diff --git a/server/container_create.go b/server/container_create.go index 396d4c12..6ed46281 100644 --- a/server/container_create.go +++ b/server/container_create.go @@ -251,6 +251,11 @@ func (s *Server) createSandboxContainer(containerID string, containerName string specgen.SetLinuxResourcesOOMScoreAdj(int(oomScoreAdj)) } + if sb.cgroupParent != "" { + // NOTE: we only support cgroupfs for now, discussion happens in issue #270. + specgen.SetLinuxCgroupsPath(sb.cgroupParent + "/" + containerID) + } + capabilities := linux.GetSecurityContext().GetCapabilities() if capabilities != nil { addCaps := capabilities.GetAddCapabilities() diff --git a/server/sandbox.go b/server/sandbox.go index 9adca6d3..3348ed53 100644 --- a/server/sandbox.go +++ b/server/sandbox.go @@ -138,6 +138,7 @@ type sandbox struct { netns *sandboxNetNs metadata *pb.PodSandboxMetadata shmPath string + cgroupParent string } const ( diff --git a/server/sandbox_run.go b/server/sandbox_run.go index cd9a47a2..498e6a3d 100644 --- a/server/sandbox_run.go +++ b/server/sandbox_run.go @@ -245,7 +245,9 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest // setup cgroup settings cgroupParent := req.GetConfig().GetLinux().GetCgroupParent() if cgroupParent != "" { - g.SetLinuxCgroupsPath(cgroupParent) + // NOTE: we only support cgroupfs for now, discussion happens in issue #270. + g.SetLinuxCgroupsPath(cgroupParent + "/" + containerID) + sb.cgroupParent = cgroupParent } // set up namespaces