summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--runsc/boot/config.go17
-rw-r--r--runsc/boot/loader.go2
-rw-r--r--runsc/main.go7
3 files changed, 25 insertions, 1 deletions
diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index 24be82906..074cd6a63 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -18,6 +18,8 @@ import (
"fmt"
"strconv"
"strings"
+
+ "gvisor.googlesource.com/gvisor/pkg/sentry/watchdog"
)
// PlatformType tells which platform to use.
@@ -130,6 +132,18 @@ func (n NetworkType) String() string {
}
}
+// MakeWatchdogAction converts type from string.
+func MakeWatchdogAction(s string) (watchdog.Action, error) {
+ switch strings.ToLower(s) {
+ case "log", "logwarning":
+ return watchdog.LogWarning, nil
+ case "panic":
+ return watchdog.Panic, nil
+ default:
+ return 0, fmt.Errorf("invalid watchdog action %q", s)
+ }
+}
+
// Config holds configuration that is not part of the runtime spec.
type Config struct {
// RootDir is the runtime root directory.
@@ -180,6 +194,8 @@ type Config struct {
// MultiContainer enables multiple containers support inside one sandbox.
// TODO: Remove this when multiple container is fully supported.
MultiContainer bool
+
+ WatchdogAction watchdog.Action
}
// ToFlags returns a slice of flags that correspond to the given Config.
@@ -199,5 +215,6 @@ func (c *Config) ToFlags() []string {
"--strace=" + strconv.FormatBool(c.Strace),
"--strace-syscalls=" + strings.Join(c.StraceSyscalls, ","),
"--strace-log-size=" + strconv.Itoa(int(c.StraceLogSize)),
+ "--watchdog-action=" + c.WatchdogAction.String(),
}
}
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 69b982ff8..da95fa0e7 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -205,7 +205,7 @@ func New(spec *specs.Spec, conf *Config, controllerFD, restoreFD int, ioFDs []in
}
// Create a watchdog.
- watchdog := watchdog.New(k, watchdog.DefaultTimeout, watchdog.LogWarning)
+ watchdog := watchdog.New(k, watchdog.DefaultTimeout, conf.WatchdogAction)
// Create the control server using the provided FD.
//
diff --git a/runsc/main.go b/runsc/main.go
index aa5796d42..563ef8c67 100644
--- a/runsc/main.go
+++ b/runsc/main.go
@@ -60,6 +60,7 @@ var (
fileAccess = flag.String("file-access", "proxy", "specifies which filesystem to use: proxy (default), direct. Using a proxy is more secure because it disallows the sandbox from opennig files directly in the host.")
overlay = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.")
multiContainer = flag.Bool("multi-container", false, "enable *experimental* multi-container support.")
+ watchdogAction = flag.String("watchdog-action", "log", "sets what action the watchdog takes when triggered: log (default), panic.")
)
var gitRevision = ""
@@ -110,6 +111,11 @@ func main() {
cmd.Fatalf("%v", err)
}
+ wa, err := boot.MakeWatchdogAction(*watchdogAction)
+ if err != nil {
+ cmd.Fatalf("%v", err)
+ }
+
// Create a new Config from the flags.
conf := &boot.Config{
RootDir: *rootDir,
@@ -125,6 +131,7 @@ func main() {
Strace: *strace,
StraceLogSize: *straceLogSize,
MultiContainer: *multiContainer,
+ WatchdogAction: wa,
}
if len(*straceSyscalls) != 0 {
conf.StraceSyscalls = strings.Split(*straceSyscalls, ",")