ed47d6ba76
The rpc only reports one field, i.e. the cgroup driver, to kubelet. Containerd determines the effective cgroup driver by looking at all runtime handlers, starting from the default runtime handler (the rest in alphabetical order), and returning the cgroup driver setting of the first runtime handler that supports one. If no runtime handler supports cgroup driver (i.e. has a config option for it) containerd falls back to auto-detection, returning systemd if systemd is running and cgroupfs otherwise. This patch implements the CRI server side of Kubernetes KEP-4033: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/4033-group-driver-detection-over-cri Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
34 lines
751 B
Go
34 lines
751 B
Go
//go:build linux
|
|
// +build linux
|
|
|
|
package configs
|
|
|
|
import "golang.org/x/sys/unix"
|
|
|
|
func (n *Namespace) Syscall() int {
|
|
return namespaceInfo[n.Type]
|
|
}
|
|
|
|
var namespaceInfo = map[NamespaceType]int{
|
|
NEWNET: unix.CLONE_NEWNET,
|
|
NEWNS: unix.CLONE_NEWNS,
|
|
NEWUSER: unix.CLONE_NEWUSER,
|
|
NEWIPC: unix.CLONE_NEWIPC,
|
|
NEWUTS: unix.CLONE_NEWUTS,
|
|
NEWPID: unix.CLONE_NEWPID,
|
|
NEWCGROUP: unix.CLONE_NEWCGROUP,
|
|
}
|
|
|
|
// CloneFlags parses the container's Namespaces options to set the correct
|
|
// flags on clone, unshare. This function returns flags only for new namespaces.
|
|
func (n *Namespaces) CloneFlags() uintptr {
|
|
var flag int
|
|
for _, v := range *n {
|
|
if v.Path != "" {
|
|
continue
|
|
}
|
|
flag |= namespaceInfo[v.Type]
|
|
}
|
|
return uintptr(flag)
|
|
}
|