github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-16 06:18:58 +00:00
Code Issues Projects Releases Wiki Activity

virtcontainers: constrain runtime after creating network

Browse Source 
Runtime must setup the network before moving itself into the cgroup, otherwise
it won't be able to get the vhost/net queues file descriptors for the
hypervisor.

Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This commit is contained in:
Julio Montes
2020-05-26 00:34:21 -07:00
committed by Peng Tao
parent 5f9d141159
commit c1959f3df3
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/runtime/virtcontainers/api.go
View File

@@ -76,13 +76,6 @@ func createSandboxFromConfig(ctx context.Context, sandboxConfig SandboxConfig, f
return nil, err
}
// Move runtime to sandbox cgroup so all process are created there.
if s.config.SandboxCgroupOnly {
if err := s.setupSandboxCgroup(); err != nil {
return nil, err
}
}
// cleanup sandbox resources in case of any failure
defer func() {
if err != nil {
@@ -102,6 +95,13 @@ func createSandboxFromConfig(ctx context.Context, sandboxConfig SandboxConfig, f
}
}()
// Move runtime to sandbox cgroup so all process are created there.
if s.config.SandboxCgroupOnly {
if err := s.setupSandboxCgroup(); err != nil {
return nil, err
}
}
// Start the VM
if err = s.startVM(); err != nil {
return nil, err