From f372b858481e523f212a0f21316630999003da31 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Wed, 11 Dec 2019 18:07:06 +0000 Subject: [PATCH] virtcontainers: reimplement setupSandboxCgroup Reimplement `setupSandboxCgroup` to support cgroupsV2 and systemd cgroups using libcontainer instead of containerd/cgroups. As an initial effort to support these cgroups, `sandbox_cgroup_only` must be set to `true` in configuration file. fixes #2350 Signed-off-by: Julio Montes --- virtcontainers/sandbox.go | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/virtcontainers/sandbox.go b/virtcontainers/sandbox.go index 5e67c79902..ce5ec68223 100644 --- a/virtcontainers/sandbox.go +++ b/virtcontainers/sandbox.go @@ -2033,32 +2033,51 @@ func (s *Sandbox) cpuResources() *specs.LinuxCPU { // setupSandboxCgroup creates and joins sandbox cgroups for the sandbox config func (s *Sandbox) setupSandboxCgroup() error { + var err error spec := s.GetPatchedOCISpec() - if spec == nil { return errorMissingOCISpec } if spec.Linux == nil { - // Cgroup path is optional, though expected. If not defined, skip the setup s.Logger().WithField("sandboxid", s.id).Warning("no cgroup path provided for pod sandbox, not creating sandbox cgroup") return nil } - validContainerCgroup := utils.ValidCgroupPath(spec.Linux.CgroupsPath) - // Create a Kata sandbox cgroup with the cgroup of the sandbox container as the parent - s.state.CgroupPath = filepath.Join(filepath.Dir(validContainerCgroup), cgroupKataPrefix+"_"+s.id) - cgroup, err := cgroupsNewFunc(cgroups.V1, cgroups.StaticPath(s.state.CgroupPath), &specs.LinuxResources{}) + s.state.CgroupPath, err = validCgroupPath(spec.Linux.CgroupsPath, s.config.SystemdCgroup) if err != nil { - return fmt.Errorf("Could not create sandbox cgroup in %v: %v", s.state.CgroupPath, err) + return fmt.Errorf("Invalid cgroup path: %v", err) + } + // Do not change current cgroup configuration. + // Create a spec without constraints + unconstraintSpec := specs.Spec{ + Linux: &specs.Linux{ + Resources: &specs.LinuxResources{}, + CgroupsPath: s.state.CgroupPath, + }, + } + + cmgr, err := newCgroupManager(s.config.Cgroups, s.state.CgroupPaths, &unconstraintSpec) + if err != nil { + return fmt.Errorf("Could not create a new cgroup manager: %v", err) } - // Add the runtime to the Kata sandbox cgroup runtimePid := os.Getpid() - if err := cgroup.Add(cgroups.Process{Pid: runtimePid}); err != nil { + // Add the runtime to the Kata sandbox cgroup + if err := cmgr.Apply(runtimePid); err != nil { return fmt.Errorf("Could not add runtime PID %d to sandbox cgroup: %v", runtimePid, err) } + + // `Apply` updates manager's Cgroups and CgroupPaths, + // they both need to be saved since are used to create + // or restore a cgroup managers. + if s.config.Cgroups, err = cmgr.GetCgroups(); err != nil { + return fmt.Errorf("Could not get cgroup configuration: %v", err) + } + + s.state.CgroupPaths = cmgr.GetPaths() + return nil }