mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
ec87479b7e
Please refer to `docs/rootless.md`. TLDR: * Make sure `/etc/subuid` and `/etc/subgid` contain the entry for you * `dockerd-rootless.sh --experimental` * `docker -H unix://$XDG_RUNTIME_DIR/docker.sock run ...` Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
38 lines
894 B
Go
38 lines
894 B
Go
package specconv
|
|
|
|
import (
|
|
"io/ioutil"
|
|
"strconv"
|
|
|
|
"github.com/opencontainers/runtime-spec/specs-go"
|
|
)
|
|
|
|
// ToRootless converts spec to be compatible with "rootless" runc.
|
|
// * Remove cgroups (will be supported in separate PR when delegation permission is configured)
|
|
// * Fix up OOMScoreAdj
|
|
func ToRootless(spec *specs.Spec) error {
|
|
return toRootless(spec, getCurrentOOMScoreAdj())
|
|
}
|
|
|
|
func getCurrentOOMScoreAdj() int {
|
|
b, err := ioutil.ReadFile("/proc/self/oom_score_adj")
|
|
if err != nil {
|
|
return 0
|
|
}
|
|
i, err := strconv.Atoi(string(b))
|
|
if err != nil {
|
|
return 0
|
|
}
|
|
return i
|
|
}
|
|
|
|
func toRootless(spec *specs.Spec, currentOOMScoreAdj int) error {
|
|
// Remove cgroup settings.
|
|
spec.Linux.Resources = nil
|
|
spec.Linux.CgroupsPath = ""
|
|
|
|
if spec.Process.OOMScoreAdj != nil && *spec.Process.OOMScoreAdj < currentOOMScoreAdj {
|
|
*spec.Process.OOMScoreAdj = currentOOMScoreAdj
|
|
}
|
|
return nil
|
|
}
|