github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

support DisableCgroup, DisableApparmor, RestrictOOMScoreAdj

Browse Source 
Add following config for supporting "rootless" mode

* DisableCgroup: disable cgroup
* DisableApparmor: disable Apparmor
* RestrictOOMScoreAdj: restrict the lower bound of OOMScoreAdj

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
This commit is contained in:
Akihiro Suda
2018-11-09 19:34:13 +09:00
parent 4b4b2abb2e
commit cd8231ab2a
6 changed files with 107 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
pkg/server/helpers.go
View File

@@ -18,6 +18,7 @@ package server
import (
"fmt"
"io/ioutil"
"os"
"path"
"path/filepath"
@@ -496,3 +497,27 @@ func getRuntimeOptions(c containers.Container) (interface{}, error) {
}
return opts, nil
}
func getCurrentOOMScoreAdj() (int, error) {
b, err := ioutil.ReadFile("/proc/self/oom_score_adj")
if err != nil {
return 0, errors.Wrap(err, "could not get the daemon oom_score_adj")
}
s := strings.TrimSpace(string(b))
i, err := strconv.Atoi(s)
if err != nil {
return 0, errors.Wrap(err, "could not get the daemon oom_score_adj")
}
return i, nil
}
func restrictOOMScoreAdj(preferredOOMScoreAdj int) (int, error) {
currentOOMScoreAdj, err := getCurrentOOMScoreAdj()
if err != nil {
return preferredOOMScoreAdj, err
}
if preferredOOMScoreAdj < currentOOMScoreAdj {
return currentOOMScoreAdj, nil
}
return preferredOOMScoreAdj, nil
}