summaryrefslogtreecommitdiffhomepage
path: root/runsc/container
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2018-10-10 08:59:25 -0700
committerShentubot <shentubot@google.com>2018-10-10 09:00:42 -0700
commit29cd05a7c66ee8061c0e5cf8e94c4e507dcf33e0 (patch)
tree91600ea6944d18c86f41b5f8003311a8c7bd154b /runsc/container
parent20508bafb88d2037ea3b2c8483b191ce72e7ad7e (diff)
Add sandbox to cgroup
Sandbox creation uses the limits and reservations configured in the OCI spec and set cgroup options accordinly. Then it puts both the sandbox and gofer processes inside the cgroup. It also allows the cgroup to be pre-configured by the caller. If the cgroup already exists, sandbox and gofer processes will join the cgroup but it will not modify the cgroup with spec limits. PiperOrigin-RevId: 216538209 Change-Id: If2c65ffedf55820baab743a0edcfb091b89c1019
Diffstat (limited to 'runsc/container')
-rw-r--r--runsc/container/container.go16
1 files changed, 10 insertions, 6 deletions
diff --git a/runsc/container/container.go b/runsc/container/container.go
index f0cdee8d3..eaa62daf1 100644
--- a/runsc/container/container.go
+++ b/runsc/container/container.go
@@ -262,6 +262,8 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo
Status: Creating,
Owner: os.Getenv("USER"),
}
+ cu := specutils.MakeCleanup(func() { c.Destroy() })
+ defer cu.Clean()
// If the metadata annotations indicate that this container should be
// started in an existing sandbox, we must do so. The metadata will
@@ -276,12 +278,13 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo
// Start a new sandbox for this container. Any errors after this point
// must destroy the container.
- s, err := sandbox.Create(id, spec, conf, bundleDir, consoleSocket, ioFiles)
+ c.Sandbox, err = sandbox.Create(id, spec, conf, bundleDir, consoleSocket, ioFiles)
if err != nil {
- c.Destroy()
return nil, err
}
- c.Sandbox = s
+ if err := c.Sandbox.AddGoferToCgroup(c.GoferPid); err != nil {
+ return nil, err
+ }
} else {
// This is sort of confusing. For a sandbox with a root
// container and a child container in it, runsc sees:
@@ -300,7 +303,6 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo
// Find the sandbox associated with this ID.
sb, err := Load(conf.RootDir, sbid)
if err != nil {
- c.Destroy()
return nil, err
}
c.Sandbox = sb.Sandbox
@@ -309,7 +311,6 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo
// Save the metadata file.
if err := c.save(); err != nil {
- c.Destroy()
return nil, err
}
@@ -317,11 +318,11 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo
// this file is created, so it must be the last thing we do.
if pidFile != "" {
if err := ioutil.WriteFile(pidFile, []byte(strconv.Itoa(c.SandboxPid())), 0644); err != nil {
- c.Destroy()
return nil, fmt.Errorf("error writing PID file: %v", err)
}
}
+ cu.Release()
return c, nil
}
@@ -358,6 +359,9 @@ func (c *Container) Start(conf *boot.Config) error {
if err := c.Sandbox.Start(c.Spec, conf, c.ID, ioFiles); err != nil {
return err
}
+ if err := c.Sandbox.AddGoferToCgroup(c.GoferPid); err != nil {
+ return err
+ }
}
// "If any poststart hook fails, the runtime MUST log a warning, but