summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket/hostinet
diff options
context:
space:
mode:
authorDaniel Dao <dqminh89@gmail.com>2020-10-12 14:57:47 +0100
committerDaniel Dao <dqminh89@gmail.com>2021-01-26 15:01:21 +0000
commitbd5eb8a9db2bf3154d8bc4231ac0c655c78df3ae (patch)
tree5715edce61354b4bbe52f8c9dd37eaac44d76d54 /pkg/sentry/socket/hostinet
parentf5736fa2bf91e1bb3fd9f9625dba8c800bf2adb5 (diff)
runsc: check for nested cgroup when generating croup paths
in nested container, we see paths from host in /proc/self/cgroup, so we need to re-process that path to get a relative path to be used inside the container. Without it, runsc generates ugly paths that may trip other cgroup watchers that expect clean paths. An example of ugly path is: ``` /sys/fs/cgroup/memory/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93/cgroupPath ``` Notice duplication of `docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93` `/proc/1/cgroup` looks like ``` 12:perf_event:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 11:blkio:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 10:freezer:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 9:hugetlb:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 8:devices:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 7:rdma:/ 6:pids:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 5:cpuset:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 4:cpu,cpuacct:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 3:memory:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 2:net_cls,net_prio:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 1:name=systemd:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 0::/system.slice/containerd.service ``` This is not necessary when the parent container was created with cgroup namespace, but that setup is not very common right now. Signed-off-by: Daniel Dao <dqminh89@gmail.com>
Diffstat (limited to 'pkg/sentry/socket/hostinet')
0 files changed, 0 insertions, 0 deletions