diff options
| author | Fabricio Voznika <fvoznika@google.com> | 2018-10-10 08:59:25 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-10-10 09:00:42 -0700 |
| commit | 29cd05a7c66ee8061c0e5cf8e94c4e507dcf33e0 (patch) | |
| tree | 91600ea6944d18c86f41b5f8003311a8c7bd154b /runsc/container | |
| parent | 20508bafb88d2037ea3b2c8483b191ce72e7ad7e (diff) | |
Add sandbox to cgroup
Sandbox creation uses the limits and reservations configured in the
OCI spec and set cgroup options accordinly. Then it puts both the
sandbox and gofer processes inside the cgroup.
It also allows the cgroup to be pre-configured by the caller. If the
cgroup already exists, sandbox and gofer processes will join the
cgroup but it will not modify the cgroup with spec limits.
PiperOrigin-RevId: 216538209
Change-Id: If2c65ffedf55820baab743a0edcfb091b89c1019
Diffstat (limited to 'runsc/container')
| -rw-r--r-- | runsc/container/container.go | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/runsc/container/container.go b/runsc/container/container.go index f0cdee8d3..eaa62daf1 100644 --- a/runsc/container/container.go +++ b/runsc/container/container.go @@ -262,6 +262,8 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo Status: Creating, Owner: os.Getenv("USER"), } + cu := specutils.MakeCleanup(func() { c.Destroy() }) + defer cu.Clean() // If the metadata annotations indicate that this container should be // started in an existing sandbox, we must do so. The metadata will @@ -276,12 +278,13 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo // Start a new sandbox for this container. Any errors after this point // must destroy the container. - s, err := sandbox.Create(id, spec, conf, bundleDir, consoleSocket, ioFiles) + c.Sandbox, err = sandbox.Create(id, spec, conf, bundleDir, consoleSocket, ioFiles) if err != nil { - c.Destroy() return nil, err } - c.Sandbox = s + if err := c.Sandbox.AddGoferToCgroup(c.GoferPid); err != nil { + return nil, err + } } else { // This is sort of confusing. For a sandbox with a root // container and a child container in it, runsc sees: @@ -300,7 +303,6 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo // Find the sandbox associated with this ID. sb, err := Load(conf.RootDir, sbid) if err != nil { - c.Destroy() return nil, err } c.Sandbox = sb.Sandbox @@ -309,7 +311,6 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo // Save the metadata file. if err := c.save(); err != nil { - c.Destroy() return nil, err } @@ -317,11 +318,11 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo // this file is created, so it must be the last thing we do. if pidFile != "" { if err := ioutil.WriteFile(pidFile, []byte(strconv.Itoa(c.SandboxPid())), 0644); err != nil { - c.Destroy() return nil, fmt.Errorf("error writing PID file: %v", err) } } + cu.Release() return c, nil } @@ -358,6 +359,9 @@ func (c *Container) Start(conf *boot.Config) error { if err := c.Sandbox.Start(c.Spec, conf, c.ID, ioFiles); err != nil { return err } + if err := c.Sandbox.AddGoferToCgroup(c.GoferPid); err != nil { + return err + } } // "If any poststart hook fails, the runtime MUST log a warning, but |