oci: abstract out cgroup calls per platform
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com> oci: abstract out syscall for platforms Signed-off-by: Vincent Batts <vbatts@hashbangbash.com> oci: abstract out the unix pipe per platform Signed-off-by: Vincent Batts <vbatts@hashbangbash.com> oci: change the unix calls to be platform independent Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
parent
fb87c2f68b
commit
d6966951d6
6 changed files with 115 additions and 36 deletions
47
oci/oci_linux.go
Normal file
47
oci/oci_linux.go
Normal file
|
|
@ -0,0 +1,47 @@
|
|||
// +build linux
|
||||
|
||||
package oci
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"syscall"
|
||||
|
||||
"github.com/containerd/cgroups"
|
||||
rspec "github.com/opencontainers/runtime-spec/specs-go"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
func createContainerPlatform(c *Container, cgroupParent string, pid int) error {
|
||||
control, err := cgroups.New(cgroups.V1, cgroups.StaticPath(filepath.Join(cgroupParent, "/crio-conmon-"+c.id)), &rspec.LinuxResources{})
|
||||
if err != nil {
|
||||
return fmt.Errorf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err)
|
||||
} else {
|
||||
// Here we should defer a crio-connmon- cgroup hierarchy deletion, but it will
|
||||
// always fail as conmon's pid is still there.
|
||||
// Fortunately, kubelet takes care of deleting this for us, so the leak will
|
||||
// only happens in corner case where one does a manual deletion of the container
|
||||
// through e.g. runc. This should be handled by implementing a conmon monitoring
|
||||
// routine that does the cgroup cleanup once conmon is terminated.
|
||||
if err := control.Add(cgroups.Process{Pid: pid}); err != nil {
|
||||
fmt.Errorf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func sysProcAttrPlatform() *syscall.SysProcAttr {
|
||||
return &syscall.SysProcAttr{
|
||||
Setpgid: true,
|
||||
}
|
||||
}
|
||||
|
||||
// newPipe creates a unix socket pair for communication
|
||||
func newPipe() (parent *os.File, child *os.File, err error) {
|
||||
fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_STREAM|unix.SOCK_CLOEXEC, 0)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
return os.NewFile(uintptr(fds[1]), "parent"), os.NewFile(uintptr(fds[0]), "child"), nil
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue