822ae18b14
``` 1152b960fcee041f50df15cdc67c29dbccf801ef (HEAD -> master, origin/master) Merge pull request #73 from gliptak/gofmt1 afd5981a16647b45b6dba3a50a88418b576cc17d Gofmt cgroup_test 65ce98b3dfeb0a9a8fecd7e4ebffb24ad0bfe28f Merge pull request #69 from cclerget/master-weight-pointer 0f372c6d4a65a49c72b0afbd1aee6214637958bf Merge pull request #71 from JoeWrightss/patch-1 f48bd85c9cbc306fada0cebc3a646a1f1fe99afe Fixs return error message 10cd53efd916e22b9bdea67223d287684f57f1f4 Merge pull request #70 from gliptak/patch-1 64bade4cea6c438ee51a7a12528225946b42c6ca Take value instead of pointer value b49c4713f3824e81bfa67faddcdde1414171b54e Correct ineffassign warning 3bc6dde829bc2dc8d4097ce8ad5acc275de3df06 Merge pull request #68 from cclerget/master-net_prio-typo 6b552a86e60e31903d3f8f3f494eda71f562cc54 Fix net_prio typo c0437c3dd5958f74d7f54e9f5def749850b9d6a1 Merge pull request #67 from gpanouts/get-all-cgroup-tasks a31a0ff985237eddf30d9fe30a3643c7da4ae912 Add functionality for retrieving all tasks of a cgroup 82cb49fc1779971dfef4ad696f1453f6f44987b1 Merge pull request #63 from ChrsMark/lenient-subsystems-checking 7d825b29aecc02bb1e9bede427f8ed62bbc3030d Add test for cgroups load when missing hierarchy in one subsystem f6cbfb45aec6a2590c7e7f4b84a080602b3e642d Change Load function in order to be more lenient on subsystems' checking 965bb1da4db7c8ce2690108c5a081562ce7493cb Merge pull request #66 from crosbymichael/systemdci ab9ec0e4abde2c2cb999719ff43af2d3b5830f75 (fork/systemdci, systemdci) Add go-systemd dep for CI testing 0e94a83b6eb6cf4bc05d7f91ec1eaad57a77d3b6 Merge pull request #59 from gliptak/patch-1 4479d118c89b5500a08cce7a78bbe822229c1e65 Merge pull request #62 from estesp/fix-gofmt 9beb998c23f510b1e6670ad7791807eb9aff6741 Merge pull request #61 from gliptak/patch-3 9a09e5899acc95fabcc620d6489fec674e6dddfa Fix gofmt of systemd.go 84e6e6ed2afdf661cd9dbf47c6f3412b546bc67f Merge pull request #60 from gliptak/patch-2 e13f6cc3b9637c36e6a8af393b561127498f4be5 Add GoReportCard badge to README d124595ee85c245e7c1443fe402adf7ce4f7f6a4 Add Go 1.11 to Travis d961ab930c38eb8bedcded479f1708b2ef4984c5 Correct typo d2400726cfa7904fb79e3b896ec0e6ae500a76bd Merge pull request #57 from estesp/project-update e4cf832b95deb7ce898ece716307abc35cbd0a09 Add project references and use common project travis 8baeff6b9d069acde48ef1bedec7e0f8ba684f05 Merge pull request #56 from grantseltzer/patch-1 9de57ffeb46f6179333d7939436d92dcb5631e5f Add godoc badge to README.md 5017d4e9a9cf2d4381db99eacd9baf84b95bfb14 Merge pull request #54 from WeiZhang555/bugfix 13aaafdc37e772059d3234ec762303537f440c5b Bugfix: can't write to cpuset cgroup 58556f5ad8448d99a6f7bea69ea4bdb7747cfeb0 Merge pull request #53 from baude/systemdslicedelegate 15ed73c1c075e6590ecf56170acedcba0da8167e systemd-239+ no longer allows delegate slice 3024bc7cc0c88af4b32d38a14444f38e65ab169f Merge pull request #52 from Sykomaniac/bugfix/slice-name 2596f332e449ea374f0f24a977437116714ce7ef Remove call to unitName 2e2922e146ed53ccf4481c245187b6afe244fded Merge pull request #51 from containerd/type 0f3de2f77d3b76b3871242fbab2a6116179229af (type) Fix empty device type ``` Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
94 lines
2.1 KiB
Go
94 lines
2.1 KiB
Go
/*
|
|
Copyright The containerd Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package cgroups
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"path/filepath"
|
|
|
|
specs "github.com/opencontainers/runtime-spec/specs-go"
|
|
)
|
|
|
|
const (
|
|
allowDeviceFile = "devices.allow"
|
|
denyDeviceFile = "devices.deny"
|
|
wildcard = -1
|
|
)
|
|
|
|
func NewDevices(root string) *devicesController {
|
|
return &devicesController{
|
|
root: filepath.Join(root, string(Devices)),
|
|
}
|
|
}
|
|
|
|
type devicesController struct {
|
|
root string
|
|
}
|
|
|
|
func (d *devicesController) Name() Name {
|
|
return Devices
|
|
}
|
|
|
|
func (d *devicesController) Path(path string) string {
|
|
return filepath.Join(d.root, path)
|
|
}
|
|
|
|
func (d *devicesController) Create(path string, resources *specs.LinuxResources) error {
|
|
if err := os.MkdirAll(d.Path(path), defaultDirPerm); err != nil {
|
|
return err
|
|
}
|
|
for _, device := range resources.Devices {
|
|
file := denyDeviceFile
|
|
if device.Allow {
|
|
file = allowDeviceFile
|
|
}
|
|
if device.Type == "" {
|
|
device.Type = "a"
|
|
}
|
|
if err := ioutil.WriteFile(
|
|
filepath.Join(d.Path(path), file),
|
|
[]byte(deviceString(device)),
|
|
defaultFilePerm,
|
|
); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (d *devicesController) Update(path string, resources *specs.LinuxResources) error {
|
|
return d.Create(path, resources)
|
|
}
|
|
|
|
func deviceString(device specs.LinuxDeviceCgroup) string {
|
|
return fmt.Sprintf("%s %s:%s %s",
|
|
device.Type,
|
|
deviceNumber(device.Major),
|
|
deviceNumber(device.Minor),
|
|
device.Access,
|
|
)
|
|
}
|
|
|
|
func deviceNumber(number *int64) string {
|
|
if number == nil || *number == wildcard {
|
|
return "*"
|
|
}
|
|
return fmt.Sprint(*number)
|
|
}
|