We calculate this on every cgroup call. It comprised of 30%+ of the CPU
usage in cAdvisor.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Since the caller of os.Lstat in devices.go is a function (not a method),
we use a variable to allow os.Lstat to be substituted during testing.
In this case the variable osLstat is private to the devices package to
prevent abuse. So the testcase needs to reside in the same package.
This commit includes a simple test of GetDevices() using osLstat to
simulate an error being returned from os.Lstat. In this case, the
behaviour of GetDevices() in the error case is trivial, but this may
change.
This is just the beginning of error injection. In future, it may be
necessary to pull out repetitive code sequences into a common file.
Signed-off-by: Steve Powell <spowell@pivotal.io>
add format description for `id` string;
add "invalid format" error for `id` string;
remove initial capitals on references to parameter names;
remove reference to `initialConfig`;
add description of id checking.
Signed-off-by: Steve Powell <spowell@pivotal.io>
Sampling should be done by higher layer in configurable intervals. This
change removes the percentage stat as sampling is required for this.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
This makes blkio's GetStats try to read blkio.io_serviced_recursive
first and fall back to read the stats from blkio.throttle in case it
can't. blkio.io_serviced_recursive seems to be available across all
kernels with CFQ enabled.
This closes#165
Signed-off-by: Johannes 'fish' Ziemke <github@freigeist.org>
We need --privileged for apparmor based systems until we have an
apparmor specific flag to set the profile to unconfined.
Signed-off-by: Michael Crosby <michael@docker.com>
Currently we do not remove reservations on MCS labels when a container
is removed. Not a big problem, since on reboot it would be freed.
But we should be cleaning this up. Currently we support ~500,000
labels.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
The current paths for the different systemd cgroup subsystems that
systemd manages and that we have to manage are very inconsistent. This
patch cleans up those differences and allows consistent paths to be
used.
Signed-off-by: Michael Crosby <michael@docker.com>
This also changes the functionality of the default exec in to just be an
existing func that is called than handles the implementation to exec a
user user's process inside the container. This implements this
functionallity in nsinit but is a base for how we will be handling these
types of features inside docker.
Signed-off-by: Michael Crosby <michael@docker.com>
Victor Marmol
Michael Crosby
Steve Powell
Erik Hollensbe
Michael Crosby
Bernerd Schaefer
Michael Crosby
Rohit Jnagal
Johannes 'fish' Ziemke
Dan Walsh
Alexandr Morozov
Vish Kannan
Vishnu Kannan
Nicholas Weaver