Adding '--cgroup-parent' flag to docker run. This feature helps users implement more complex

resource isolation policies on top of what native docker provides. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2022-11-09 12:21:53 -05:00 · 2015-03-16 22:42:15 +00:00 · 2015-03-16 22:42:15 +00:00 · 0b1e2b5a55
commit 0b1e2b5a55
parent 2cde817458
4 changed files with 11 additions and 0 deletions
--- a/daemon/container.go
+++ b/daemon/container.go
@ -345,6 +345,7 @@ func populateCommand(c *Container, env []string) error {
 		MountLabel:         c.GetMountLabel(),
 		LxcConfig:          lxcConfig,
 		AppArmorProfile:    c.AppArmorProfile,
+		CgroupParent:       c.hostConfig.CgroupParent,
 	}

 	return nil
--- a/daemon/execdriver/driver.go
+++ b/daemon/execdriver/driver.go
@ -164,6 +164,7 @@ type Command struct {
 	MountLabel         string            `json:"mount_label"`
 	LxcConfig          []string          `json:"lxc_config"`
 	AppArmorProfile    string            `json:"apparmor_profile"`
+	CgroupParent       string            `json:"cgroup_parent"` // The parent cgroup for this command.
 }

 func InitContainer(c *Command) *configs.Config {
@ -179,6 +180,11 @@ func InitContainer(c *Command) *configs.Config {

 	// check to see if we are running in ramdisk to disable pivot root
 	container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
+
+	// Default parent cgroup is "docker". Override if required.
+	if c.CgroupParent != "" {
+		container.Cgroups.Parent = c.CgroupParent
+	}
 	return container
 }

--- a/runconfig/hostconfig.go
+++ b/runconfig/hostconfig.go
@ -131,6 +131,7 @@ type HostConfig struct {
 	ReadonlyRootfs  bool
 	Ulimits         []*ulimit.Ulimit
 	LogConfig       LogConfig
+	CgroupParent    string // Parent cgroup.
 }

 // This is used by the create command when you want to set both the
@ -182,6 +183,7 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 		IpcMode:         IpcMode(job.Getenv("IpcMode")),
 		PidMode:         PidMode(job.Getenv("PidMode")),
 		ReadonlyRootfs:  job.GetenvBool("ReadonlyRootfs"),
+		CgroupParent:    job.Getenv("CgroupParent"),
 	}

 	// FIXME: This is for backward compatibility, if people use `Cpuset`
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@ -71,6 +71,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSe
 		flRestartPolicy   = cmd.String([]string{"-restart"}, "no", "Restart policy to apply when a container exits")
 		flReadonlyRootfs  = cmd.Bool([]string{"-read-only"}, false, "Mount the container's root filesystem as read only")
 		flLoggingDriver   = cmd.String([]string{"-log-driver"}, "", "Logging driver for container")
+		flCgroupParent    = cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
 	)

 	cmd.Var(&flAttach, []string{"a", "-attach"}, "Attach to STDIN, STDOUT or STDERR")
@ -332,6 +333,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSe
 		ReadonlyRootfs:  *flReadonlyRootfs,
 		Ulimits:         flUlimits.GetList(),
 		LogConfig:       LogConfig{Type: *flLoggingDriver},
+		CgroupParent:    *flCgroupParent,
 	}

 	// When allocating stdin in attached mode, close stdin at client disconnect