From d1ba8e39f8c75123dfc9888b720b9b29e19499d8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 1 Jun 2020 19:48:53 -0700 Subject: [PATCH] (*initProcess).start: rm second Apply Apply() determines and creates cgroup path(s), configures parent cgroups (for some v1 controllers), and creates a systemd unit (in case of a systemd cgroup manager), then adds a pid specified to the cgroup for all configured controllers. This is a relatively heavy procedure (in particular, for cgroups v1 it involves parsing /proc/self/mountinfo about a dozen times), and it seems there is no need to do it twice. More to say, even merely adding the child pid to the same cgroup seems redundant, as we added the parent pid to the cgroup before sending the data to the child (runc init process), and it waits for the data before doing clone(), so its children will be in the same cgroup anyway. Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index b8599761..50f968d9 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -346,16 +346,7 @@ func (p *initProcess) start() (retErr error) { return newSystemErrorWithCausef(err, "getting pipe fds for pid %d", childPid) } p.setExternalDescriptors(fds) - // Do this before syncing with child so that no children - // can escape the cgroup - if err := p.manager.Apply(childPid); err != nil { - return newSystemErrorWithCause(err, "applying cgroup configuration for process") - } - if p.intelRdtManager != nil { - if err := p.intelRdtManager.Apply(childPid); err != nil { - return newSystemErrorWithCause(err, "applying Intel RDT configuration for process") - } - } + // Now it's time to setup cgroup namesapce if p.config.Config.Namespaces.Contains(configs.NEWCGROUP) && p.config.Config.Namespaces.PathOf(configs.NEWCGROUP) == "" { if _, err := p.messageSockPair.parent.Write([]byte{createCgroupns}); err != nil {