mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-18 16:08:25 +00:00
Merge ecb68d1ebb into 9379a18c8a
This commit is contained in:
mchtech
GitHub
commit
f3f7e2a165
@ -1167,21 +1167,37 @@ impl Manager {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn subcgroup(&self) -> &str {
|
pub fn subcgroup(&self, init_pid: pid_t, container_cgroup: &str) -> Result<String> {
|
||||||
// Check if we're in a Docker-in-Docker setup by verifying:
|
if init_pid <= 0 || !cgroups::hierarchies::is_cgroup2_unified_mode() {
|
||||||
// 1. We're using cgroups v2 (which restricts direct process control)
|
return Ok("/".into());
|
||||||
// 2. An "init" subdirectory exists (used by DinD for process delegation)
|
|
||||||
let is_dind = cgroups::hierarchies::is_cgroup2_unified_mode()
|
|
||||||
&& cgroups::hierarchies::auto()
|
|
||||||
.root()
|
|
||||||
.join(&self.cpath)
|
|
||||||
.join("init")
|
|
||||||
.exists();
|
|
||||||
if is_dind {
|
|
||||||
"/init/"
|
|
||||||
} else {
|
|
||||||
"/"
|
|
||||||
}
|
}
|
||||||
|
// get sub-cgroup from container init pid
|
||||||
|
let cgroup_info = fs::read_to_string(format!("/proc/{}/cgroup", init_pid))?;
|
||||||
|
for line in cgroup_info.lines() {
|
||||||
|
// the entry for cgroup v2 is always in the format "0::$PATH"
|
||||||
|
// see https://docs.kernel.org/admin-guide/cgroup-v2.html
|
||||||
|
if let Some((_, init_cgroup_path)) = line.split_once("0::") {
|
||||||
|
let container_cgroup_path = format!("/{}", container_cgroup);
|
||||||
|
debug!(
|
||||||
|
sl(),
|
||||||
|
"subcgroup info: init_pid {}, init_cgroup_path {}, container_cgroup_path {}",
|
||||||
|
init_pid,
|
||||||
|
init_cgroup_path,
|
||||||
|
container_cgroup_path
|
||||||
|
);
|
||||||
|
// get relative cgroup path of init_cgroup_path to container_cgroup_path
|
||||||
|
// container_cgroup_path: /a/b/c.slice
|
||||||
|
// init_cgroup_path: /a/b/c.slice/d.scope or /a/b/c.slice
|
||||||
|
if let Some((_, sub_path)) = init_cgroup_path.split_once(&container_cgroup_path) {
|
||||||
|
match sub_path {
|
||||||
|
"" => return Ok("/".into()),
|
||||||
|
_ => return Ok(sub_path.into()),
|
||||||
|
}
|
||||||
|
};
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Ok("/".into())
|
||||||
}
|
}
|
||||||
|
|
||||||
fn get_paths_and_mounts(
|
fn get_paths_and_mounts(
|
||||||
|
|||||||
@ -30,6 +30,10 @@ pub trait Manager {
|
|||||||
Err(anyhow!("not supported!".to_string()))
|
Err(anyhow!("not supported!".to_string()))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn set_init_pid(&mut self, _pid: i32) -> Result<()> {
|
||||||
|
Err(anyhow!("not supported!"))
|
||||||
|
}
|
||||||
|
|
||||||
fn get_pids(&self) -> Result<Vec<i32>> {
|
fn get_pids(&self) -> Result<Vec<i32>> {
|
||||||
Err(anyhow!("not supported!"))
|
Err(anyhow!("not supported!"))
|
||||||
}
|
}
|
||||||
|
|||||||
@ -37,13 +37,15 @@ pub struct Manager {
|
|||||||
fs_manager: FsManager,
|
fs_manager: FsManager,
|
||||||
// cgroup version for different dbus properties
|
// cgroup version for different dbus properties
|
||||||
cg_hierarchy: CgroupHierarchy,
|
cg_hierarchy: CgroupHierarchy,
|
||||||
|
// pid of first process in container
|
||||||
|
init_pid: pid_t,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl CgroupManager for Manager {
|
impl CgroupManager for Manager {
|
||||||
fn apply(&self, pid: pid_t) -> Result<()> {
|
fn apply(&self, pid: pid_t) -> Result<()> {
|
||||||
if self.dbus_client.unit_exists()? {
|
if self.dbus_client.unit_exists()? {
|
||||||
let subcgroup = self.fs_manager.subcgroup();
|
let subcgroup = self.fs_manager.subcgroup(self.init_pid, &self.cpath)?;
|
||||||
self.dbus_client.add_process(pid, subcgroup)?;
|
self.dbus_client.add_process(pid, subcgroup.as_str())?;
|
||||||
} else {
|
} else {
|
||||||
self.dbus_client.start_unit(
|
self.dbus_client.start_unit(
|
||||||
(pid as u32).try_into().unwrap(),
|
(pid as u32).try_into().unwrap(),
|
||||||
@ -55,6 +57,13 @@ impl CgroupManager for Manager {
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn set_init_pid(&mut self, pid: pid_t) -> Result<()> {
|
||||||
|
if self.init_pid == 0 {
|
||||||
|
self.init_pid = pid;
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
fn set(&self, r: &LinuxResources, _: bool) -> Result<()> {
|
fn set(&self, r: &LinuxResources, _: bool) -> Result<()> {
|
||||||
let mut properties: Properties = vec![];
|
let mut properties: Properties = vec![];
|
||||||
|
|
||||||
@ -130,6 +139,7 @@ impl Manager {
|
|||||||
} else {
|
} else {
|
||||||
CgroupHierarchy::Legacy
|
CgroupHierarchy::Legacy
|
||||||
},
|
},
|
||||||
|
init_pid: 0,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1216,7 +1216,7 @@ impl BaseContainer for LinuxContainer {
|
|||||||
&logger,
|
&logger,
|
||||||
spec,
|
spec,
|
||||||
&p,
|
&p,
|
||||||
self.cgroup_manager.as_ref(),
|
self.cgroup_manager.as_mut(),
|
||||||
self.config.use_systemd_cgroup,
|
self.config.use_systemd_cgroup,
|
||||||
&st,
|
&st,
|
||||||
&mut pipe_w,
|
&mut pipe_w,
|
||||||
@ -1517,7 +1517,7 @@ async fn join_namespaces(
|
|||||||
logger: &Logger,
|
logger: &Logger,
|
||||||
spec: &Spec,
|
spec: &Spec,
|
||||||
p: &Process,
|
p: &Process,
|
||||||
cm: &(dyn Manager + Send + Sync),
|
cm: &mut (dyn Manager + Send + Sync),
|
||||||
use_systemd_cgroup: bool,
|
use_systemd_cgroup: bool,
|
||||||
st: &OCIState,
|
st: &OCIState,
|
||||||
pipe_w: &mut PipeStream,
|
pipe_w: &mut PipeStream,
|
||||||
@ -1583,6 +1583,8 @@ async fn join_namespaces(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if p.init && res.is_some() {
|
if p.init && res.is_some() {
|
||||||
|
info!(logger, "set init pid {} for {:p}", p.pid, cm);
|
||||||
|
cm.set_init_pid(p.pid)?;
|
||||||
info!(logger, "set properties to cgroups!");
|
info!(logger, "set properties to cgroups!");
|
||||||
cm.set(res.unwrap(), false)?;
|
cm.set(res.unwrap(), false)?;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user