Fix setup cgroup before prestart hook
* User Case: User could use prestart hook to add block devices to container. so the hook should have a way to set the permissions of the devices. Just move cgroup config operation before prestart hook will work. Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
This commit is contained in:
parent
639454475c
commit
09c1f5c055
|
@ -280,9 +280,6 @@ func (p *initProcess) start() error {
|
||||||
ierr := parseSync(p.parentPipe, func(sync *syncT) error {
|
ierr := parseSync(p.parentPipe, func(sync *syncT) error {
|
||||||
switch sync.Type {
|
switch sync.Type {
|
||||||
case procReady:
|
case procReady:
|
||||||
if err := p.manager.Set(p.config.Config); err != nil {
|
|
||||||
return newSystemErrorWithCause(err, "setting cgroup config for ready process")
|
|
||||||
}
|
|
||||||
// set rlimits, this has to be done here because we lose permissions
|
// set rlimits, this has to be done here because we lose permissions
|
||||||
// to raise the limits once we enter a user-namespace
|
// to raise the limits once we enter a user-namespace
|
||||||
if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil {
|
if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil {
|
||||||
|
@ -290,6 +287,11 @@ func (p *initProcess) start() error {
|
||||||
}
|
}
|
||||||
// call prestart hooks
|
// call prestart hooks
|
||||||
if !p.config.Config.Namespaces.Contains(configs.NEWNS) {
|
if !p.config.Config.Namespaces.Contains(configs.NEWNS) {
|
||||||
|
// Setup cgroup before prestart hook, so that the prestart hook could apply cgroup permissions.
|
||||||
|
if err := p.manager.Set(p.config.Config); err != nil {
|
||||||
|
return newSystemErrorWithCause(err, "setting cgroup config for ready process")
|
||||||
|
}
|
||||||
|
|
||||||
if p.config.Config.Hooks != nil {
|
if p.config.Config.Hooks != nil {
|
||||||
s := configs.HookState{
|
s := configs.HookState{
|
||||||
Version: p.container.config.Version,
|
Version: p.container.config.Version,
|
||||||
|
@ -310,6 +312,10 @@ func (p *initProcess) start() error {
|
||||||
}
|
}
|
||||||
sentRun = true
|
sentRun = true
|
||||||
case procHooks:
|
case procHooks:
|
||||||
|
// Setup cgroup before prestart hook, so that the prestart hook could apply cgroup permissions.
|
||||||
|
if err := p.manager.Set(p.config.Config); err != nil {
|
||||||
|
return newSystemErrorWithCause(err, "setting cgroup config for procHooks process")
|
||||||
|
}
|
||||||
if p.config.Config.Hooks != nil {
|
if p.config.Config.Hooks != nil {
|
||||||
s := configs.HookState{
|
s := configs.HookState{
|
||||||
Version: p.container.config.Version,
|
Version: p.container.config.Version,
|
||||||
|
|
Loading…
Reference in New Issue