkg/cgroups" - "go.podman.io/common/pkg/sysinfo" "go.podman.io/storage/pkg/fileutils" ) -// Verify resource limits are sanely set when running on cgroup v1. -func verifyContainerResourcesCgroupV1(s *specgen.SpecGenerator) ([]string, error) { - warnings := []string{} - - sysInfo := sysinfo.New(true) - - // If ResourceLimits is nil, return without warning - resourceNil := &specgen.SpecGenerator{} - resourceNil.ResourceLimits = &specs.LinuxResources{} - if s.ResourceLimits == nil || reflect.DeepEqual(s.ResourceLimits, resourceNil.ResourceLimits) { - return nil, nil - } - - // Cgroups V1 rootless system does not support Resource limits - if rootless.IsRootless() { - s.ResourceLimits = nil - return []string{"Resource limits are not supported and ignored on cgroups V1 rootless systems"}, nil - } - - if s.ResourceLimits.Unified != nil { - return nil, errors.New("cannot use --cgroup-conf without cgroup v2") - } - - // Memory checks - if s.ResourceLimits.Memory != nil { - memory := s.ResourceLimits.Memory - if memory.Limit != nil && !sysInfo.MemoryLimit { - warnings = append(warnings, "Your kernel does not support memory limit capabilities or the cgroup is not mounted. Limitation discarded.") - memory.Limit = nil - memory.Swap = nil - } - if memory.Limit != nil && memory.Swap != nil && !sysInfo.SwapLimit { - warnings = append(warnings, "Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.") - memory.Swap = nil - } - if memory.Limit != nil && memory.Swap != nil && *memory.Swap < *memory.Limit { - return warnings, errors.New("minimum memoryswap limit should be larger than memory limit, see usage") - } - if memory.Limit == nil && memory.Swap != nil { - return warnings, errors.New("you should always set a memory limit when using a memoryswap limit, see usage") - } - if memory.Swappiness != nil { - if !sysInfo.MemorySwappiness { - warnings = append(warnings, "Your kernel does not support memory swappiness capabilities, or the cgroup is not mounted. Memory swappiness discarded.") - memory.Swappiness = nil - } else if *memory.Swappiness > 100 { - return warnings, fmt.Errorf("invalid value: %v, valid memory swappiness range is 0-100", *memory.Swappiness) - } - } - if memory.Reservation != nil && !sysInfo.MemoryReservation { - warnings = append(warnings, "Your kernel does not support memory soft limit capabilities or the cgroup is not mounted. Limitation discarded.") - memory.Reservation = nil - } - if memory.Limit != nil && memory.Reservation != nil && *memory.Limit < *memory.Reservation { - return warnings, errors.New("minimum memory limit cannot be less than memory reservation limit, see usage") - } - if memory.DisableOOMKiller != nil && *memory.DisableOOMKiller && !sysInfo.OomKillDisable { - warnings = append(warnings, "Your kernel does not support OomKillDisable. OomKillDisable discarded.") - memory.DisableOOMKiller = nil - } - } - - // Pids checks - if s.ResourceLimits.Pids != nil { - // TODO: Should this be 0, or checking that ResourceLimits.Pids - // is set at all? - if s.ResourceLimits.Pids.Limit >= 0 && !sysInfo.PidsLimit { - warnings = append(warnings, "Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.") - s.ResourceLimits.Pids = nil - } - } - - // CPU checks - if s.ResourceLimits.CPU != nil { - cpu := s.ResourceLimits.CPU - if cpu.Shares != nil && !sysInfo.CPUShares { - warnings = append(warnings, "Your kernel does not support CPU shares or the cgroup is not mounted. Shares discarded.") - cpu.Shares = nil - } - if cpu.Period != nil && !sysInfo.CPUCfsPeriod { - warnings = append(warnings, "Your kernel does not support CPU cfs period or the cgroup is not mounted. Period discarded.") - cpu.Period = nil - } - if cpu.Period != nil && (*cpu.Period < 1000 || *cpu.Period > 1000000) { - return warnings, errors.New("CPU cfs period cannot be less than 1ms (i.e. 1000) or larger than 1s (i.e. 1000000)") - } - if cpu.Quota != nil && !sysInfo.CPUCfsQuota { - warnings = append(warnings, "Your kernel does not support CPU cfs quota or the cgroup is not mounted. Quota discarded.") - cpu.Quota = nil - } - if cpu.Quota != nil && *cpu.Quota < 1000 { - return warnings, errors.New("CPU cfs quota cannot be less than 1ms (i.e. 1000)") - } - if (cpu.Cpus != "" || cpu.Mems != "") && !sysInfo.Cpuset { - warnings = append(warnings, "Your kernel does not support cpuset or the cgroup is not mounted. CPUset discarded.") - cpu.Cpus = "" - cpu.Mems = "" - } - - cpusAvailable, err := sysInfo.IsCpusetCpusAvailable(cpu.Cpus) - if err != nil { - return warnings, fmt.Errorf("invalid value %s for cpuset cpus", cpu.Cpus) - } - if !cpusAvailable { - return warnings, fmt.Errorf("requested CPUs are not available - requested %s, available: %s", cpu.Cpus, sysInfo.Cpus) - } - - memsAvailable, err := sysInfo.IsCpusetMemsAvailable(cpu.Mems) - if err != nil { - return warnings, fmt.Errorf("invalid value %s for cpuset mems", cpu.Mems) - } - if !memsAvailable { - return warnings, fmt.Errorf("requested memory nodes are not available - requested %s, available: %s", cpu.Mems, sysInfo.Mems) - } - } - - // Blkio checks - if s.ResourceLimits.BlockIO != nil { - blkio := s.ResourceLimits.BlockIO - if blkio.Weight != nil && !sysInfo.BlkioWeight { - warnings = append(warnings, "Your kernel does not support Block I/O weight or the cgroup is not mounted. Weight discarded.") - blkio.Weight = nil - } - if blkio.Weight != nil && (*blkio.Weight > 1000 || *blkio.Weight < 10) { - return warnings, errors.New("range of blkio weight is from 10 to 1000") - } - if len(blkio.WeightDevice) > 0 && !sysInfo.BlkioWeightDevice { - warnings = append(warnings, "Your kernel does not support Block I/O weight_device or the cgroup is not mounted. Weight-device discarded.") - blkio.WeightDevice = nil - } - if len(blkio.ThrottleReadBpsDevice) > 0 && !sysInfo.BlkioReadBpsDevice { - warnings = append(warnings, "Your kernel does not support BPS Block I/O read limit or the cgroup is not mounted. Block I/O BPS read limit discarded") - blkio.ThrottleReadBpsDevice = nil - } - if len(blkio.ThrottleWriteBpsDevice) > 0 && !sysInfo.BlkioWriteBpsDevice { - warnings = append(warnings, "Your kernel does not support BPS Block I/O write limit or the cgroup is not mounted. Block I/O BPS write limit discarded.") - blkio.ThrottleWriteBpsDevice = nil - } - if len(blkio.ThrottleReadIOPSDevice) > 0 && !sysInfo.BlkioReadIOpsDevice { - warnings = append(warnings, "Your kernel does not support IOPS Block read limit or the cgroup is not mounted. Block I/O IOPS read limit discarded.") - blkio.ThrottleReadIOPSDevice = nil - } - if len(blkio.ThrottleWriteIOPSDevice) > 0 && !sysInfo.BlkioWriteIOpsDevice { - warnings = append(warnings, "Your kernel does not support IOPS Block I/O write limit or the cgroup is not mounted. Block I/O IOPS write limit discarded.") - blkio.ThrottleWriteIOPSDevice = nil - } - } - - return warnings, nil -} - -// Verify resource limits are sanely set when running on cgroup v2. -func verifyContainerResourcesCgroupV2(s *specgen.SpecGenerator) ([]string, error) { +// Verify resource limits are sanely set, removing any limits that are not +// possible with the current cgroups config. +func verifyContainerResources(s *specgen.SpecGenerator) ([]string, error) { warnings := []string{} if s.ResourceLimits == nil { @@ -221,16 +65,3 @@ func verifyContainerResourcesCgroupV2(s *specgen.SpecGenerator) ([]string, error } return warnings, nil } - -// Verify resource limits are sanely set, removing any limits that are not -// possible with the current cgroups config. -func verifyContainerResources(s *specgen.SpecGenerator) ([]string, error) { - cgroup2, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return []string{}, err - } - if cgroup2 { - return verifyContainerResourcesCgroupV2(s) - } - return verifyContainerResourcesCgroupV1(s) -} From faa551a9219aa73d16058107631a697adbc90bb8 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:18:12 -0500 Subject: [PATCH 12/25] libpod/runtime_ctr.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- libpod/runtime_ctr.go | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 3f0c0958a7a..65c8b832ac8 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -28,7 +28,6 @@ import ( "github.com/opencontainers/runtime-tools/generate" "github.com/sirupsen/logrus" "go.podman.io/common/libnetwork/types" - "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/config" "go.podman.io/storage" "go.podman.io/storage/pkg/stringid" @@ -861,18 +860,6 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, opts ctrRmO } if c.state.State == define.ContainerStatePaused { - isV2, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - retErr = err - return removedCtrs, removedPods, retErr - } - // cgroups v1 and v2 handle signals on paused processes differently - if !isV2 { - if err := c.unpause(); err != nil { - retErr = err - return removedCtrs, removedPods, retErr - } - } if err := c.ociRuntime.KillContainer(c, 9, false); err != nil { retErr = err return removedCtrs, removedPods, retErr From a12b3e97d27e0791aca76a6fb9a62db7a627ec6e Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:20:10 -0500 Subject: [PATCH 13/25] libpod/runtime.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- libpod/runtime.go | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/libpod/runtime.go b/libpod/runtime.go index ffc6aed3832..5b50c7d7e98 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -34,7 +34,6 @@ import ( "go.podman.io/common/libimage" "go.podman.io/common/libnetwork/network" nettypes "go.podman.io/common/libnetwork/types" - "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/config" artStore "go.podman.io/common/pkg/libartifact/store" "go.podman.io/common/pkg/secrets" @@ -179,11 +178,7 @@ func newRuntimeFromConfig(ctx context.Context, conf *config.Config, options ...R runtime := new(Runtime) if conf.Engine.OCIRuntime == "" { - conf.Engine.OCIRuntime = "runc" - // If we're running on cgroups v2, default to using crun. - if onCgroupsv2, _ := cgroups.IsCgroup2UnifiedMode(); onCgroupsv2 { - conf.Engine.OCIRuntime = "crun" - } + conf.Engine.OCIRuntime = "crun" } runtime.config = conf @@ -543,8 +538,7 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { // and no valid systemd session is present // warn only whenever new namespace is created if runtime.config.Engine.CgroupManager == config.SystemdCgroupsManager { - unified, _ := cgroups.IsCgroup2UnifiedMode() - if unified && rootless.IsRootless() && !systemd.IsSystemdSessionValid(rootless.GetRootlessUID()) { + if rootless.IsRootless() && !systemd.IsSystemdSessionValid(rootless.GetRootlessUID()) { logrus.Debug("Invalid systemd user session for current user") } } From 06bc277ad852862f333e630ea83b6f18b4070ae0 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:21:20 -0500 Subject: [PATCH 14/25] libpod/util_linux.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- libpod/util_linux.go | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/libpod/util_linux.go b/libpod/util_linux.go index a6f4d1e7bf8..f264d796952 100644 --- a/libpod/util_linux.go +++ b/libpod/util_linux.go @@ -21,13 +21,7 @@ import ( ) func cgroupExist(path string) bool { - cgroupv2, _ := cgroups.IsCgroup2UnifiedMode() - var fullPath string - if cgroupv2 { - fullPath = filepath.Join("/sys/fs/cgroup", path) - } else { - fullPath = filepath.Join("/sys/fs/cgroup/memory", path) - } + fullPath := filepath.Join("/sys/fs/cgroup", path) return fileutils.Exists(fullPath) == nil } From c98c50ec76d217feb789042a70759adf7196ce3e Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:22:17 -0500 Subject: [PATCH 15/25] libpod/pod_api.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- libpod/pod_api.go | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/libpod/pod_api.go b/libpod/pod_api.go index 5fa533526fc..15fadbe6c69 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -10,10 +10,8 @@ import ( "github.com/containers/podman/v6/libpod/define" "github.com/containers/podman/v6/libpod/events" "github.com/containers/podman/v6/pkg/parallel" - "github.com/containers/podman/v6/pkg/rootless" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" - "go.podman.io/common/pkg/cgroups" ) // startInitContainers starts a pod's init containers. @@ -341,16 +339,6 @@ func (p *Pod) Pause(ctx context.Context) (map[string]error, error) { return nil, define.ErrPodRemoved } - if rootless.IsRootless() { - cgroupv2, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return nil, fmt.Errorf("failed to determine cgroupversion: %w", err) - } - if !cgroupv2 { - return nil, fmt.Errorf("can not pause pods containing rootless containers with cgroup V1: %w", define.ErrNoCgroups) - } - } - allCtrs, err := p.runtime.state.PodContainers(p) if err != nil { return nil, err From 850bae519e61861ea1e4bc7e661520de7986f9b4 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:26:01 -0500 Subject: [PATCH 16/25] pkg/specgen/namespaces.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- pkg/specgen/namespaces.go | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index f9bb4ef6f0e..0ccd75038cc 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -14,7 +14,6 @@ import ( spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "go.podman.io/common/libnetwork/types" - "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/config" "go.podman.io/storage/pkg/fileutils" "go.podman.io/storage/pkg/unshare" @@ -262,26 +261,14 @@ func ParseNamespace(ns string) (Namespace, error) { // ParseCgroupNamespace parses a cgroup namespace specification in string // form. func ParseCgroupNamespace(ns string) (Namespace, error) { - toReturn := Namespace{} - // Cgroup is host for v1, private for v2. - // We can't trust c/common for this, as it only assumes private. - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return toReturn, err - } - if cgroupsv2 { - switch ns { - case "host": - toReturn.NSMode = Host - case "private", "": - toReturn.NSMode = Private - default: - return toReturn, fmt.Errorf("unrecognized cgroup namespace mode %s passed", ns) - } - } else { - toReturn.NSMode = Host + switch ns { + case "host": + return Namespace{NSMode: Host}, nil + case "private", "": + return Namespace{NSMode: Private}, nil + default: + return Namespace{}, fmt.Errorf("unrecognized cgroup namespace mode %s passed", ns) } - return toReturn, nil } // ParseIPCNamespace parses an ipc namespace specification in string From a994aef3300df1d72233205390923ed782a7bd09 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:28:22 -0500 Subject: [PATCH 17/25] pkg/domain/infra/abi/pods_stats.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- pkg/domain/infra/abi/pods_stats.go | 12 ------------ pkg/specgen/generate/oci_linux.go | 6 ------ 2 files changed, 18 deletions(-) diff --git a/pkg/domain/infra/abi/pods_stats.go b/pkg/domain/infra/abi/pods_stats.go index 4f381ac742d..e5b02433aa5 100644 --- a/pkg/domain/infra/abi/pods_stats.go +++ b/pkg/domain/infra/abi/pods_stats.go @@ -11,23 +11,11 @@ import ( "github.com/containers/podman/v6/libpod" "github.com/containers/podman/v6/libpod/define" "github.com/containers/podman/v6/pkg/domain/entities" - "github.com/containers/podman/v6/pkg/rootless" "github.com/docker/go-units" - "go.podman.io/common/pkg/cgroups" ) // PodStats implements printing stats about pods. func (ic *ContainerEngine) PodStats(_ context.Context, namesOrIds []string, options entities.PodStatsOptions) ([]*entities.PodStatsReport, error) { - // Cgroups v2 check for rootless. - if rootless.IsRootless() { - unified, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return nil, err - } - if !unified { - return nil, errors.New("pod stats is not supported in rootless mode without cgroups v2") - } - } // Get the (running) pods and convert them to the entities format. pods, err := getPodsByContext(options.All, options.Latest, namesOrIds, ic.Libpod) if err != nil { diff --git a/pkg/specgen/generate/oci_linux.go b/pkg/specgen/generate/oci_linux.go index f07a1cec480..8d5a08fa2ae 100644 --- a/pkg/specgen/generate/oci_linux.go +++ b/pkg/specgen/generate/oci_linux.go @@ -18,7 +18,6 @@ import ( "github.com/opencontainers/runtime-tools/generate" "github.com/sirupsen/logrus" "go.podman.io/common/libimage" - "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/config" "golang.org/x/sys/unix" ) @@ -65,11 +64,6 @@ func getCgroupPermissions(unmask []string) string { rw := "rw" cgroup := "/sys/fs/cgroup" - cgroupv2, _ := cgroups.IsCgroup2UnifiedMode() - if !cgroupv2 { - return ro - } - if len(unmask) != 0 && unmask[0] == "ALL" { return rw } From 30d07aa0c82a8ee350875ae4472f00725e7aaa90 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:29:14 -0500 Subject: [PATCH 18/25] pkg/domain/infra/abi/containers.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- pkg/domain/infra/abi/containers.go | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index 63d2ad7efb1..75314e45710 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -34,7 +34,6 @@ import ( "github.com/containers/podman/v6/pkg/util" "github.com/hashicorp/go-multierror" "github.com/sirupsen/logrus" - "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/config" "go.podman.io/image/v5/manifest" "go.podman.io/storage" @@ -1620,15 +1619,6 @@ func (ic *ContainerEngine) ContainerStats(ctx context.Context, namesOrIds []stri if options.Interval < 1 { return nil, errors.New("invalid interval, must be a positive number greater zero") } - if rootless.IsRootless() { - unified, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return nil, err - } - if !unified { - return nil, errors.New("stats is not supported in rootless mode without cgroups v2") - } - } statsChan = make(chan entities.ContainerStatsReport, 1) var containerFunc func() ([]*libpod.Container, error) From 5d7358d2bf8e9ad0f25585ff21db19aa69e97d19 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:30:27 -0500 Subject: [PATCH 19/25] pkg/api/handlers/libpod/containers_stats.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- pkg/api/handlers/libpod/containers_stats.go | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/pkg/api/handlers/libpod/containers_stats.go b/pkg/api/handlers/libpod/containers_stats.go index fe312ea7ca8..c3d318637c7 100644 --- a/pkg/api/handlers/libpod/containers_stats.go +++ b/pkg/api/handlers/libpod/containers_stats.go @@ -4,7 +4,6 @@ package libpod import ( "encoding/json" - "errors" "fmt" "net/http" @@ -13,25 +12,14 @@ import ( api "github.com/containers/podman/v6/pkg/api/types" "github.com/containers/podman/v6/pkg/domain/entities" "github.com/containers/podman/v6/pkg/domain/infra/abi" - "github.com/containers/podman/v6/pkg/rootless" "github.com/gorilla/schema" "github.com/sirupsen/logrus" - "go.podman.io/common/pkg/cgroups" ) func StatsContainer(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) - // Check if service is running rootless (cheap check) - if rootless.IsRootless() { - // if so, then verify cgroup v2 available (more expensive check) - if isV2, _ := cgroups.IsCgroup2UnifiedMode(); !isV2 { - utils.Error(w, http.StatusConflict, errors.New("container stats resource only available for cgroup v2")) - return - } - } - query := struct { Containers []string `schema:"containers"` Stream bool `schema:"stream"` From 6f43a666292f9a53f4c0bb28e6e99f44a992c715 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:31:49 -0500 Subject: [PATCH 20/25] cmd/podman/system/service_abi_linux.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- cmd/podman/system/service_abi_linux.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/cmd/podman/system/service_abi_linux.go b/cmd/podman/system/service_abi_linux.go index 5532143f12a..6282efc2070 100644 --- a/cmd/podman/system/service_abi_linux.go +++ b/cmd/podman/system/service_abi_linux.go @@ -3,7 +3,6 @@ package system import ( - "github.com/containers/podman/v6/pkg/rootless" "github.com/sirupsen/logrus" "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/servicereaper" @@ -15,11 +14,6 @@ func maybeStartServiceReaper() { } func maybeMoveToSubCgroup() { - cgroupv2, _ := cgroups.IsCgroup2UnifiedMode() - if rootless.IsRootless() && !cgroupv2 { - logrus.Warnf("Running 'system service' in rootless mode without cgroup v2, containers won't survive a 'system service' restart") - } - if err := cgroups.MaybeMoveToSubCgroup(); err != nil { // it is a best effort operation, so just print the // error for debugging purposes. From 5e02967fd7aa72df40686da8d43e4a997f3cfa93 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:34:25 -0500 Subject: [PATCH 21/25] pkg/api/handlers/compat/containers_create.go: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- pkg/api/handlers/compat/containers_create.go | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go index 51759de3cfd..4855b56b66a 100644 --- a/pkg/api/handlers/compat/containers_create.go +++ b/pkg/api/handlers/compat/containers_create.go @@ -27,7 +27,6 @@ import ( "github.com/docker/docker/api/types/mount" "go.podman.io/common/libimage" "go.podman.io/common/libnetwork/types" - "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/config" "go.podman.io/storage" "go.podman.io/storage/pkg/fileutils" @@ -575,11 +574,7 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C cliOpts.MemoryReservation = strconv.Itoa(int(cc.HostConfig.MemoryReservation)) } - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return nil, nil, err - } - if cc.HostConfig.MemorySwap > 0 && (!rootless.IsRootless() || (rootless.IsRootless() && cgroupsv2)) { + if cc.HostConfig.MemorySwap > 0 { cliOpts.MemorySwap = strconv.Itoa(int(cc.HostConfig.MemorySwap)) } @@ -600,7 +595,7 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C cliOpts.Restart = policy } - if cc.HostConfig.MemorySwappiness != nil && (!rootless.IsRootless() || rootless.IsRootless() && cgroupsv2 && rtc.Engine.CgroupManager == "systemd") { + if cc.HostConfig.MemorySwappiness != nil && (!rootless.IsRootless() || rootless.IsRootless() && rtc.Engine.CgroupManager == "systemd") { cliOpts.MemorySwappiness = *cc.HostConfig.MemorySwappiness } else { cliOpts.MemorySwappiness = -1 From 4970fd26e4115ee0f6ba9bf5155ae60c98e37ba1 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:42:08 -0500 Subject: [PATCH 22/25] test/e2e: delete CgV1 skips, delete tests skipped on Cgv2 Signed-off-by: Lokesh Mandvekar --- test/e2e/cleanup_test.go | 1 - test/e2e/common_test.go | 27 ----- test/e2e/container_clone_test.go | 3 - test/e2e/containers_conf_test.go | 7 -- test/e2e/cp_test.go | 1 - test/e2e/create_test.go | 2 - test/e2e/generate_kube_test.go | 2 - test/e2e/generate_spec_test.go | 11 +- test/e2e/info_test.go | 1 - test/e2e/kill_test.go | 1 - test/e2e/network_connect_disconnect_test.go | 2 - test/e2e/pause_test.go | 22 ++-- test/e2e/pod_create_test.go | 2 - test/e2e/pod_infra_container_test.go | 1 - test/e2e/pod_kill_test.go | 1 - test/e2e/pod_pause_test.go | 4 - test/e2e/pod_ps_test.go | 1 - test/e2e/pod_stats_test.go | 7 -- test/e2e/run_cgroup_parent_test.go | 5 - test/e2e/run_cpu_test.go | 78 +++----------- test/e2e/run_memory_test.go | 43 +------- test/e2e/run_ns_test.go | 2 - test/e2e/run_selinux_test.go | 1 - test/e2e/run_test.go | 110 ++++---------------- test/e2e/stats_test.go | 7 -- test/e2e/systemd_test.go | 4 - test/e2e/toolbox_test.go | 1 - test/e2e/update_test.go | 59 +---------- 28 files changed, 52 insertions(+), 354 deletions(-) diff --git a/test/e2e/cleanup_test.go b/test/e2e/cleanup_test.go index ed8effd5099..cab7e90ba7d 100644 --- a/test/e2e/cleanup_test.go +++ b/test/e2e/cleanup_test.go @@ -97,7 +97,6 @@ var _ = Describe("Podman container cleanup", func() { }) It("podman cleanup paused container", func() { - SkipIfRootlessCgroupsV1("Pause is not supported in cgroups v1") session := podmanTest.RunTopContainer("paused") session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index e5a29931d2e..514167ce53c 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -38,7 +38,6 @@ import ( . "github.com/onsi/gomega" . "github.com/onsi/gomega/gexec" "github.com/sirupsen/logrus" - "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/libartifact" "go.podman.io/storage/pkg/ioutils" "go.podman.io/storage/pkg/lockfile" @@ -53,7 +52,6 @@ var ( CGROUP_MANAGER = "systemd" RESTORE_IMAGES = []string{ALPINE, BB, NGINX_IMAGE} defaultWaitTimeout = 90 - CGROUPSV2, _ = cgroups.IsCgroup2UnifiedMode() ) // PodmanTestIntegration struct for command line options @@ -1080,13 +1078,6 @@ func SkipIfRunc(p *PodmanTestIntegration, reason string) { } } -func SkipIfRootlessCgroupsV1(reason string) { - checkReason(reason) - if isRootless() && !CGROUPSV2 { - Skip("[rootless]: " + reason) - } -} - func SkipIfRootless(reason string) { checkReason(reason) if isRootless() { @@ -1179,24 +1170,6 @@ func isRootless() bool { return os.Geteuid() != 0 } -func isCgroupsV1() bool { - return !CGROUPSV2 -} - -func SkipIfCgroupV1(reason string) { - checkReason(reason) - if isCgroupsV1() { - Skip(reason) - } -} - -func SkipIfCgroupV2(reason string) { - checkReason(reason) - if CGROUPSV2 { - Skip(reason) - } -} - func isContainerized() bool { // This is set to "podman" by podman automatically return os.Getenv("container") != "" diff --git a/test/e2e/container_clone_test.go b/test/e2e/container_clone_test.go index c19b27b4c4d..b0379fcd1ed 100644 --- a/test/e2e/container_clone_test.go +++ b/test/e2e/container_clone_test.go @@ -15,7 +15,6 @@ var _ = Describe("Podman container clone", func() { }) It("podman container clone basic test", func() { - SkipIfRootlessCgroupsV1("starting a container with the memory limits not supported") create := podmanTest.Podman([]string{"create", ALPINE}) create.WaitWithDefaultTimeout() Expect(create).To(ExitCleanly()) @@ -68,7 +67,6 @@ var _ = Describe("Podman container clone", func() { }) It("podman container clone resource limits override", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") create := podmanTest.Podman([]string{"create", "--cpus=5", ALPINE}) create.WaitWithDefaultTimeout() Expect(create).To(ExitCleanly()) @@ -143,7 +141,6 @@ var _ = Describe("Podman container clone", func() { }) It("podman container clone in a pod", func() { - SkipIfRootlessCgroupsV1("starting a container with the memory limits not supported") run := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:1234", ALPINE, "sleep", "20"}) run.WaitWithDefaultTimeout() Expect(run).To(ExitCleanly()) diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 314c434c524..4352212f962 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -30,7 +30,6 @@ var _ = Describe("Verify podman containers.conf usage", func() { }) It("limits test", func() { - SkipIfRootlessCgroupsV1("Setting limits not supported on cgroupv1 for rootless users") // containers.conf is set to "nofile=500:500" session := podmanTest.Podman([]string{"run", "--rm", fedoraMinimal, "ulimit", "-n"}) session.WaitWithDefaultTimeout() @@ -56,7 +55,6 @@ var _ = Describe("Verify podman containers.conf usage", func() { }) It("oom-score-adj", func() { - SkipIfRootlessCgroupsV1("Setting limits not supported on cgroupv1 for rootless users") // containers.conf is set to "oom_score_adj=999" session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "cat", "/proc/self/oom_score_adj"}) session.WaitWithDefaultTimeout() @@ -86,9 +84,6 @@ var _ = Describe("Verify podman containers.conf usage", func() { }) It("cgroup_conf in containers.conf", func() { - if isCgroupsV1() { - Skip("Setting cgroup_confs not supported on cgroupv1") - } // FIXME: Needs crun-1.8.2-2 to allow this with --cgroup-manager=cgroupfs, once this is available remove the skip below. SkipIfRootless("--cgroup-manager=cgoupfs and --cgroup-conf not supported in rootless mode with crun") conffile := filepath.Join(podmanTest.TempDir, "container.conf") @@ -147,7 +142,6 @@ var _ = Describe("Verify podman containers.conf usage", func() { }) It("add capabilities", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1") cap := podmanTest.Podman([]string{"run", ALPINE, "grep", "CapEff", "/proc/self/status"}) cap.WaitWithDefaultTimeout() Expect(cap).Should(ExitCleanly()) @@ -193,7 +187,6 @@ var _ = Describe("Verify podman containers.conf usage", func() { }) verifyNSHandling := func(nspath, option string) { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") os.Setenv("CONTAINERS_CONF", "config/containers-ns.conf") if IsRemote() { podmanTest.RestartRemoteService() diff --git a/test/e2e/cp_test.go b/test/e2e/cp_test.go index 3000a54ee07..584677fdda7 100644 --- a/test/e2e/cp_test.go +++ b/test/e2e/cp_test.go @@ -72,7 +72,6 @@ var _ = Describe("Podman cp", func() { // Copy a file to the container, then back to the host in --pid=host It("podman cp --pid=host file", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") srcFile, err := os.CreateTemp("", "") Expect(err).ToNot(HaveOccurred()) defer srcFile.Close() diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index 4eb42140de0..32de6cdccbe 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -426,7 +426,6 @@ var _ = Describe("Podman create", func() { }) It("podman create with -m 1000000 sets swap to 2000000", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") numMem := 1000000 ctrName := "testCtr" session := podmanTest.Podman([]string{"create", "-t", "-m", fmt.Sprintf("%db", numMem), "--name", ctrName, ALPINE, "/bin/sh"}) @@ -441,7 +440,6 @@ var _ = Describe("Podman create", func() { }) It("podman create --cpus 5 sets nanocpus", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") numCpus := 5 nanoCPUs := numCpus * 1000000000 ctrName := "testCtr" diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index bc3fd5fe4e3..76f0efb73fe 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -609,7 +609,6 @@ var _ = Describe("Podman kube generate", func() { }) It("on pod with memory limit", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") podName := "testMemoryLimit" podSession := podmanTest.Podman([]string{"pod", "create", "--name", podName}) podSession.WaitWithDefaultTimeout() @@ -635,7 +634,6 @@ var _ = Describe("Podman kube generate", func() { }) It("on pod with cpu limit", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") podName := "testCpuLimit" podSession := podmanTest.Podman([]string{"pod", "create", "--name", podName}) podSession.WaitWithDefaultTimeout() diff --git a/test/e2e/generate_spec_test.go b/test/e2e/generate_spec_test.go index aebb364913b..b68d850dc24 100644 --- a/test/e2e/generate_spec_test.go +++ b/test/e2e/generate_spec_test.go @@ -8,7 +8,6 @@ import ( . "github.com/containers/podman/v6/test/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gexec" ) var _ = Describe("Podman generate spec", func() { @@ -23,7 +22,6 @@ var _ = Describe("Podman generate spec", func() { }) It("podman generate spec basic usage", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") session := podmanTest.Podman([]string{"create", "--cpus", "5", "--name", "specgen", ALPINE}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) @@ -34,7 +32,6 @@ var _ = Describe("Podman generate spec", func() { }) It("podman generate spec file", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") session := podmanTest.Podman([]string{"create", "--cpus", "5", "--name", "specgen", ALPINE}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) @@ -58,12 +55,6 @@ var _ = Describe("Podman generate spec", func() { session = podmanTest.Podman([]string{"generate", "spec", "--compact", "podspecgen"}) session.WaitWithDefaultTimeout() - - if isRootless() && !CGROUPSV2 { - Expect(session).Should(Exit(0)) - Expect(session.ErrorToString()).Should(ContainSubstring("Resource limits are not supported and ignored on cgroups V1 rootless")) - } else { - Expect(session).Should(ExitCleanly()) - } + Expect(session).Should(ExitCleanly()) }) }) diff --git a/test/e2e/info_test.go b/test/e2e/info_test.go index b4823a4c772..73b14ec0fa0 100644 --- a/test/e2e/info_test.go +++ b/test/e2e/info_test.go @@ -133,7 +133,6 @@ var _ = Describe("Podman Info", func() { It("Podman info must contain cgroupControllers with RelevantControllers", func() { SkipIfRootless("Hard to tell which controllers are going to be enabled for rootless") - SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users") session := podmanTest.Podman([]string{"info", "--format", "{{.Host.CgroupControllers}}"}) session.WaitWithDefaultTimeout() Expect(session).To(ExitCleanly()) diff --git a/test/e2e/kill_test.go b/test/e2e/kill_test.go index 7c8a4a7f8db..10e72ace591 100644 --- a/test/e2e/kill_test.go +++ b/test/e2e/kill_test.go @@ -107,7 +107,6 @@ var _ = Describe("Podman kill", func() { }) It("podman kill paused container", func() { - SkipIfRootlessCgroupsV1("pause is not supported for cgroupv1 rootless") ctrName := "testctr" session := podmanTest.RunTopContainer(ctrName) session.WaitWithDefaultTimeout() diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go index 301f6b82027..9113fc4522f 100644 --- a/test/e2e/network_connect_disconnect_test.go +++ b/test/e2e/network_connect_disconnect_test.go @@ -49,7 +49,6 @@ var _ = Describe("Podman network connect and disconnect", func() { }) It("podman network disconnect", func() { - SkipIfRootlessCgroupsV1("stats not supported under rootless CgroupsV1") netName := "aliasTest" + stringid.GenerateRandomID() session := podmanTest.Podman([]string{"network", "create", netName}) session.WaitWithDefaultTimeout() @@ -170,7 +169,6 @@ var _ = Describe("Podman network connect and disconnect", func() { }) It("podman network connect", func() { - SkipIfRootlessCgroupsV1("stats not supported under rootless CgroupsV1") netName := "aliasTest" + stringid.GenerateRandomID() session := podmanTest.Podman([]string{"network", "create", netName}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/pause_test.go b/test/e2e/pause_test.go index c70b6f95838..5f608fd923a 100644 --- a/test/e2e/pause_test.go +++ b/test/e2e/pause_test.go @@ -18,19 +18,15 @@ var _ = Describe("Podman pause", func() { createdState := "created" BeforeEach(func() { - SkipIfRootlessCgroupsV1("Pause is not supported in cgroups v1") - - if CGROUPSV2 { - b, err := os.ReadFile("/proc/self/cgroup") - if err != nil { - Skip("cannot read self cgroup") - } - - path := filepath.Join("/sys/fs/cgroup", strings.TrimSuffix(strings.Replace(string(b), "0::", "", 1), "\n"), "cgroup.freeze") - _, err = os.Stat(path) - if err != nil { - Skip("freezer controller not available on the current kernel") - } + b, err := os.ReadFile("/proc/self/cgroup") + if err != nil { + Skip("cannot read self cgroup") + } + + path := filepath.Join("/sys/fs/cgroup", strings.TrimSuffix(strings.Replace(string(b), "0::", "", 1), "\n"), "cgroup.freeze") + _, err = os.Stat(path) + if err != nil { + Skip("freezer controller not available on the current kernel") } }) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 60b0677351d..9eab96fafb6 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -1192,8 +1192,6 @@ ENTRYPOINT ["sleep","99999"] }) It("podman pod create --share-parent test", func() { - SkipIfRootlessCgroupsV1("rootless cannot use cgroups with cgroupsv1") - SkipIfCgroupV1("CgroupMode shows 'host' on CGv1, not CID (issue 15013, wontfix") podCreate := podmanTest.Podman([]string{"pod", "create", "--share-parent=false"}) podCreate.WaitWithDefaultTimeout() Expect(podCreate).Should(ExitCleanly()) diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go index c4ec7634fae..6aee04d7079 100644 --- a/test/e2e/pod_infra_container_test.go +++ b/test/e2e/pod_infra_container_test.go @@ -225,7 +225,6 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod pid NS", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") session := podmanTest.Podman([]string{"pod", "create", "--share", "pid"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) diff --git a/test/e2e/pod_kill_test.go b/test/e2e/pod_kill_test.go index 83f2d6a470e..052badae17e 100644 --- a/test/e2e/pod_kill_test.go +++ b/test/e2e/pod_kill_test.go @@ -107,7 +107,6 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill all", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") _, ec, podid := podmanTest.CreatePod(nil) Expect(ec).To(Equal(0)) diff --git a/test/e2e/pod_pause_test.go b/test/e2e/pod_pause_test.go index b7eefc8d010..98d2caaf98e 100644 --- a/test/e2e/pod_pause_test.go +++ b/test/e2e/pod_pause_test.go @@ -11,10 +11,6 @@ import ( var _ = Describe("Podman pod pause", func() { pausedState := "Paused" - BeforeEach(func() { - SkipIfRootlessCgroupsV1("Pause is not supported in cgroups v1") - }) - It("podman pod pause bogus pod", func() { session := podmanTest.Podman([]string{"pod", "pause", "foobar"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/pod_ps_test.go b/test/e2e/pod_ps_test.go index fd8b2c2c5ae..745307a394f 100644 --- a/test/e2e/pod_ps_test.go +++ b/test/e2e/pod_ps_test.go @@ -155,7 +155,6 @@ var _ = Describe("Podman ps", func() { }) It("podman pod ps --ctr-names", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") _, ec, podid := podmanTest.CreatePod(nil) Expect(ec).To(Equal(0)) diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go index c6054ac7942..211944d6743 100644 --- a/test/e2e/pod_stats_test.go +++ b/test/e2e/pod_stats_test.go @@ -9,13 +9,6 @@ import ( ) var _ = Describe("Podman pod stats", func() { - BeforeEach(func() { - SkipIfRootlessCgroupsV1("Tests fail with both CGv1 + required --cgroup-manager=cgroupfs") - if isContainerized() { - SkipIfCgroupV1("All tests fail Error: unable to load cgroup at ...: cgroup deleted") - } - }) - It("podman pod stats should run with no pods", func() { session := podmanTest.Podman([]string{"pod", "stats", "--no-stream"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go index 50c9376ccef..015eb6b6559 100644 --- a/test/e2e/run_cgroup_parent_test.go +++ b/test/e2e/run_cgroup_parent_test.go @@ -16,10 +16,6 @@ import ( const cgroupRoot = "/sys/fs/cgroup" var _ = Describe("Podman run with --cgroup-parent", func() { - BeforeEach(func() { - SkipIfRootlessCgroupsV1("cgroup parent is not supported in cgroups v1") - }) - Specify("valid --cgroup-parent using cgroupfs", func() { if !Containerized() { Skip("Must be containerized to run this test.") @@ -47,7 +43,6 @@ var _ = Describe("Podman run with --cgroup-parent", func() { }) Specify("always honor --cgroup-parent", func() { - SkipIfCgroupV1("test not supported in cgroups v1") if Containerized() || podmanTest.CgroupManager == "cgroupfs" { Skip("Requires Systemd cgroup manager support") } diff --git a/test/e2e/run_cpu_test.go b/test/e2e/run_cpu_test.go index aa76aa9b630..448214df3b8 100644 --- a/test/e2e/run_cpu_test.go +++ b/test/e2e/run_cpu_test.go @@ -13,95 +13,49 @@ import ( var _ = Describe("Podman run cpu", func() { BeforeEach(func() { - SkipIfRootlessCgroupsV1("Setting CPU not supported on cgroupv1 for rootless users") - - if CGROUPSV2 { - if err := os.WriteFile("/sys/fs/cgroup/cgroup.subtree_control", []byte("+cpuset"), 0o644); err != nil { - Skip("cpuset controller not available on the current kernel") - } + if err := os.WriteFile("/sys/fs/cgroup/cgroup.subtree_control", []byte("+cpuset"), 0o644); err != nil { + Skip("cpuset controller not available on the current kernel") } }) It("podman run cpu-period", func() { - var result *PodmanSessionIntegration - if CGROUPSV2 { - result = podmanTest.Podman([]string{"run", "--rm", "--cpu-period=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"}) - } else { - result = podmanTest.Podman([]string{"run", "--rm", "--cpu-period=5000", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_period_us"}) - } + result := podmanTest.Podman([]string{"run", "--rm", "--cpu-period=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"}) result.WaitWithDefaultTimeout() Expect(result).Should(ExitCleanly()) Expect(result.OutputToString()).To(ContainSubstring("5000")) }) It("podman run cpu-quota", func() { - var result *PodmanSessionIntegration - - if CGROUPSV2 { - result = podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"}) - } else { - result = podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"}) - } + result := podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"}) result.WaitWithDefaultTimeout() Expect(result).Should(ExitCleanly()) Expect(result.OutputToString()).To(ContainSubstring("5000")) }) It("podman run cpus", func() { - if CGROUPSV2 { - result := podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"}) - result.WaitWithDefaultTimeout() - Expect(result).Should(ExitCleanly()) - Expect(result.OutputToString()).To(Equal("5000 100000")) - } else { - result := podmanTest.Podman([]string{"run", "--rm", "--cpus=0.5", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_period_us"}) - result.WaitWithDefaultTimeout() - Expect(result).Should(ExitCleanly()) - Expect(result.OutputToString()).To(Equal("100000")) - - result = podmanTest.Podman([]string{"run", "--rm", "--cpus=0.5", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"}) - result.WaitWithDefaultTimeout() - Expect(result).Should(ExitCleanly()) - Expect(result.OutputToString()).To(Equal("50000")) - } + result := podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(ExitCleanly()) + Expect(result.OutputToString()).To(Equal("5000 100000")) }) It("podman run cpu-shares", func() { - if CGROUPSV2 { - // [2-262144] is mapped to [1-10000] - result := podmanTest.Podman([]string{"run", "--rm", "--cpu-shares=262144", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.weight"}) - result.WaitWithDefaultTimeout() - Expect(result).Should(ExitCleanly()) - Expect(result.OutputToString()).To(Equal("10000")) - } else { - result := podmanTest.Podman([]string{"run", "--rm", "-c", "2", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.shares"}) - result.WaitWithDefaultTimeout() - Expect(result).Should(ExitCleanly()) - Expect(result.OutputToString()).To(Equal("2")) - } + // [2-262144] is mapped to [1-10000] + result := podmanTest.Podman([]string{"run", "--rm", "--cpu-shares=262144", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.weight"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(ExitCleanly()) + Expect(result.OutputToString()).To(Equal("10000")) }) It("podman run cpuset-cpus", func() { - var result *PodmanSessionIntegration - - if CGROUPSV2 { - result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-cpus=0", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpuset.cpus.effective"}) - } else { - result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-cpus=0", ALPINE, "cat", "/sys/fs/cgroup/cpuset/cpuset.cpus"}) - } + result := podmanTest.Podman([]string{"run", "--rm", "--cpuset-cpus=0", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpuset.cpus.effective"}) result.WaitWithDefaultTimeout() Expect(result).Should(ExitCleanly()) Expect(result.OutputToString()).To(Equal("0")) }) It("podman run cpuset-mems", func() { - var result *PodmanSessionIntegration - - if CGROUPSV2 { - result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-mems=0", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpuset.mems.effective"}) - } else { - result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-mems=0", ALPINE, "cat", "/sys/fs/cgroup/cpuset/cpuset.mems"}) - } + result := podmanTest.Podman([]string{"run", "--rm", "--cpuset-mems=0", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpuset.mems.effective"}) result.WaitWithDefaultTimeout() Expect(result).Should(ExitCleanly()) Expect(result.OutputToString()).To(Equal("0")) @@ -120,7 +74,6 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run invalid cpu-rt-period with cgroupsv2", func() { - SkipIfCgroupV1("testing options that only work in cgroup v2") result := podmanTest.Podman([]string{"run", "--rm", "--cpu-rt-period=5000", ALPINE, "ls"}) result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) @@ -128,7 +81,6 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run invalid cpu-rt-runtime with cgroupsv2", func() { - SkipIfCgroupV1("testing options that only work in cgroup v2") result := podmanTest.Podman([]string{"run", "--rm", "--cpu-rt-runtime=5000", ALPINE, "ls"}) result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index ba821589a31..1723042043b 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -3,40 +3,21 @@ package integration import ( - "fmt" - . "github.com/containers/podman/v6/test/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" ) var _ = Describe("Podman run memory", func() { - BeforeEach(func() { - SkipIfRootlessCgroupsV1("Setting Memory not supported on cgroupv1 for rootless users") - }) - It("podman run memory test", func() { - var session *PodmanSessionIntegration - - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--memory=40m", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.max"}) - } else { - session = podmanTest.Podman([]string{"run", "--memory=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.limit_in_bytes"}) - } + session := podmanTest.Podman([]string{"run", "--memory=40m", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.max"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) Expect(session.OutputToString()).To(Equal("41943040")) }) It("podman run memory-reservation test", func() { - var session *PodmanSessionIntegration - - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"}) - } else { - session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"}) - } - + session := podmanTest.Podman([]string{"run", "--memory-reservation=40m", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) Expect(session.OutputToString()).To(Equal("41943040")) @@ -48,29 +29,13 @@ var _ = Describe("Podman run memory", func() { expect string ) - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--memory=20m", "--memory-swap=30M", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.swap.max"}) - expect = "10485760" - } else { - session = podmanTest.Podman([]string{"run", "--memory=20m", "--memory-swap=30M", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"}) - expect = "31457280" - } + session = podmanTest.Podman([]string{"run", "--memory=20m", "--memory-swap=30M", "--net=none", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.swap.max"}) + expect = "10485760" session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) Expect(session.OutputToString()).To(Equal(expect)) }) - for _, limit := range []string{"0", "15", "100"} { - testName := fmt.Sprintf("podman run memory-swappiness test(%s)", limit) - It(testName, func() { - SkipIfCgroupV2("memory-swappiness not supported on cgroupV2") - session := podmanTest.Podman([]string{"run", fmt.Sprintf("--memory-swappiness=%s", limit), ALPINE, "cat", "/sys/fs/cgroup/memory/memory.swappiness"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(Equal(limit)) - }) - } - It("podman run memory test on oomkilled container", func() { mem := SystemExec("cat", []string{"/proc/sys/vm/overcommit_memory"}) mem.WaitWithDefaultTimeout() diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go index 1882b7d2ad7..c395950d0b3 100644 --- a/test/e2e/run_ns_test.go +++ b/test/e2e/run_ns_test.go @@ -13,7 +13,6 @@ import ( var _ = Describe("Podman run ns", func() { It("podman run pidns test", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") session := podmanTest.Podman([]string{"run", fedoraMinimal, "bash", "-c", "echo $$"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) @@ -92,7 +91,6 @@ var _ = Describe("Podman run ns", func() { }) It("podman run --ipc=host --pid=host", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") cmd := exec.Command("ls", "-l", "/proc/self/ns/pid") res, err := cmd.Output() Expect(err).ToNot(HaveOccurred()) diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index 5752ec02fd8..c89cbc338a2 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -239,7 +239,6 @@ var _ = Describe("Podman run", func() { }) It("podman test --pid=host", func() { - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") session := podmanTest.Podman([]string{"run", "--pid=host", ALPINE, "cat", "/proc/self/attr/current"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index b80ef3332f9..cbb8dd5dd98 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -3,7 +3,9 @@ package integration import ( + "errors" "fmt" + "io/fs" "net" "os" "path/filepath" @@ -523,7 +525,6 @@ var _ = Describe("Podman run", func() { }) It("podman run security-opt unmask on /sys/fs/cgroup", func() { - SkipIfCgroupV1("podman umask on /sys/fs/cgroup will fail with cgroups V1") SkipIfRootless("/sys/fs/cgroup rw access is needed") rwOnCgroups := "/sys/fs/cgroup cgroup2 rw" session := podmanTest.Podman([]string{"run", "--security-opt", "unmask=ALL", "--security-opt", "mask=/sys/fs/cgroup", ALPINE, "cat", "/proc/mounts"}) @@ -734,8 +735,6 @@ USER bin`, BB) }) It("podman run limits test", func() { - SkipIfRootlessCgroupsV1("Setting limits not supported on cgroupv1 for rootless users") - if !isRootless() { session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "rtprio=99", "--cap-add=sys_nice", fedoraMinimal, "cat", "/proc/self/sched"}) session.WaitWithDefaultTimeout() @@ -752,13 +751,6 @@ USER bin`, BB) Expect(session).Should(ExitCleanly()) Expect(session.OutputToString()).To(ContainSubstring("1024")) - if !CGROUPSV2 { - // --oom-kill-disable not supported on cgroups v2. - session = podmanTest.Podman([]string{"run", "--rm", "--oom-kill-disable=true", fedoraMinimal, "echo", "memory-hog"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - } - session = podmanTest.Podman([]string{"run", "--rm", "--oom-score-adj=999", fedoraMinimal, "cat", "/proc/self/oom_score_adj"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) @@ -833,106 +825,60 @@ USER bin`, BB) }) It("podman run blkio-weight test", func() { - SkipIfRootlessCgroupsV1("Setting blkio-weight not supported on cgroupv1 for rootless users") SkipIfRootless("By default systemd doesn't delegate io to rootless users") - if CGROUPSV2 { - if _, err := os.Stat("/sys/fs/cgroup/io.stat"); os.IsNotExist(err) { - Skip("Kernel does not have io.stat") - } - if _, err := os.Stat("/sys/fs/cgroup/system.slice/io.bfq.weight"); os.IsNotExist(err) { - Skip("Kernel does not support BFQ IO scheduler") - } - session := podmanTest.Podman([]string{"run", "--rm", "--blkio-weight=15", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/io.bfq.weight"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - // there was a documentation issue in the kernel that reported a different range [1-10000] for the io controller. - // older versions of crun/runc used it. For the time being allow both versions to pass the test. - // FIXME: drop "|51" once all the runtimes we test have the fix in place. - Expect(strings.Replace(session.OutputToString(), "default ", "", 1)).To(MatchRegexp("15|51")) - } else { - if _, err := os.Stat("/sys/fs/cgroup/blkio/blkio.weight"); os.IsNotExist(err) { - Skip("Kernel does not support blkio.weight") - } - session := podmanTest.Podman([]string{"run", "--rm", "--blkio-weight=15", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.weight"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring("15")) + if _, err := os.Stat("/sys/fs/cgroup/io.stat"); errors.Is(err, fs.ErrNotExist) { + Skip("Kernel does not have io.stat") + } + if _, err := os.Stat("/sys/fs/cgroup/system.slice/io.bfq.weight"); errors.Is(err, fs.ErrNotExist) { + Skip("Kernel does not support BFQ IO scheduler") } + session := podmanTest.Podman([]string{"run", "--rm", "--blkio-weight=15", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/io.bfq.weight"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(ExitCleanly()) + // there was a documentation issue in the kernel that reported a different range [1-10000] for the io controller. + // older versions of crun/runc used it. For the time being allow both versions to pass the test. + // FIXME: drop "|51" once all the runtimes we test have the fix in place. + Expect(strings.Replace(session.OutputToString(), "default ", "", 1)).To(MatchRegexp("15|51")) }) It("podman run device-read-bps test", func() { SkipIfRootless("Setting device-read-bps not supported for rootless users") skipWithoutDevNullb0() - var session *PodmanSessionIntegration - - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--rm", "--device-read-bps=/dev/nullb0:1mb", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) - } else { - session = podmanTest.Podman([]string{"run", "--rm", "--device-read-bps=/dev/nullb0:1mb", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.read_bps_device"}) - } - + session := podmanTest.Podman([]string{"run", "--rm", "--device-read-bps=/dev/nullb0:1mb", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 - Expect(session.OutputToString()).To(ContainSubstring("1048576")) - } + // FIXME: https://github.com/containers/podman/commit/9b9789c207d8b84ee37e9c37c613879369a8690c }) It("podman run device-write-bps test", func() { SkipIfRootless("Setting device-write-bps not supported for rootless users") skipWithoutDevNullb0() - var session *PodmanSessionIntegration - - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--rm", "--device-write-bps=/dev/nullb0:1mb", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) - } else { - session = podmanTest.Podman([]string{"run", "--rm", "--device-write-bps=/dev/nullb0:1mb", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.write_bps_device"}) - } + session := podmanTest.Podman([]string{"run", "--rm", "--device-write-bps=/dev/nullb0:1mb", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 - Expect(session.OutputToString()).To(ContainSubstring("1048576")) - } + // FIXME: https://github.com/containers/podman/commit/9b9789c207d8b84ee37e9c37c613879369a8690c }) It("podman run device-read-iops test", func() { SkipIfRootless("Setting device-read-iops not supported for rootless users") skipWithoutDevNullb0() - var session *PodmanSessionIntegration - - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--rm", "--device-read-iops=/dev/nullb0:100", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) - } else { - session = podmanTest.Podman([]string{"run", "--rm", "--device-read-iops=/dev/nullb0:100", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.read_iops_device"}) - } - + session := podmanTest.Podman([]string{"run", "--rm", "--device-read-iops=/dev/nullb0:100", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 - Expect(session.OutputToString()).To(ContainSubstring("100")) - } + // FIXME: https://github.com/containers/podman/commit/9b9789c207d8b84ee37e9c37c613879369a8690c }) It("podman run device-write-iops test", func() { SkipIfRootless("Setting device-write-iops not supported for rootless users") skipWithoutDevNullb0() - var session *PodmanSessionIntegration - - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--rm", "--device-write-iops=/dev/nullb0:100", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) - } else { - session = podmanTest.Podman([]string{"run", "--rm", "--device-write-iops=/dev/nullb0:100", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.write_iops_device"}) - } - + session := podmanTest.Podman([]string{"run", "--rm", "--device-write-iops=/dev/nullb0:100", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 - Expect(session.OutputToString()).To(ContainSubstring("100")) - } + // FIXME: https://github.com/containers/podman/commit/9b9789c207d8b84ee37e9c37c613879369a8690c }) It("podman run notify_socket", func() { @@ -1734,7 +1680,6 @@ VOLUME %s`, ALPINE, volPath, volPath) It("podman run with cgroups=split", func() { SkipIfNotSystemd(podmanTest.CgroupManager, "do not test --cgroups=split if not running on systemd") - SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users") SkipIfRemote("--cgroups=split cannot be used in remote mode") checkLines := func(lines []string) { @@ -1744,14 +1689,6 @@ VOLUME %s`, ALPINE, volPath, volPath) if len(parts) < 2 { continue } - if !CGROUPSV2 { - // ignore unified on cgroup v1. - // both runc and crun do not set it. - // crun does not set named hierarchies. - if parts[1] == "" || strings.Contains(parts[1], "name=") { - continue - } - } if parts[2] == "/" { continue } @@ -1788,7 +1725,6 @@ VOLUME %s`, ALPINE, volPath, volPath) }) It("podman run with cgroups=disabled runs without cgroups", func() { - SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users") // Only works on crun if !strings.Contains(podmanTest.OCIRuntime, "crun") { Skip("Test only works on crun") @@ -1822,7 +1758,6 @@ VOLUME %s`, ALPINE, volPath, volPath) }) It("podman run with cgroups=enabled makes cgroups", func() { - SkipIfRootlessCgroupsV1("Enable cgroups not supported on cgroupv1 for rootless users") // Only works on crun if !strings.Contains(podmanTest.OCIRuntime, "crun") { Skip("Test only works on crun") @@ -1970,7 +1905,6 @@ VOLUME %s`, ALPINE, volPath, volPath) }) It("podman run verify pids-limit", func() { - SkipIfCgroupV1("pids-limit not supported on cgroup V1") limit := "4321" session := podmanTest.Podman([]string{"run", "--pids-limit", limit, "--net=none", "--rm", ALPINE, "cat", "/sys/fs/cgroup/pids.max"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/stats_test.go b/test/e2e/stats_test.go index c87c6dfd06a..c569ecd3138 100644 --- a/test/e2e/stats_test.go +++ b/test/e2e/stats_test.go @@ -15,13 +15,6 @@ import ( // TODO: we need to check the output. Currently, we only check the exit codes // which is not enough. var _ = Describe("Podman stats", func() { - BeforeEach(func() { - SkipIfRootlessCgroupsV1("stats not supported on cgroupv1 for rootless users") - if isContainerized() { - SkipIfCgroupV1("stats not supported inside cgroupv1 container environment") - } - }) - It("podman stats with bogus container", func() { session := podmanTest.Podman([]string{"stats", "--no-stream", "123"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go index f8d15e12fb4..f1c40c6cb77 100644 --- a/test/e2e/systemd_test.go +++ b/test/e2e/systemd_test.go @@ -41,10 +41,6 @@ var _ = Describe("Podman systemd", func() { Expect(conData).To(HaveLen(1)) Expect(conData[0].Config).To(HaveField("SystemdMode", true)) - // stats not supported w/ CGv1 rootless or containerized - if isCgroupsV1() && (isRootless() || isContainerized()) { - return - } stats := podmanTest.Podman([]string{"stats", "--no-stream", ctrName}) stats.WaitWithDefaultTimeout() Expect(stats).Should(ExitCleanly()) diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go index 49eadd3d7b4..1707c9db3dd 100644 --- a/test/e2e/toolbox_test.go +++ b/test/e2e/toolbox_test.go @@ -109,7 +109,6 @@ var _ = Describe("Toolbox-specific testing", func() { if podmanTest.RemoteTest { Skip("Shm size check does not work with a remote client") } - SkipIfRootlessCgroupsV1("Not supported for rootless + CgroupsV1") var session *PodmanSessionIntegration var cmd *exec.Cmd var hostShmSize, containerShmSize int diff --git a/test/e2e/update_test.go b/test/e2e/update_test.go index c86782cc2aa..433919f473c 100644 --- a/test/e2e/update_test.go +++ b/test/e2e/update_test.go @@ -7,61 +7,11 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" . "github.com/onsi/gomega/gexec" - "go.podman.io/common/pkg/cgroupv2" "go.podman.io/storage/pkg/fileutils" ) var _ = Describe("Podman update", func() { - It("podman update container all options v1", func() { - SkipIfCgroupV2("testing flags that only work in cgroup v1") - SkipIfRootless("many of these handlers are not enabled while rootless in CI") - session := podmanTest.Podman([]string{"run", "-dt", ALPINE}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - ctrID := session.OutputToString() - - commonArgs := []string{ - "update", - "--cpus", "5", - "--cpuset-cpus", "0", - "--cpu-shares", "123", - "--cpuset-mems", "0", - "--memory", "1G", - "--memory-swap", "2G", - "--memory-reservation", "2G", - "--memory-swappiness", "50", - "--pids-limit", "123", ctrID, - } - - session = podmanTest.Podman(commonArgs) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - // checking cpu quota from --cpus - podmanTest.CheckFileInContainerSubstring(ctrID, "/sys/fs/cgroup/cpu/cpu.cfs_quota_us", "500000") - - // checking cpuset-cpus - podmanTest.CheckFileInContainer(ctrID, "/sys/fs/cgroup/cpuset/cpuset.cpus", "0") - - // checking cpuset-mems - podmanTest.CheckFileInContainer(ctrID, "/sys/fs/cgroup/cpuset/cpuset.mems", "0") - - // checking memory limit - podmanTest.CheckFileInContainerSubstring(ctrID, "/sys/fs/cgroup/memory/memory.limit_in_bytes", "1073741824") - - // checking memory-swap - podmanTest.CheckFileInContainerSubstring(ctrID, "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes", "2147483648") - - // checking cpu-shares - podmanTest.CheckFileInContainerSubstring(ctrID, "/sys/fs/cgroup/cpu/cpu.shares", "123") - - // checking pids-limit - podmanTest.CheckFileInContainerSubstring(ctrID, "/sys/fs/cgroup/pids/pids.max", "123") - }) - It("podman update container unspecified pid limit", func() { - SkipIfCgroupV1("testing flags that only work in cgroup v2") SkipIfRootless("many of these handlers are not enabled while rootless in CI") session := podmanTest.Podman([]string{"run", "-dt", "--pids-limit", "-1", ALPINE}) session.WaitWithDefaultTimeout() @@ -86,7 +36,6 @@ var _ = Describe("Podman update", func() { }) It("podman update container all options v2", func() { - SkipIfCgroupV1("testing flags that only work in cgroup v2") SkipIfRootless("many of these handlers are not enabled while rootless in CI") skipWithoutDevNullb0() session := podmanTest.Podman([]string{"run", "-dt", ALPINE}) @@ -167,16 +116,10 @@ var _ = Describe("Podman update", func() { ctrID := session.OutputToString() - path := "/sys/fs/cgroup/cpu/cpu.cfs_quota_us" - if v2, _ := cgroupv2.Enabled(); v2 { - path = "/sys/fs/cgroup/cpu.max" - } - - podmanTest.CheckFileInContainerSubstring(ctrID, path, "500000") + podmanTest.CheckFileInContainerSubstring(ctrID, "/sys/fs/cgroup/cpu.max", "500000") }) It("podman update persists changes", func() { - SkipIfCgroupV1("testing flags that only work in cgroup v2") SkipIfRootless("many of these handlers are not enabled while rootless in CI") memoryInspect := ".HostConfig.Memory" From 036bf7b44f2c164c67d33fba1afd0150000b5c57 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 10:07:36 -0500 Subject: [PATCH 23/25] test/system: delete CgV1 skips and skipped CgV2 tests Signed-off-by: Lokesh Mandvekar --- test/system/030-run.bats | 22 +++++------------ test/system/170-run-userns.bats | 2 -- test/system/200-pod.bats | 2 -- test/system/250-systemd.bats | 7 ------ test/system/252-quadlet.bats | 1 - test/system/253-podman-quadlet.bats | 1 - test/system/400-unprivileged-access.bats | 1 - test/system/410-selinux.bats | 4 ---- test/system/420-cgroups.bats | 3 --- test/system/500-networking.bats | 4 ---- test/system/helpers.bash | 30 ------------------------ 11 files changed, 6 insertions(+), 71 deletions(-) diff --git a/test/system/030-run.bats b/test/system/030-run.bats index ab7daf3bd49..82d8eaa3f84 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -122,7 +122,6 @@ EOF # bats test_tags=ci:parallel @test "podman run - uidmapping has no /sys/kernel mounts" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" skip_if_rootless "cannot umount as rootless" run_podman run --rm --uidmap 0:100:10000 $IMAGE mount @@ -1081,7 +1080,6 @@ EOF # rhbz#1902979 : podman run fails to update /etc/hosts when --uidmap is provided # bats test_tags=ci:parallel @test "podman run update /etc/hosts" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" HOST=$(random_string 25) run_podman run --uidmap 0:10001:10002 --rm --hostname ${HOST} $IMAGE grep ${HOST} /etc/hosts is "${lines[0]}" ".*${HOST}.*" @@ -1451,21 +1449,13 @@ EOF # bats test_tags=ci:parallel @test "podman run --net=host --cgroupns=host with read only cgroupfs" { - skip_if_rootless_cgroupsv1 + # verify that the last /sys/fs/cgroup mount is read-only + run_podman run --net=host --cgroupns=host --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1" + assert "$output" =~ "/sys/fs/cgroup ro" - if is_cgroupsv1; then - # verify that the memory controller is mounted read-only - run_podman run --net=host --cgroupns=host --rm $IMAGE cat /proc/self/mountinfo - assert "$output" =~ "/sys/fs/cgroup/memory ro.* cgroup cgroup" - else - # verify that the last /sys/fs/cgroup mount is read-only - run_podman run --net=host --cgroupns=host --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1" - assert "$output" =~ "/sys/fs/cgroup ro" - - # verify that it works also with a cgroupns - run_podman run --net=host --cgroupns=private --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1" - assert "$output" =~ "/sys/fs/cgroup ro" - fi + # verify that it works also with a cgroupns + run_podman run --net=host --cgroupns=private --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1" + assert "$output" =~ "/sys/fs/cgroup ro" } # bats test_tags=ci:parallel diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index b56e2c12e4e..267358fd149 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -33,7 +33,6 @@ function _require_crun() { # bats test_tags=ci:parallel @test "podman --group-add without keep-groups while in a userns" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" run chroot --groups 1234,5678 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add 457 $IMAGE id @@ -42,7 +41,6 @@ function _require_crun() { # bats test_tags=ci:parallel @test "rootful pod with custom ID mapping" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" skip_if_rootless "does not work rootless - rootful feature" random_pod_name=p_$(safename) run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 1887e68ec45..f59223cd250 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -535,7 +535,6 @@ spec: @test "pod resource limits" { skip_if_remote "resource limits only implemented on non-remote" skip_if_rootless "resource limits only work with root" - skip_if_cgroupsv1 "resource limits only meaningful on cgroups V2" # create loopback device lofile=${PODMAN_TMPDIR}/disk.img @@ -762,7 +761,6 @@ function thingy_with_unique_id() { # bats test_tags=ci:parallel @test "podman pod cleans cgroup and keeps limits" { skip_if_remote "we cannot check cgroup settings" - skip_if_rootless_cgroupsv1 "rootless cannot use cgroups on v1" for infra in true false; do run_podman pod create --infra=$infra --memory=256M diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index 89b8c80aae6..5cadd34becc 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -316,13 +316,6 @@ LISTEN_FDNAMES=listen_fdnames" | sort) run_podman rm $cname } -@test "podman --systemd fails on cgroup v1 with a private cgroupns" { - skip_if_cgroupsv2 - - run_podman 126 run --systemd=always --cgroupns=private $IMAGE true - assert "$output" =~ ".*cgroup namespace is not supported with cgroup v1 and systemd mode" -} - # https://github.com/containers/podman/issues/13153 @test "podman rootless-netns processes should be in different cgroup" { is_rootless || skip "only meaningful for rootless" diff --git a/test/system/252-quadlet.bats b/test/system/252-quadlet.bats index 901295db9ec..bbcf502c819 100644 --- a/test/system/252-quadlet.bats +++ b/test/system/252-quadlet.bats @@ -20,7 +20,6 @@ function start_time() { function setup() { skip_if_remote "quadlet tests are meaningless over remote" - skip_if_rootless_cgroupsv1 "Can't use --cgroups=split w/ CGv1 (issue 17456, wontfix)" skip_if_journald_unavailable "Needed for RHEL. FIXME: we might be able to re-enable a subset of tests." test -x "$QUADLET" || die "Cannot run quadlet tests without executable \$QUADLET ($QUADLET)" diff --git a/test/system/253-podman-quadlet.bats b/test/system/253-podman-quadlet.bats index 892a0c6fc1a..775532abaaa 100644 --- a/test/system/253-podman-quadlet.bats +++ b/test/system/253-podman-quadlet.bats @@ -10,7 +10,6 @@ load helpers.systemd function setup() { skip_if_remote "podman quadlet is not implemented for remote setup yet" - skip_if_rootless_cgroupsv1 "Can't use --cgroups=split w/ CGv1 (issue 17456, wontfix)" skip_if_journald_unavailable "Needed for RHEL. FIXME: we might be able to re-enable a subset of tests." test -x "$QUADLET" || die "Cannot run quadlet tests without executable \$QUADLET ($QUADLET)" diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats index a253ad5cc02..9f89dad83e3 100644 --- a/test/system/400-unprivileged-access.bats +++ b/test/system/400-unprivileged-access.bats @@ -7,7 +7,6 @@ load helpers @test "podman container storage is not accessible by unprivileged users" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" skip_if_rootless "test meaningless without suid" skip_if_remote diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 0c70379b9e3..956525ed9e4 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -152,10 +152,6 @@ function check_label() { @test "podman selinux: shared context in (some) namespaces" { skip_if_no_selinux - # rootless users have no usable cgroups with cgroupsv1, so containers - # must use a pid namespace and not join an existing one. - skip_if_rootless_cgroupsv1 - if [[ $(podman_runtime) == "runc" ]]; then skip "some sort of runc bug, not worth fixing (issue 11784, wontfix)" fi diff --git a/test/system/420-cgroups.bats b/test/system/420-cgroups.bats index d0bfd36b664..512dec89e14 100644 --- a/test/system/420-cgroups.bats +++ b/test/system/420-cgroups.bats @@ -9,8 +9,6 @@ load helpers @test "podman run, preserves initial --cgroup-manager" { skip_if_remote "podman-remote does not support --cgroup-manager" - skip_if_rootless_cgroupsv1 - # Find out our default cgroup manager, and from that, get the non-default run_podman info --format '{{.Host.CgroupManager}}' case "$output" in @@ -41,7 +39,6 @@ load helpers # bats test_tags=ci:parallel @test "podman run --cgroups=disabled keeps the current cgroup" { skip_if_remote "podman-remote does not support --cgroups=disabled" - skip_if_rootless_cgroupsv1 runtime=$(podman_runtime) if [[ $runtime != "crun" ]]; then skip "runtime is $runtime; --cgroups=disabled requires crun" diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 7fc58713ea6..c96122bf4fe 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -114,7 +114,6 @@ load helpers.network # Issue #5466 - port-forwarding doesn't work with this option and -d # FIXME: random_rfc1918_subnet is not parallel-safe @test "podman networking: port with --userns=keep-id for rootless or --uidmap=* for rootful" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" for cidr in "" "$(random_rfc1918_subnet).0/24"; do myport=$(random_free_port 52000-52999) if [[ -z $cidr ]]; then @@ -878,7 +877,6 @@ EOF # bats test_tags=ci:parallel @test "podman run /etc/* permissions" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" userns="--userns=keep-id" if ! is_rootless; then userns="--uidmap=0:1111111:65536 --gidmap=0:1111111:65536" @@ -992,8 +990,6 @@ EOF # Test for https://github.com/containers/podman/issues/18615 # CANNOT BE PARALLELIZED due to strict checking of /run/netns @test "podman network cleanup --userns + --restart" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" - local net1=net-a-$(safename) # use /29 subnet to limit available ip space, a 29 gives 5 usable addresses (6 - 1 for the gw) local subnet="$(random_rfc1918_subnet).0/29" diff --git a/test/system/helpers.bash b/test/system/helpers.bash index d6bfa31b321..f9df5b8404c 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -938,36 +938,6 @@ function skip_if_no_selinux() { fi } -####################### -# skip_if_cgroupsv1 # ...with an optional message -####################### -function skip_if_cgroupsv1() { - if ! is_cgroupsv2; then - skip "${1:-test requires cgroupsv2}" - fi -} - -####################### -# skip_if_cgroupsv2 # ...with an optional message -####################### -function skip_if_cgroupsv2() { - if is_cgroupsv2; then - skip "${1:-test requires cgroupsv1}" - fi -} - -###################### -# skip_if_rootless_cgroupsv1 # ...with an optional message -###################### -function skip_if_rootless_cgroupsv1() { - if is_rootless; then - if ! is_cgroupsv2; then - local msg=$(_add_label_if_missing "$1" "rootless cgroupvs1") - skip "${msg:-not supported as rootless under cgroupsv1}" - fi - fi -} - ################################## # skip_if_journald_unavailable # rhbz#1895105: rootless journald permissions ################################## From bb3c8b9ecdd9943a46f8235b99fb9173cad988e1 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 10:11:51 -0500 Subject: [PATCH 24/25] docs: Remove Cgroups v1 Signed-off-by: Lokesh Mandvekar --- docs/source/locale/ja/LC_MESSAGES/markdown.po | 13 +------------ docs/source/markdown/podman-stats.1.md.in | 9 +-------- docs/source/markdown/podman.1.md | 1 - 3 files changed, 2 insertions(+), 21 deletions(-) diff --git a/docs/source/locale/ja/LC_MESSAGES/markdown.po b/docs/source/locale/ja/LC_MESSAGES/markdown.po index 649857577dc..e97a73b613b 100644 --- a/docs/source/locale/ja/LC_MESSAGES/markdown.po +++ b/docs/source/locale/ja/LC_MESSAGES/markdown.po @@ -26352,16 +26352,9 @@ msgstr "" msgid "Display a live stream of one or more containers' resource usage statistics" msgstr "" -#: ../../source/markdown/podman-stats.1.md:15 -msgid "" -"Note: Podman stats does not work in rootless environments that use " -"CGroups V1. Podman stats relies on CGroup information for statistics, and" -" CGroup v1 is not supported for rootless use cases." -msgstr "" - #: ../../source/markdown/podman-stats.1.md:19 msgid "" -"Note: Rootless environments that use CGroups V2 are not able to report " +"Note: Rootless environments are not able to report " "statistics about their networking usage." msgstr "" @@ -26521,10 +26514,6 @@ msgstr "" msgid "Same as UpTime" msgstr "" -#: ../../source/markdown/podman-stats.1.md:64 -msgid "[1] Cgroups V1 only" -msgstr "" - #: ../../source/markdown/podman-stats.1.md:68 msgid "**--interval**, **-i**=*seconds*" msgstr "" diff --git a/docs/source/markdown/podman-stats.1.md.in b/docs/source/markdown/podman-stats.1.md.in index 1c01e7f433e..13dc48f3f44 100644 --- a/docs/source/markdown/podman-stats.1.md.in +++ b/docs/source/markdown/podman-stats.1.md.in @@ -11,11 +11,7 @@ podman\-stats - Display a live stream of one or more container's resource usage ## DESCRIPTION Display a live stream of one or more containers' resource usage statistics -Note: Podman stats does not work in rootless environments that use cgroups v1. -Podman stats relies on cgroup information for statistics, and cgroup v1 is not -supported for rootless use cases. - -Note: Rootless environments that use cgroups v2 are not able to report statistics +Note: Rootless environments are not able to report statistics about their networking usage. ## OPTIONS @@ -52,15 +48,12 @@ Valid placeholders for the Go template are listed below: | .Name | Container Name | | .NetIO | Network IO | | .Network ... | Network I/O, separated by network interface | -| .PerCPU | CPU time consumed by all tasks [1] | | .PIDs | Number of PIDs | | .PIDS | Number of PIDs (yes, we know this is a dup) | | .SystemNano | Current system datetime, nanoseconds since epoch | | .Up | Duration (CPUNano), in human-readable form | | .UpTime | Same as Up | -[1] Cgroups V1 only - When using a Go template, precede the format with `table` to print headers. #### **--interval**, **-i**=*seconds* diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index bde480076dd..77fdab2978b 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -37,7 +37,6 @@ The CDI spec directory path (may be set multiple times). Default path is `/etc/c The CGroup manager to use for container cgroups. Supported values are __cgroupfs__ or __systemd__. Default is _systemd_ unless overridden in the containers.conf file. Note: Setting this flag can cause certain commands to break when called on containers previously created by the other CGroup manager type. -Note: CGroup manager is not supported in rootless mode when using CGroups Version V1. #### **--config** Location of config file. Mainly for docker compatibility, only the authentication parts of the config are supported. From 145540fed46994e47dae71f40be5d110f2eaaab9 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 11:22:02 -0500 Subject: [PATCH 25/25] Remove ContainerStats.PerCPU: CGV1 only Signed-off-by: Lokesh Mandvekar --- docs/source/locale/ja/LC_MESSAGES/markdown.po | 4 ---- libpod/define/containerstate.go | 1 - libpod/stats_linux.go | 1 - pkg/api/handlers/compat/containers_stats_linux.go | 1 - 4 files changed, 7 deletions(-) diff --git a/docs/source/locale/ja/LC_MESSAGES/markdown.po b/docs/source/locale/ja/LC_MESSAGES/markdown.po index e97a73b613b..4ae143667a7 100644 --- a/docs/source/locale/ja/LC_MESSAGES/markdown.po +++ b/docs/source/locale/ja/LC_MESSAGES/markdown.po @@ -26474,10 +26474,6 @@ msgstr "" msgid "Network Output" msgstr "" -#: ../../source/markdown/podman-stats.1.md:1 -msgid ".PerCPU" -msgstr "" - #: ../../source/markdown/podman-stats.1.md:1 msgid "CPU time consumed by all tasks [1]" msgstr "" diff --git a/libpod/define/containerstate.go b/libpod/define/containerstate.go index e9679888617..a7660100073 100644 --- a/libpod/define/containerstate.go +++ b/libpod/define/containerstate.go @@ -133,7 +133,6 @@ type ContainerStats struct { AvgCPU float64 ContainerID string Name string - PerCPU []uint64 CPU float64 CPUNano uint64 CPUSystemNano uint64 diff --git a/libpod/stats_linux.go b/libpod/stats_linux.go index 84f853bf89a..bc4ea541014 100644 --- a/libpod/stats_linux.go +++ b/libpod/stats_linux.go @@ -69,7 +69,6 @@ func (c *Container) getPlatformContainerStats(stats *define.ContainerStats, prev stats.CPUNano = cgroupStats.CpuStats.CpuUsage.TotalUsage stats.CPUSystemNano = cgroupStats.CpuStats.CpuUsage.UsageInKernelmode stats.SystemNano = now - stats.PerCPU = cgroupStats.CpuStats.CpuUsage.PercpuUsage return nil } diff --git a/pkg/api/handlers/compat/containers_stats_linux.go b/pkg/api/handlers/compat/containers_stats_linux.go index 1773f05859b..9b450c193f2 100644 --- a/pkg/api/handlers/compat/containers_stats_linux.go +++ b/pkg/api/handlers/compat/containers_stats_linux.go @@ -20,7 +20,6 @@ func getPreCPUStats(stats *define.ContainerStats) CPUStats { return CPUStats{ CPUUsage: container.CPUUsage{ TotalUsage: stats.CPUNano, - PercpuUsage: stats.PerCPU, UsageInKernelmode: stats.CPUSystemNano, UsageInUsermode: stats.CPUNano - stats.CPUSystemNano, },