Merge pull request #3957 from workato:auto-cgroup
PiperOrigin-RevId: 338372736
This commit is contained in:
commit
1a5eb49a43
|
@ -312,6 +312,14 @@ func New(conf *config.Config, args Args) (*Container, error) {
|
||||||
if isRoot(args.Spec) {
|
if isRoot(args.Spec) {
|
||||||
log.Debugf("Creating new sandbox for container %q", args.ID)
|
log.Debugf("Creating new sandbox for container %q", args.ID)
|
||||||
|
|
||||||
|
if args.Spec.Linux == nil {
|
||||||
|
args.Spec.Linux = &specs.Linux{}
|
||||||
|
}
|
||||||
|
// Don't force the use of cgroups in tests because they lack permission to do so.
|
||||||
|
if args.Spec.Linux.CgroupsPath == "" && !conf.TestOnlyAllowRunAsCurrentUserWithoutChroot {
|
||||||
|
args.Spec.Linux.CgroupsPath = "/" + args.ID
|
||||||
|
}
|
||||||
|
|
||||||
// Create and join cgroup before processes are created to ensure they are
|
// Create and join cgroup before processes are created to ensure they are
|
||||||
// part of the cgroup from the start (and all their children processes).
|
// part of the cgroup from the start (and all their children processes).
|
||||||
cg, err := cgroup.New(args.Spec)
|
cg, err := cgroup.New(args.Spec)
|
||||||
|
@ -321,7 +329,13 @@ func New(conf *config.Config, args Args) (*Container, error) {
|
||||||
if cg != nil {
|
if cg != nil {
|
||||||
// If there is cgroup config, install it before creating sandbox process.
|
// If there is cgroup config, install it before creating sandbox process.
|
||||||
if err := cg.Install(args.Spec.Linux.Resources); err != nil {
|
if err := cg.Install(args.Spec.Linux.Resources); err != nil {
|
||||||
return nil, fmt.Errorf("configuring cgroup: %v", err)
|
switch {
|
||||||
|
case errors.Is(err, syscall.EACCES) && conf.Rootless:
|
||||||
|
log.Warningf("Skipping cgroup configuration in rootless mode: %v", err)
|
||||||
|
cg = nil
|
||||||
|
default:
|
||||||
|
return nil, fmt.Errorf("configuring cgroup: %v", err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if err := runInCgroup(cg, func() error {
|
if err := runInCgroup(cg, func() error {
|
||||||
|
|
Loading…
Reference in New Issue