mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
21391bb7f7
Evacuate all the processes in `/sys/fs/cgroup/cgroup.procs`, not just PID 1.
Before:
```console
$ docker run --rm --privileged --init $(docker build -q .) cat /sys/fs/cgroup/cgroup.subtree_control
sed: couldn't flush stdout: Device or resource busy
```
After:
```console
$ docker run --rm --privileged --init $(docker build -q .) cat /sys/fs/cgroup/cgroup.subtree_control
cpuset cpu io memory hugetlb pids rdma
```
Fix docker-library/docker issue 308
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 42b1175eda
)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
45 lines
1.5 KiB
Bash
Executable file
45 lines
1.5 KiB
Bash
Executable file
#!/bin/sh
|
|
set -e
|
|
|
|
# DinD: a wrapper script which allows docker to be run inside a docker container.
|
|
# Original version by Jerome Petazzoni <jerome@docker.com>
|
|
# See the blog post: https://blog.docker.com/2013/09/docker-can-now-run-within-docker/
|
|
#
|
|
# This script should be executed inside a docker container in privileged mode
|
|
# ('docker run --privileged', introduced in docker 0.6).
|
|
|
|
# Usage: dind CMD [ARG...]
|
|
|
|
# apparmor sucks and Docker needs to know that it's in a container (c) @tianon
|
|
export container=docker
|
|
|
|
if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
|
|
mount -t securityfs none /sys/kernel/security || {
|
|
echo >&2 'Could not mount /sys/kernel/security.'
|
|
echo >&2 'AppArmor detection and --privileged mode might break.'
|
|
}
|
|
fi
|
|
|
|
# Mount /tmp (conditionally)
|
|
if ! mountpoint -q /tmp; then
|
|
mount -t tmpfs none /tmp
|
|
fi
|
|
|
|
# cgroup v2: enable nesting
|
|
if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
|
|
# move the processes from the root group to the /init group,
|
|
# otherwise writing subtree_control fails with EBUSY.
|
|
# An error during moving non-existent process (i.e., "cat") is ignored.
|
|
mkdir -p /sys/fs/cgroup/init
|
|
xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || :
|
|
# enable controllers
|
|
sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
|
|
> /sys/fs/cgroup/cgroup.subtree_control
|
|
fi
|
|
|
|
if [ $# -gt 0 ]; then
|
|
exec "$@"
|
|
fi
|
|
|
|
echo >&2 'ERROR: No command specified.'
|
|
echo >&2 'You probably want to run hack/make.sh, or maybe a shell?'
|