github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-09-09 10:49:54 +00:00
Code Issues Projects Releases Wiki Activity

Always enable cgroup namespace for containers

Browse Source 
In cgroupv2 hierrachy, cgroup setup for nested containers (i.e. docker)
are incorrect without enabling cgroup namespace. This enables cgroup
namespace for all containers to fix the incorrect cgroup setup.

See https://github.com/linuxkit/linuxkit/issues/3734

Signed-off-by: Daniel Dao <dqminh89@gmail.com>
This commit is contained in:
Daniel Dao
2021-11-16 15:11:26 +00:00
parent 1bd84de2b3
commit 0ffd861a92
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/cmd/linuxkit/moby/config.go
View File

@@ -875,7 +875,8 @@ func ConfigToOCI(yaml *Image, config imagespec.ImageConfig, idMap map[string]uin
// Always create a new mount namespace
namespaces = append(namespaces, specs.LinuxNamespace{Type: specs.MountNamespace})
// TODO cgroup namespaces
// Always create a new cgroup namespace
namespaces = append(namespaces, specs.LinuxNamespace{Type: specs.CgroupNamespace})
// Capabilities
capCheck := map[string]bool{}