diff --git a/hack/dind b/hack/dind index a8c09283f6..e11f5fa873 100755 --- a/hack/dind +++ b/hack/dind @@ -13,74 +13,6 @@ set -e # apparmor sucks and Docker needs to know that it's in a container (c) @tianon export container=docker -# as of docker 1.8, cgroups will be mounted in the container -if ! mountpoint -q /sys/fs/cgroup; then - - # First, make sure that cgroups are mounted correctly. - CGROUP=/cgroup - - mkdir -p "$CGROUP" - - if ! mountpoint -q "$CGROUP"; then - mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || { - echo >&2 'Could not make a tmpfs mount. Did you use --privileged?' - exit 1 - } - fi - - # Mount the cgroup hierarchies exactly as they are in the parent system. - for HIER in $(cut -d: -f2 /proc/1/cgroup); do - - SUBSYSTEMS="${HIER%name=*}" - - # If cgroup hierarchy is named(mounted with "-o name=foo") we - # need to mount it in $CGROUP/foo to create exect same - # directoryes as on host. Else we need to mount it as is e.g. - # "subsys1,subsys2" if it has two subsystems - - # Named, control-less cgroups are mounted with "-o name=foo" - # (and appear as such under /proc//cgroup) but are usually - # mounted on a directory named "foo" (without the "name=" prefix). - # Systemd and OpenRC (and possibly others) both create such a - # cgroup. So just mount them on directory $CGROUP/foo. - - OHIER=$HIER - HIER="${HIER#*name=}" - - mkdir -p "$CGROUP/$HIER" - - if ! mountpoint -q "$CGROUP/$HIER"; then - mount -n -t cgroup -o "$OHIER" cgroup "$CGROUP/$HIER" - fi - - # Likewise, on at least one system, it has been reported that - # systemd would mount the CPU and CPU accounting controllers - # (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu" - # but on a directory called "cpu,cpuacct" (note the inversion - # in the order of the groups). This tries to work around it. - - if [ "$HIER" = 'cpuacct,cpu' ]; then - ln -s "$HIER" "$CGROUP/cpu,cpuacct" - fi - - # If hierarchy has multiple subsystems, in /proc//cgroup - # we will see ":subsys1,subsys2,subsys3,name=foo:" substring, - # we need to mount it to "$CGROUP/foo" and if there were no - # name to "$CGROUP/subsys1,subsys2,subsys3", so we must create - # symlinks for docker daemon to find these subsystems: - # ln -s $CGROUP/foo $CGROUP/subsys1 - # ln -s $CGROUP/subsys1,subsys2,subsys3 $CGROUP/subsys1 - - if [ "$SUBSYSTEMS" != "${SUBSYSTEMS//,/ }" ]; then - SUBSYSTEMS="${SUBSYSTEMS//,/ }" - for SUBSYS in $SUBSYSTEMS - do - ln -s "$CGROUP/$HIER" "$CGROUP/$SUBSYS" - done - fi - done -fi - if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then mount -t securityfs none /sys/kernel/security || { echo >&2 'Could not mount /sys/kernel/security.' @@ -88,16 +20,6 @@ if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then } fi -# Note: as I write those lines, the LXC userland tools cannot setup -# a "sub-container" properly if the "devices" cgroup is not in its -# own hierarchy. Let's detect this and issue a warning. -if ! grep -q :devices: /proc/1/cgroup; then - echo >&2 'WARNING: the "devices" cgroup should be in its own hierarchy.' -fi -if ! grep -qw devices /proc/1/cgroup; then - echo >&2 'WARNING: it looks like the "devices" cgroup is not mounted.' -fi - # Mount /tmp (conditionally) if ! mountpoint -q /tmp; then mount -t tmpfs none /tmp