pass sysctls down to oci runtime

Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-11-19 10:16:50 +08:00 · 2016-11-19 10:16:50 +08:00 · d1e1b7c183
commit d1e1b7c183
parent 2e3ad167bb
2 changed files with 73 additions and 0 deletions
--- a/server/sandbox_run.go
+++ b/server/sandbox_run.go
@ -188,6 +188,18 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 		g.AddAnnotation(k, v)
 	}

+	// extract linux sysctls from annotations and pass down to oci runtime
+	safe, unsafe, err := SysctlsFromPodAnnotations(annotations)
+	if err != nil {
+		return nil, err
+	}
+	for _, sysctl := range safe {
+		g.AddLinuxSysctl(sysctl.Name, sysctl.Value)
+	}
+	for _, sysctl := range unsafe {
+		g.AddLinuxSysctl(sysctl.Name, sysctl.Value)
+	}
+
 	// setup cgroup settings
 	cgroupParent := req.GetConfig().GetLinux().GetCgroupParent()
 	if cgroupParent != "" {