Set up memory.swappiness in cgroup config so write is not attempted
unless specifically set. Fixes running runc on kernels which still have
the cgroup hierarchy write limitation.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
It can happen if newContainer is failed. Now test shows real error from
newContainer instead of trace.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Even if libcontainer does not create the directories for the cpuset
cgroup we should ensure that they are properly populated with the
parent's cpus and mems values. Some systems create the directory
structures but do not correctly populate the values and causes our
implementation to fail.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
As related to #639, this at least makes the "nsinit" consumer of
libcontainer initialize the value to "-1" and also allows the user to
specify a setting for the container.
This is an analog to Docker PR docker/docker#14030.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Even if cpu cgroup controller is enabled it's still possible that
cpu.shares doesn't exist.
This is the case when the kernel config has CONFIG_CGROUP_SCHED
enabled but CONFIG_FAIR_GROUP_SCHED disabled. Then docker fails to
start containers even --cpu-shares isn't specified.
$ sudo docker run -i -t ubuntu:14.04
Error response from daemon: Cannot start container 5600ae87eb9d0eca49f6bcee012247d6b4beb49c426d6cf17e2456279f9311f6: [8] System error: open /sys/fs/cgroup/cpu/docker/5600ae87eb9d0eca49f6bcee012247d6b4beb49c426d6cf17e2456279f9311f6/cpu.shares: no such file or directory
Signed-off-by: Zefan Li <lizefan@huawei.com>
Currently we can't start container with kmem limit, because we
set kmem limit after processes joined to cgroup, we'll get device
busy error in this case.
Fix it by moving set before join.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
It tests only changed files from commit.
We can't expect vet fixes from all projects from vendor directory.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
It sped up this function x10 times(because of not using Ssprintf).
It was one of two major performance drawbacks in docker, because we're parsing
this file pretty often.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
This parses group file only once to process a list of groups instead of parsing
once for each group. Also added an unit test for GetAdditionalGroupsPath
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>