Merge pull request #1045 from Random-Liu/fix-env-performance-issue
Fix env performance issue
This commit is contained in:
Lantao Liu
@@ -35,7 +35,6 @@ import (
|
||||
imagespec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
"github.com/opencontainers/runc/libcontainer/devices"
|
||||
runtimespec "github.com/opencontainers/runtime-spec/specs-go"
|
||||
"github.com/opencontainers/runtime-tools/generate"
|
||||
"github.com/opencontainers/runtime-tools/validate"
|
||||
"github.com/opencontainers/selinux/go-selinux/label"
|
||||
"github.com/pkg/errors"
|
||||
@@ -76,6 +75,7 @@ func init() {
|
||||
// CreateContainer creates a new container in the given PodSandbox.
|
||||
func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateContainerRequest) (_ *runtime.CreateContainerResponse, retErr error) {
|
||||
config := r.GetConfig()
|
||||
logrus.Debugf("Container config %+v", config)
|
||||
sandboxConfig := r.GetSandboxConfig()
|
||||
sandbox, err := c.sandboxStore.Get(r.GetPodSandboxId())
|
||||
if err != nil {
|
||||
@@ -524,7 +524,7 @@ func (c *criService) generateContainerMounts(sandboxID string, config *runtime.C
|
||||
|
||||
// setOCIProcessArgs sets process args. It returns error if the final arg list
|
||||
// is empty.
|
||||
func setOCIProcessArgs(g *generate.Generator, config *runtime.ContainerConfig, imageConfig *imagespec.ImageConfig) error {
|
||||
func setOCIProcessArgs(g *generator, config *runtime.ContainerConfig, imageConfig *imagespec.ImageConfig) error {
|
||||
command, args := config.GetCommand(), config.GetArgs()
|
||||
// The following logic is migrated from https://github.com/moby/moby/blob/master/daemon/commit.go
|
||||
// TODO(random-liu): Clearly define the commands overwrite behavior.
|
||||
@@ -546,7 +546,7 @@ func setOCIProcessArgs(g *generate.Generator, config *runtime.ContainerConfig, i
|
||||
|
||||
// addImageEnvs adds environment variables from image config. It returns error if
|
||||
// an invalid environment variable is encountered.
|
||||
func addImageEnvs(g *generate.Generator, imageEnvs []string) error {
|
||||
func addImageEnvs(g *generator, imageEnvs []string) error {
|
||||
for _, e := range imageEnvs {
|
||||
kv := strings.SplitN(e, "=", 2)
|
||||
if len(kv) != 2 {
|
||||
@@ -557,7 +557,7 @@ func addImageEnvs(g *generate.Generator, imageEnvs []string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func setOCIPrivileged(g *generate.Generator, config *runtime.ContainerConfig) error {
|
||||
func setOCIPrivileged(g *generator, config *runtime.ContainerConfig) error {
|
||||
// Add all capabilities in privileged mode.
|
||||
g.SetupPrivileged(true)
|
||||
setOCIBindMountsPrivileged(g)
|
||||
@@ -578,7 +578,7 @@ func clearReadOnly(m *runtimespec.Mount) {
|
||||
}
|
||||
|
||||
// addDevices set device mapping without privilege.
|
||||
func (c *criService) addOCIDevices(g *generate.Generator, devs []*runtime.Device) error {
|
||||
func (c *criService) addOCIDevices(g *generator, devs []*runtime.Device) error {
|
||||
spec := g.Config
|
||||
for _, device := range devs {
|
||||
path, err := c.os.ResolveSymbolicLink(device.HostPath)
|
||||
@@ -610,7 +610,7 @@ func (c *criService) addOCIDevices(g *generate.Generator, devs []*runtime.Device
|
||||
}
|
||||
|
||||
// addDevices set device mapping with privilege.
|
||||
func setOCIDevicesPrivileged(g *generate.Generator) error {
|
||||
func setOCIDevicesPrivileged(g *generator) error {
|
||||
spec := g.Config
|
||||
hostDevices, err := devices.HostDevices()
|
||||
if err != nil {
|
||||
@@ -641,7 +641,7 @@ func setOCIDevicesPrivileged(g *generate.Generator) error {
|
||||
}
|
||||
|
||||
// addOCIBindMounts adds bind mounts.
|
||||
func (c *criService) addOCIBindMounts(g *generate.Generator, mounts []*runtime.Mount, mountLabel string) error {
|
||||
func (c *criService) addOCIBindMounts(g *generator, mounts []*runtime.Mount, mountLabel string) error {
|
||||
// Sort mounts in number of parts. This ensures that high level mounts don't
|
||||
// shadow other mounts.
|
||||
sort.Sort(orderedMounts(mounts))
|
||||
@@ -746,7 +746,7 @@ func (c *criService) addOCIBindMounts(g *generate.Generator, mounts []*runtime.M
|
||||
return nil
|
||||
}
|
||||
|
||||
func setOCIBindMountsPrivileged(g *generate.Generator) {
|
||||
func setOCIBindMountsPrivileged(g *generator) {
|
||||
spec := g.Config
|
||||
// clear readonly for /sys and cgroup
|
||||
for i, m := range spec.Mounts {
|
||||
@@ -762,7 +762,7 @@ func setOCIBindMountsPrivileged(g *generate.Generator) {
|
||||
}
|
||||
|
||||
// setOCILinuxResourceCgroup set container cgroup resource limit.
|
||||
func setOCILinuxResourceCgroup(g *generate.Generator, resources *runtime.LinuxContainerResources) {
|
||||
func setOCILinuxResourceCgroup(g *generator, resources *runtime.LinuxContainerResources) {
|
||||
if resources == nil {
|
||||
return
|
||||
}
|
||||
@@ -775,7 +775,7 @@ func setOCILinuxResourceCgroup(g *generate.Generator, resources *runtime.LinuxCo
|
||||
}
|
||||
|
||||
// setOCILinuxResourceOOMScoreAdj set container OOMScoreAdj resource limit.
|
||||
func setOCILinuxResourceOOMScoreAdj(g *generate.Generator, resources *runtime.LinuxContainerResources, restrictOOMScoreAdjFlag bool) error {
|
||||
func setOCILinuxResourceOOMScoreAdj(g *generator, resources *runtime.LinuxContainerResources, restrictOOMScoreAdjFlag bool) error {
|
||||
if resources == nil {
|
||||
return nil
|
||||
}
|
||||
@@ -805,7 +805,7 @@ func getOCICapabilitiesList() []string {
|
||||
}
|
||||
|
||||
// Adds capabilities to all sets relevant to root (bounding, permitted, effective, inheritable)
|
||||
func addProcessRootCapability(g *generate.Generator, c string) error {
|
||||
func addProcessRootCapability(g *generator, c string) error {
|
||||
if err := g.AddProcessCapabilityBounding(c); err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -822,7 +822,7 @@ func addProcessRootCapability(g *generate.Generator, c string) error {
|
||||
}
|
||||
|
||||
// Drops capabilities to all sets relevant to root (bounding, permitted, effective, inheritable)
|
||||
func dropProcessRootCapability(g *generate.Generator, c string) error {
|
||||
func dropProcessRootCapability(g *generator, c string) error {
|
||||
if err := g.DropProcessCapabilityBounding(c); err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -839,7 +839,7 @@ func dropProcessRootCapability(g *generate.Generator, c string) error {
|
||||
}
|
||||
|
||||
// setOCICapabilities adds/drops process capabilities.
|
||||
func setOCICapabilities(g *generate.Generator, capabilities *runtime.Capability) error {
|
||||
func setOCICapabilities(g *generator, capabilities *runtime.Capability) error {
|
||||
if capabilities == nil {
|
||||
return nil
|
||||
}
|
||||
@@ -885,7 +885,7 @@ func setOCICapabilities(g *generate.Generator, capabilities *runtime.Capability)
|
||||
}
|
||||
|
||||
// setOCINamespaces sets namespaces.
|
||||
func setOCINamespaces(g *generate.Generator, namespaces *runtime.NamespaceOption, sandboxPid uint32) {
|
||||
func setOCINamespaces(g *generator, namespaces *runtime.NamespaceOption, sandboxPid uint32) {
|
||||
g.AddOrReplaceLinuxNamespace(string(runtimespec.NetworkNamespace), getNetworkNamespace(sandboxPid)) // nolint: errcheck
|
||||
g.AddOrReplaceLinuxNamespace(string(runtimespec.IPCNamespace), getIPCNamespace(sandboxPid)) // nolint: errcheck
|
||||
g.AddOrReplaceLinuxNamespace(string(runtimespec.UTSNamespace), getUTSNamespace(sandboxPid)) // nolint: errcheck
|
||||
|
||||
Reference in New Issue
Block a user