mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 20:53:33 +00:00
Update Libcontainer's Cgroup Config: AllowAllDevices to be Nil
This commit is contained in:
Buddha Prakash
parent
216d707f28
commit
49201f6923
@ -188,12 +188,13 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I
|
|||||||
|
|
||||||
// Create a cgroup container manager.
|
// Create a cgroup container manager.
|
||||||
func createManager(containerName string) *fs.Manager {
|
func createManager(containerName string) *fs.Manager {
|
||||||
|
allowAllDevices := true
|
||||||
return &fs.Manager{
|
return &fs.Manager{
|
||||||
Cgroups: &configs.Cgroup{
|
Cgroups: &configs.Cgroup{
|
||||||
Parent: "/",
|
Parent: "/",
|
||||||
Name: containerName,
|
Name: containerName,
|
||||||
Resources: &configs.Resources{
|
Resources: &configs.Resources{
|
||||||
AllowAllDevices: true,
|
AllowAllDevices: &allowAllDevices,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -319,7 +320,7 @@ func (cm *containerManagerImpl) setupNode() error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
glog.V(2).Infof("Configure resource-only container %s with memory limit: %d", cm.RuntimeCgroupsName, memoryLimit)
|
glog.V(2).Infof("Configure resource-only container %s with memory limit: %d", cm.RuntimeCgroupsName, memoryLimit)
|
||||||
|
allowAllDevices := true
|
||||||
dockerContainer := &fs.Manager{
|
dockerContainer := &fs.Manager{
|
||||||
Cgroups: &configs.Cgroup{
|
Cgroups: &configs.Cgroup{
|
||||||
Parent: "/",
|
Parent: "/",
|
||||||
@ -327,7 +328,7 @@ func (cm *containerManagerImpl) setupNode() error {
|
|||||||
Resources: &configs.Resources{
|
Resources: &configs.Resources{
|
||||||
Memory: memoryLimit,
|
Memory: memoryLimit,
|
||||||
MemorySwap: -1,
|
MemorySwap: -1,
|
||||||
AllowAllDevices: true,
|
AllowAllDevices: &allowAllDevices,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -370,12 +371,13 @@ func (cm *containerManagerImpl) setupNode() error {
|
|||||||
|
|
||||||
if cm.KubeletCgroupsName != "" {
|
if cm.KubeletCgroupsName != "" {
|
||||||
cont := newSystemCgroups(cm.KubeletCgroupsName)
|
cont := newSystemCgroups(cm.KubeletCgroupsName)
|
||||||
|
allowAllDevices := true
|
||||||
manager := fs.Manager{
|
manager := fs.Manager{
|
||||||
Cgroups: &configs.Cgroup{
|
Cgroups: &configs.Cgroup{
|
||||||
Parent: "/",
|
Parent: "/",
|
||||||
Name: cm.KubeletCgroupsName,
|
Name: cm.KubeletCgroupsName,
|
||||||
Resources: &configs.Resources{
|
Resources: &configs.Resources{
|
||||||
AllowAllDevices: true,
|
AllowAllDevices: &allowAllDevices,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|||||||
@ -30,12 +30,13 @@ import (
|
|||||||
//
|
//
|
||||||
// containerName must be an absolute container name.
|
// containerName must be an absolute container name.
|
||||||
func RunInResourceContainer(containerName string) error {
|
func RunInResourceContainer(containerName string) error {
|
||||||
|
allowAllDevices := true
|
||||||
manager := fs.Manager{
|
manager := fs.Manager{
|
||||||
Cgroups: &configs.Cgroup{
|
Cgroups: &configs.Cgroup{
|
||||||
Parent: "/",
|
Parent: "/",
|
||||||
Name: containerName,
|
Name: containerName,
|
||||||
Resources: &configs.Resources{
|
Resources: &configs.Resources{
|
||||||
AllowAllDevices: true,
|
AllowAllDevices: &allowAllDevices,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user