diff options
| author | Lantao Liu <taotaotheripper@gmail.com> | 2019-01-29 18:51:18 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-29 18:51:18 -0800 |
| commit | 35db607dfccd3c03b69f1a42c58cf58ec8259e37 (patch) | |
| tree | cb299257cc8dc78f90a46af8bec02c750c3f8ed9 /vendor/github.com/containerd/cgroups/devices.go | |
| parent | f39907aa5d3d1b4ffb2dc0bb08954da1dea6f0b8 (diff) | |
Add containerd shim v2 support. (#13)
* Update vendors
Signed-off-by: Lantao Liu <lantaol@google.com>
* Add containerd shim v2 support.
Signed-off-by: Lantao Liu <lantaol@google.com>
* Add test and doc for containerd-shim-runsc-v1.
Signed-off-by: Lantao Liu <lantaol@google.com>
* Address comments.
Diffstat (limited to 'vendor/github.com/containerd/cgroups/devices.go')
| -rw-r--r-- | vendor/github.com/containerd/cgroups/devices.go | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/vendor/github.com/containerd/cgroups/devices.go b/vendor/github.com/containerd/cgroups/devices.go new file mode 100644 index 000000000..f9a118b22 --- /dev/null +++ b/vendor/github.com/containerd/cgroups/devices.go @@ -0,0 +1,90 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package cgroups + +import ( + "fmt" + "io/ioutil" + "os" + "path/filepath" + + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +const ( + allowDeviceFile = "devices.allow" + denyDeviceFile = "devices.deny" + wildcard = -1 +) + +func NewDevices(root string) *devicesController { + return &devicesController{ + root: filepath.Join(root, string(Devices)), + } +} + +type devicesController struct { + root string +} + +func (d *devicesController) Name() Name { + return Devices +} + +func (d *devicesController) Path(path string) string { + return filepath.Join(d.root, path) +} + +func (d *devicesController) Create(path string, resources *specs.LinuxResources) error { + if err := os.MkdirAll(d.Path(path), defaultDirPerm); err != nil { + return err + } + for _, device := range resources.Devices { + file := denyDeviceFile + if device.Allow { + file = allowDeviceFile + } + if err := ioutil.WriteFile( + filepath.Join(d.Path(path), file), + []byte(deviceString(device)), + defaultFilePerm, + ); err != nil { + return err + } + } + return nil +} + +func (d *devicesController) Update(path string, resources *specs.LinuxResources) error { + return d.Create(path, resources) +} + +func deviceString(device specs.LinuxDeviceCgroup) string { + return fmt.Sprintf("%s %s:%s %s", + device.Type, + deviceNumber(device.Major), + deviceNumber(device.Minor), + device.Access, + ) +} + +func deviceNumber(number *int64) string { + if number == nil || *number == wildcard { + return "*" + } + return fmt.Sprint(*number) +} |