1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/rootless/specconv/specconv_linux.go
Akihiro Suda ca4b51868a rootless: support --exec-opt native.cgroupdriver=systemd
Support cgroup as in Rootless Podman.

Requires cgroup v2 host with crun.
Tested with Ubuntu 19.10 (kernel 5.3, systemd 242), crun v0.12.1.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-02-14 15:32:31 +09:00

74 lines
1.9 KiB
Go

package specconv // import "github.com/docker/docker/rootless/specconv"
import (
"io/ioutil"
"strconv"
specs "github.com/opencontainers/runtime-spec/specs-go"
)
// ToRootless converts spec to be compatible with "rootless" runc.
// * Remove non-supported cgroups
// * Fix up OOMScoreAdj
//
// v2Controllers should be non-nil only if running with v2 and systemd.
func ToRootless(spec *specs.Spec, v2Controllers []string) error {
return toRootless(spec, v2Controllers, getCurrentOOMScoreAdj())
}
func getCurrentOOMScoreAdj() int {
b, err := ioutil.ReadFile("/proc/self/oom_score_adj")
if err != nil {
return 0
}
i, err := strconv.Atoi(string(b))
if err != nil {
return 0
}
return i
}
func toRootless(spec *specs.Spec, v2Controllers []string, currentOOMScoreAdj int) error {
if len(v2Controllers) == 0 {
// Remove cgroup settings.
spec.Linux.Resources = nil
spec.Linux.CgroupsPath = ""
} else {
if spec.Linux.Resources != nil {
m := make(map[string]struct{})
for _, s := range v2Controllers {
m[s] = struct{}{}
}
// Remove devices: https://github.com/containers/crun/issues/255
spec.Linux.Resources.Devices = nil
if _, ok := m["memory"]; !ok {
spec.Linux.Resources.Memory = nil
}
if _, ok := m["cpu"]; !ok {
spec.Linux.Resources.CPU = nil
}
if _, ok := m["cpuset"]; !ok {
if spec.Linux.Resources.CPU != nil {
spec.Linux.Resources.CPU.Cpus = ""
spec.Linux.Resources.CPU.Mems = ""
}
}
if _, ok := m["pids"]; !ok {
spec.Linux.Resources.Pids = nil
}
if _, ok := m["io"]; !ok {
spec.Linux.Resources.BlockIO = nil
}
if _, ok := m["rdma"]; !ok {
spec.Linux.Resources.Rdma = nil
}
spec.Linux.Resources.HugepageLimits = nil
spec.Linux.Resources.Network = nil
}
}
if spec.Process.OOMScoreAdj != nil && *spec.Process.OOMScoreAdj < currentOOMScoreAdj {
*spec.Process.OOMScoreAdj = currentOOMScoreAdj
}
return nil
}