60 lines
2.3 KiB
Diff
60 lines
2.3 KiB
Diff
From 394c8695f22731938994fdc5d7db678762119481 Mon Sep 17 00:00:00 2001
|
|
From: Wentao Zhang <zhangwentao234@huawei.com>
|
|
Date: Tue, 20 Dec 2016 06:21:10 -0500
|
|
Subject: [PATCH 59/94] Fix setup cgroup before prestart hook
|
|
|
|
* User Case:
|
|
User could use prestart hook to add block devices to container. so the
|
|
hook should have a way to set the permissions of the devices.
|
|
|
|
Just move cgroup config operation before prestart hook will work.
|
|
Conflicts:
|
|
libcontainer/process_linux.go
|
|
|
|
Change-Id: I991138f4e686c4268e0629204ce1eae6452fdecf
|
|
Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
|
|
---
|
|
libcontainer/process_linux.go | 12 +++++++++---
|
|
1 file changed, 9 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
|
|
index 9064c0e..70e93de 100644
|
|
--- a/libcontainer/process_linux.go
|
|
+++ b/libcontainer/process_linux.go
|
|
@@ -286,9 +286,6 @@ func (p *initProcess) start() error {
|
|
ierr := parseSync(p.parentPipe, func(sync *syncT) error {
|
|
switch sync.Type {
|
|
case procReady:
|
|
- if err := p.manager.Set(p.config.Config); err != nil {
|
|
- return newSystemErrorWithCause(err, "setting cgroup config for ready process")
|
|
- }
|
|
// set rlimits, this has to be done here because we lose permissions
|
|
// to raise the limits once we enter a user-namespace
|
|
if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil {
|
|
@@ -296,6 +293,11 @@ func (p *initProcess) start() error {
|
|
}
|
|
// call prestart hooks
|
|
if !p.config.Config.Namespaces.Contains(configs.NEWNS) {
|
|
+ // Setup cgroup before prestart hook, so that the prestart hook could apply cgroup permissions.
|
|
+ if err := p.manager.Set(p.config.Config); err != nil {
|
|
+ return newSystemErrorWithCause(err, "setting cgroup config for ready process")
|
|
+ }
|
|
+
|
|
if p.config.Config.Hooks != nil {
|
|
s := configs.HookState{
|
|
SpecState: configs.SpecState{
|
|
@@ -321,6 +323,10 @@ func (p *initProcess) start() error {
|
|
}
|
|
sentRun = true
|
|
case procHooks:
|
|
+ // Setup cgroup before prestart hook, so that the prestart hook could apply cgroup permissions.
|
|
+ if err := p.manager.Set(p.config.Config); err != nil {
|
|
+ return newSystemErrorWithCause(err, "setting cgroup config for ready process")
|
|
+ }
|
|
if p.config.Config.Hooks != nil {
|
|
s := configs.HookState{
|
|
SpecState: configs.SpecState{
|
|
--
|
|
2.7.4.3
|
|
|