Merge pull request #2755 from justincormack/runtime-cgroups

Add support for creating cgroups in runtime section
2025-07-21 10:09:07 +00:00 · 2017-11-17 17:01:27 +00:00 · 2017-11-17 17:01:27 +00:00 · cad6527033
commit cad6527033
parent d3533febe7 6cb919b489
2 changed files with 30 additions and 7 deletions
--- a/2
+++ b/2
@ -21,7 +21,7 @@ endif
 PREFIX?=/usr/local/

 MOBY_REPO=https://github.com/moby/tool.git
-MOBY_COMMIT=99480b5dd01b18ff2c80a2ce33ad46a436ccdb25
+MOBY_COMMIT=eceb6d11f8685f9da3660683d769659e3688457b
 MOBY_VERSION=0.0
 bin/moby: tmp_moby_bin.tar | bin
 	tar xf $<
--- a/pkg/init/cmd/service/prepare.go
+++ b/pkg/init/cmd/service/prepare.go
@ -14,15 +14,11 @@ import (
 	"golang.org/x/sys/unix"
 )

-const (
-	wgPath      = "/usr/bin/wg"
-	nsenterPath = "/usr/bin/nsenter-net"
-)
-
 // Note these definitions are from moby/tool/src/moby/config.go and should be kept in sync

 // Runtime is the type of config processed at runtime, not used to build the OCI spec
 type Runtime struct {
+	Cgroups    []string      `yaml:"cgroups" json:"cgroups,omitempty"`
 	Mounts     []specs.Mount `yaml:"mounts" json:"mounts,omitempty"`
 	Mkdir      []string      `yaml:"mkdir" json:"mkdir,omitempty"`
 	Interfaces []Interface   `yaml:"interfaces" json:"interfaces,omitempty"`
@ -122,7 +118,27 @@ func parseMountOptions(options []string) (int, string) {
 	return flag, strings.Join(data, ",")
 }

-// prepareFilesystem sets up the mounts, before the container is created
+// newCgroup creates a cgroup (ie directory) under all directories in /sys/fs/cgroup
+// we could use github.com/containerd/cgroups but it has a lot of deps and this is just a sugary mkdir
+func newCgroup(cgroup string) error {
+	dirs, err := ioutil.ReadDir("/sys/fs/cgroup")
+	if err != nil {
+		return err
+	}
+
+	for _, dir := range dirs {
+		if !dir.IsDir() {
+			continue
+		}
+		if err := os.MkdirAll(filepath.Join("/sys/fs/cgroup", dir.Name(), cgroup), 0755); err != nil {
+			log.Printf("cgroup error: %v", err)
+		}
+	}
+
+	return nil
+}
+
+// prepareFilesystem sets up the mounts and cgroups, before the container is created
 func prepareFilesystem(path string, runtime Runtime) error {
 	// execute the runtime config that should be done up front
 	// we execute Mounts before Mkdir so you can make a directory under a mount
@ -157,6 +173,13 @@ func prepareFilesystem(path string, runtime Runtime) error {
 		}
 	}

+	for _, cgroup := range runtime.Cgroups {
+		// currently no way to specify resource limits on new cgroups at creation time
+		if err := newCgroup(cgroup); err != nil {
+			return fmt.Errorf("Cannot create cgroup %s: %v", cgroup, err)
+		}
+	}
+
 	return nil
 }