|
|
@@ -1297,7 +1297,39 @@ func rootFSToAPIType(rootfs *image.RootFS) types.RootFS {
|
|
|
// setupDaemonProcess sets various settings for the daemon's process
|
|
|
func setupDaemonProcess(config *config.Config) error {
|
|
|
// setup the daemons oom_score_adj
|
|
|
- return setupOOMScoreAdj(config.OOMScoreAdjust)
|
|
|
+ if err := setupOOMScoreAdj(config.OOMScoreAdjust); err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ return setMayDetachMounts()
|
|
|
+}
|
|
|
+
|
|
|
+// This is used to allow removal of mountpoints that may be mounted in other
|
|
|
+// namespaces on RHEL based kernels starting from RHEL 7.4.
|
|
|
+// Without this setting, removals on these RHEL based kernels may fail with
|
|
|
+// "device or resource busy".
|
|
|
+// This setting is not available in upstream kernels as it is not configurable,
|
|
|
+// but has been in the upstream kernels since 3.15.
|
|
|
+func setMayDetachMounts() error {
|
|
|
+ f, err := os.OpenFile("/proc/sys/fs/may_detach_mounts", os.O_WRONLY, 0)
|
|
|
+ if err != nil {
|
|
|
+ if os.IsNotExist(err) {
|
|
|
+ return nil
|
|
|
+ }
|
|
|
+ return errors.Wrap(err, "error opening may_detach_mounts kernel config file")
|
|
|
+ }
|
|
|
+ defer f.Close()
|
|
|
+
|
|
|
+ _, err = f.WriteString("1")
|
|
|
+ if os.IsPermission(err) {
|
|
|
+ // Setting may_detach_mounts does not work in an
|
|
|
+ // unprivileged container. Ignore the error, but log
|
|
|
+ // it if we appear not to be in that situation.
|
|
|
+ if !rsystem.RunningInUserNS() {
|
|
|
+ logrus.Debugf("Permission denied writing %q to /proc/sys/fs/may_detach_mounts", "1")
|
|
|
+ }
|
|
|
+ return nil
|
|
|
+ }
|
|
|
+ return err
|
|
|
}
|
|
|
|
|
|
func setupOOMScoreAdj(score int) error {
|
Yong Tang