ed47d6ba76
The rpc only reports one field, i.e. the cgroup driver, to kubelet. Containerd determines the effective cgroup driver by looking at all runtime handlers, starting from the default runtime handler (the rest in alphabetical order), and returning the cgroup driver setting of the first runtime handler that supports one. If no runtime handler supports cgroup driver (i.e. has a config option for it) containerd falls back to auto-detection, returning systemd if systemd is running and cgroupfs otherwise. This patch implements the CRI server side of Kubernetes KEP-4033: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/4033-group-driver-detection-over-cri Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
38 lines
848 B
Go
38 lines
848 B
Go
package userns
|
|
|
|
import (
|
|
"sync"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/user"
|
|
)
|
|
|
|
var (
|
|
inUserNS bool
|
|
nsOnce sync.Once
|
|
)
|
|
|
|
// runningInUserNS detects whether we are currently running in a user namespace.
|
|
// Originally copied from github.com/lxc/lxd/shared/util.go
|
|
func runningInUserNS() bool {
|
|
nsOnce.Do(func() {
|
|
uidmap, err := user.CurrentProcessUIDMap()
|
|
if err != nil {
|
|
// This kernel-provided file only exists if user namespaces are supported
|
|
return
|
|
}
|
|
inUserNS = uidMapInUserNS(uidmap)
|
|
})
|
|
return inUserNS
|
|
}
|
|
|
|
func uidMapInUserNS(uidmap []user.IDMap) bool {
|
|
/*
|
|
* We assume we are in the initial user namespace if we have a full
|
|
* range - 4294967295 uids starting at uid 0.
|
|
*/
|
|
if len(uidmap) == 1 && uidmap[0].ID == 0 && uidmap[0].ParentID == 0 && uidmap[0].Count == 4294967295 {
|
|
return false
|
|
}
|
|
return true
|
|
}
|