runc/libcontainer/cgroups/fs
Aleksa Sarai 03e585985f
rootless: cgroup: treat EROFS as a skippable error
In some cases, /sys/fs/cgroups is mounted read-only. In rootless
containers we can consider this effectively identical to having cgroups
that we don't have write permission to -- because the user isn't
responsible for the read-only setup and cannot modify it. The rules are
identical to when /sys/fs/cgroups is not writable by the unprivileged
user.

An example of this is the default configuration of Docker, where cgroups
are mounted as read-only as a preventative security measure.

Reported-by: Vladimir Rutsky <rutsky@google.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2018-03-17 13:53:42 +11:00
..
apply_raw.go rootless: cgroup: treat EROFS as a skippable error 2018-03-17 13:53:42 +11:00
apply_raw_test.go libcontainer: cgroups: fs: add cgroup path safety unit tests 2016-02-14 00:37:21 +11:00
blkio.go libcontainer: cgroups: don't Set in Apply 2016-01-12 10:06:35 +11:00
blkio_test.go Move the cgroups setting into a Resources struct 2015-12-16 15:53:31 -05:00
cpu.go Use uint64 for resources to keep consistency with runtime-spec 2017-03-20 18:51:39 +08:00
cpu_test.go Add unit test for setting the CPU RT sched cgroups values at apply time 2016-07-04 13:11:53 +01:00
cpuacct.go Rename parent and data 2015-11-05 19:12:53 +08:00
cpuset.go Create containers when cgroups already mounted 2017-03-15 10:10:30 +00:00
cpuset_test.go Move the cgroups setting into a Resources struct 2015-12-16 15:53:31 -05:00
devices.go Skip updates on parent Devices cgroup 2016-07-25 10:30:46 -07:00
devices_test.go Add test 2016-07-28 17:14:51 -07:00
freezer.go libcontainer: cgroups: Write freezer state after every state check 2017-10-12 07:07:28 -07:00
freezer_test.go Move the cgroups setting into a Resources struct 2015-12-16 15:53:31 -05:00
fs_unsupported.go Move libcontainer into subdirectory 2015-06-21 19:29:15 -07:00
hugetlb.go libcontainer: cgroups: don't Set in Apply 2016-01-12 10:06:35 +11:00
hugetlb_test.go Move the cgroups setting into a Resources struct 2015-12-16 15:53:31 -05:00
memory.go Merge pull request #1378 from derekwaynecarr/expose_use_hierarchy 2017-06-30 16:08:21 +01:00
memory_test.go Expose memory.use_hierarchy in MemoryStats 2017-03-31 13:40:34 -04:00
name.go Move the process outside of the systemd cgroup 2016-02-19 11:26:46 -08:00
net_cls.go fix setting net_cls classid 2016-07-11 05:00:35 +08:00
net_cls_test.go fix setting net_cls classid 2016-07-11 05:00:35 +08:00
net_prio.go libcontainer: cgroups: don't Set in Apply 2016-01-12 10:06:35 +11:00
net_prio_test.go Move the cgroups setting into a Resources struct 2015-12-16 15:53:31 -05:00
perf_event.go Rename parent and data 2015-11-05 19:12:53 +08:00
pids.go libcontainer: cgroups: deal with unlimited case for pids.max 2016-03-18 08:46:24 +11:00
pids_test.go libcontainer: cgroups: add tests for pids.max == "max" 2016-03-18 08:46:24 +11:00
stats_util_test.go Updated logrus to v1 2017-07-19 15:20:56 +00:00
util_test.go Move the cgroups setting into a Resources struct 2015-12-16 15:53:31 -05:00
utils.go Removing unused variable for cgroup subsystem 2016-06-12 12:35:49 +05:30
utils_test.go Move libcontainer into subdirectory 2015-06-21 19:29:15 -07:00