kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-06 10:25:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adjust cgroup change in libcontainer

Browse Source
This commit is contained in:
Shengjing Zhu
2020-08-19 23:57:26 +08:00
parent 6a1139b9fe
commit 274bf2ee1c
4 changed files with 24 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/shared/executor/executor_linux.go
View File

@@ -28,6 +28,7 @@ import (
"github.com/opencontainers/runc/libcontainer/cgroups"
lconfigs "github.com/opencontainers/runc/libcontainer/configs"
ldevices "github.com/opencontainers/runc/libcontainer/devices"
"github.com/opencontainers/runc/libcontainer/specconv"
lutils "github.com/opencontainers/runc/libcontainer/utils"
"github.com/syndtr/gocapability/capability"
"golang.org/x/sys/unix"
@@ -599,7 +600,7 @@ func configureIsolation(cfg *lconfigs.Config, command *ExecCommand) error {
"/proc/sys", "/proc/sysrq-trigger", "/proc/irq", "/proc/bus",
}
cfg.Devices = lconfigs.DefaultAutoCreatedDevices
cfg.Devices = specconv.AllowedDevices
if len(command.Devices) > 0 {
devs, err := cmdDevices(command.Devices)
if err != nil {
@@ -732,13 +733,14 @@ func newLibcontainerConfig(command *ExecCommand) (*lconfigs.Config, error) {
cfg := &lconfigs.Config{
Cgroups: &lconfigs.Cgroup{
Resources: &lconfigs.Resources{
AllowAllDevices: nil,
MemorySwappiness: nil,
AllowedDevices: lconfigs.DefaultAllowedDevices,
},
},
Version: "1.0.0",
}
for _, device := range specconv.AllowedDevices {
cfg.Cgroups.Resources.Devices = append(cfg.Cgroups.Resources.Devices, &device.DeviceRule)
}
if err := configureCapabilities(cfg, command); err != nil {
return nil, err