49 lines
1.6 KiB
Diff
49 lines
1.6 KiB
Diff
From 92c51d606acb92a5fb58eed2d238ad3cb2c69291 Mon Sep 17 00:00:00 2001
|
|
From: xiadanni1 <xiadanni1@huawei.com>
|
|
Date: Tue, 20 Aug 2019 02:40:45 +0800
|
|
Subject: [PATCH] runc:fix exec problem caused by libseccomp updating
|
|
|
|
reason: libseccomp updating causes runc exec performance
|
|
degradation, which causes container health check failed and container
|
|
is killed. So we add an environmental variable to skip this unnecessary
|
|
seccomp step.
|
|
|
|
related test data:
|
|
before fixing, exec "runc exec" 20 times,
|
|
start time: 1566210117.193673318 end time: 1566210125.493181368
|
|
takes about 8s
|
|
after fixing, exec "runc exec" 20 times,
|
|
start time: 1566210059.708669785 end time: 1566210060.879416932
|
|
takes about 1s
|
|
|
|
Change-Id: I751ac8354394bd15a420ad8410b12ef3f75622a1
|
|
Signed-off-by: xiadanni <xiadanni1@huawei.com>
|
|
---
|
|
libcontainer/seccomp/seccomp_linux.go | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go
|
|
index e4b5750..a925be1 100644
|
|
--- a/libcontainer/seccomp/seccomp_linux.go
|
|
+++ b/libcontainer/seccomp/seccomp_linux.go
|
|
@@ -6,6 +6,7 @@ package seccomp
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
+ "os"
|
|
|
|
libseccomp "github.com/seccomp/libseccomp-golang"
|
|
"github.com/sirupsen/logrus"
|
|
@@ -30,6 +31,8 @@ const (
|
|
// Returns the seccomp file descriptor if any of the filters include a
|
|
// SCMP_ACT_NOTIFY action, otherwise returns -1.
|
|
func InitSeccomp(config *configs.Seccomp) (int, error) {
|
|
+ os.Setenv("LIBSECCOMP_TRANSACTION_DISABLE", "1")
|
|
+ defer os.Unsetenv("LIBSECCOMP_TRANSACTION_DISABLE")
|
|
if config == nil {
|
|
return -1, errors.New("cannot initialize Seccomp - nil config passed")
|
|
}
|
|
--
|
|
2.33.0
|
|
|