From 2fcb8bb4d83a4785d0d3437bcb8a12ed31c76366 Mon Sep 17 00:00:00 2001
From: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Date: Fri, 16 Aug 2019 12:59:14 -0500
Subject: [PATCH] container: SandboxCgroupOnly: no host cgroups.

No call cgroup operations for containers in host
if SandboxCgroupOnly is enabled.

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
---
 virtcontainers/container.go | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/virtcontainers/container.go b/virtcontainers/container.go
index 57fad6c6fc..d30b9dea48 100644
--- a/virtcontainers/container.go
+++ b/virtcontainers/container.go
@@ -879,8 +879,10 @@ func (c *Container) create() (err error) {
 	}
 	c.process = *process
 
-	if err = c.cgroupsCreate(); err != nil {
-		return
+	if !c.sandbox.config.SandboxCgroupOnly {
+		if err = c.cgroupsCreate(); err != nil {
+			return
+		}
 	}
 
 	if !c.sandbox.supportNewStore() {
@@ -908,8 +910,10 @@ func (c *Container) delete() error {
 		return err
 	}
 
-	if err := c.cgroupsDelete(); err != nil {
-		return err
+	if !c.sandbox.config.SandboxCgroupOnly {
+		if err := c.cgroupsDelete(); err != nil {
+			return err
+		}
 	}
 
 	return c.store.Delete()
@@ -1200,8 +1204,10 @@ func (c *Container) update(resources specs.LinuxResources) error {
 		return err
 	}
 
-	if err := c.cgroupsUpdate(resources); err != nil {
-		return err
+	if !c.sandbox.config.SandboxCgroupOnly {
+		if err := c.cgroupsUpdate(resources); err != nil {
+			return err
+		}
 	}
 
 	return c.sandbox.agent.updateContainer(c.sandbox, *c, resources)