Add support for creating cgroups in runtime section

Implements https://github.com/moby/tool/pull/181 Design for things like Kubernetes setup that requires some cgroups to exist when the service starts but it is not running in these, other services are, so there would be a race if they are not created in each. Essentially it is just a sugared `mkdir` in all the cgroup dirs. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2025-07-19 09:16:29 +00:00 · 2017-11-17 14:12:41 +00:00 · 2017-11-17 14:12:41 +00:00 · 6cb919b489
commit 6cb919b489
parent 10bae91564
2 changed files with 30 additions and 7 deletions
--- a/2
+++ b/2
@ -21,7 +21,7 @@ endif
 PREFIX?=/usr/local/

 MOBY_REPO=https://github.com/moby/tool.git
-MOBY_COMMIT=99480b5dd01b18ff2c80a2ce33ad46a436ccdb25
+MOBY_COMMIT=eceb6d11f8685f9da3660683d769659e3688457b
 MOBY_VERSION=0.0
 bin/moby: tmp_moby_bin.tar | bin
 	tar xf $<
--- a/pkg/init/cmd/service/prepare.go
+++ b/pkg/init/cmd/service/prepare.go
@ -14,15 +14,11 @@ import (
 	"golang.org/x/sys/unix"
 )

-const (
-	wgPath      = "/usr/bin/wg"
-	nsenterPath = "/usr/bin/nsenter-net"
-)
-
 // Note these definitions are from moby/tool/src/moby/config.go and should be kept in sync

 // Runtime is the type of config processed at runtime, not used to build the OCI spec
 type Runtime struct {
+	Cgroups    []string      `yaml:"cgroups" json:"cgroups,omitempty"`
 	Mounts     []specs.Mount `yaml:"mounts" json:"mounts,omitempty"`
 	Mkdir      []string      `yaml:"mkdir" json:"mkdir,omitempty"`
 	Interfaces []Interface   `yaml:"interfaces" json:"interfaces,omitempty"`
@ -122,7 +118,27 @@ func parseMountOptions(options []string) (int, string) {
 	return flag, strings.Join(data, ",")
 }

-// prepareFilesystem sets up the mounts, before the container is created
+// newCgroup creates a cgroup (ie directory) under all directories in /sys/fs/cgroup
+// we could use github.com/containerd/cgroups but it has a lot of deps and this is just a sugary mkdir
+func newCgroup(cgroup string) error {
+	dirs, err := ioutil.ReadDir("/sys/fs/cgroup")
+	if err != nil {
+		return err
+	}
+
+	for _, dir := range dirs {
+		if !dir.IsDir() {
+			continue
+		}
+		if err := os.MkdirAll(filepath.Join("/sys/fs/cgroup", dir.Name(), cgroup), 0755); err != nil {
+			log.Printf("cgroup error: %v", err)
+		}
+	}
+
+	return nil
+}
+
+// prepareFilesystem sets up the mounts and cgroups, before the container is created
 func prepareFilesystem(path string, runtime Runtime) error {
 	// execute the runtime config that should be done up front
 	// we execute Mounts before Mkdir so you can make a directory under a mount
@ -157,6 +173,13 @@ func prepareFilesystem(path string, runtime Runtime) error {
 		}
 	}

+	for _, cgroup := range runtime.Cgroups {
+		// currently no way to specify resource limits on new cgroups at creation time
+		if err := newCgroup(cgroup); err != nil {
+			return fmt.Errorf("Cannot create cgroup %s: %v", cgroup, err)
+		}
+	}
+
 	return nil
 }