Revert "Merge pull request 101888 from kolyshkin/update-runc-rc94"

This reverts commit b1b06fe0a4, reversing changes made to 382a33986b.
2021-05-18 09:12:04 -04:00
parent 7ccd90e7d7
commit 4b45d0d921
336 changed files with 5393 additions and 17166 deletions
--- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go
@@ -12,6 +12,7 @@ import (
 	systemdDbus "github.com/coreos/go-systemd/v22/dbus"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/cgroups/fs"
+	"github.com/opencontainers/runc/libcontainer/cgroups/fscommon"
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/sirupsen/logrus"
 )
@@ -20,14 +21,12 @@ type legacyManager struct {
 	mu      sync.Mutex
 	cgroups *configs.Cgroup
 	paths   map[string]string
-	dbus    *dbusConnManager
 }

 func NewLegacyManager(cg *configs.Cgroup, paths map[string]string) cgroups.Manager {
 	return &legacyManager{
 		cgroups: cg,
 		paths:   paths,
-		dbus:    newDbusConnManager(false),
 	}
 }

@@ -36,8 +35,8 @@ type subsystem interface {
 	Name() string
 	// Returns the stats, as 'stats', corresponding to the cgroup under 'path'.
 	GetStats(path string, stats *cgroups.Stats) error
-	// Set sets cgroup resource limits.
-	Set(path string, r *configs.Resources) error
+	// Set the cgroup represented by cgroup.
+	Set(path string, cgroup *configs.Cgroup) error
 }

 var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist")
@@ -58,8 +57,9 @@ var legacySubsystems = []subsystem{
 	&fs.NameGroup{GroupName: "name=systemd"},
 }

-func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) {
+func genV1ResourcesProperties(c *configs.Cgroup, conn *systemdDbus.Conn) ([]systemdDbus.Property, error) {
 	var properties []systemdDbus.Property
+	r := c.Resources

 	deviceProperties, err := generateDeviceProperties(r.Devices)
 	if err != nil {
@@ -77,7 +77,7 @@ func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]syst
 			newProp("CPUShares", r.CpuShares))
 	}

-	addCpuQuota(cm, &properties, r.CpuQuota, r.CpuPeriod)
+	addCpuQuota(conn, &properties, r.CpuQuota, r.CpuPeriod)

 	if r.BlkioWeight != 0 {
 		properties = append(properties,
@@ -86,10 +86,11 @@ func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]syst

 	if r.PidsLimit > 0 || r.PidsLimit == -1 {
 		properties = append(properties,
+			newProp("TasksAccounting", true),
 			newProp("TasksMax", uint64(r.PidsLimit)))
 	}

-	err = addCpuset(cm, &properties, r.CpusetCpus, r.CpusetMems)
+	err = addCpuset(conn, &properties, r.CpusetCpus, r.CpusetMems)
 	if err != nil {
 		return nil, err
 	}
@@ -157,17 +158,32 @@ func (m *legacyManager) Apply(pid int) error {
 	properties = append(properties,
 		newProp("MemoryAccounting", true),
 		newProp("CPUAccounting", true),
-		newProp("BlockIOAccounting", true),
-		newProp("TasksAccounting", true),
-	)
+		newProp("BlockIOAccounting", true))

 	// Assume DefaultDependencies= will always work (the check for it was previously broken.)
 	properties = append(properties,
 		newProp("DefaultDependencies", false))

+	dbusConnection, err := getDbusConnection(false)
+	if err != nil {
+		return err
+	}
+	resourcesProperties, err := genV1ResourcesProperties(c, dbusConnection)
+	if err != nil {
+		return err
+	}
+	properties = append(properties, resourcesProperties...)
 	properties = append(properties, c.SystemdProps...)

-	if err := startUnit(m.dbus, unitName, properties); err != nil {
+	// We have to set kernel memory here, as we can't change it once
+	// processes have been attached to the cgroup.
+	if c.Resources.KernelMemory != 0 {
+		if err := enableKmem(c); err != nil {
+			return err
+		}
+	}
+
+	if err := startUnit(dbusConnection, unitName, properties); err != nil {
 		return err
 	}

@@ -205,8 +221,13 @@ func (m *legacyManager) Destroy() error {
 	m.mu.Lock()
 	defer m.mu.Unlock()

-	stopErr := stopUnit(m.dbus, getUnitName(m.cgroups))
+	dbusConnection, err := getDbusConnection(false)
+	if err != nil {
+		return err
+	}
+	unitName := getUnitName(m.cgroups)

+	stopErr := stopUnit(dbusConnection, unitName)
 	// Both on success and on error, cleanup all the cgroups we are aware of.
 	// Some of them were created directly by Apply() and are not managed by systemd.
 	if err := cgroups.RemovePaths(m.paths); err != nil {
@@ -231,7 +252,7 @@ func (m *legacyManager) joinCgroups(pid int) error {
 		case "cpuset":
 			if path, ok := m.paths[name]; ok {
 				s := &fs.CpusetGroup{}
-				if err := s.ApplyDir(path, m.cgroups.Resources, pid); err != nil {
+				if err := s.ApplyDir(path, m.cgroups, pid); err != nil {
 					return err
 				}
 			}
@@ -284,7 +305,7 @@ func (m *legacyManager) Freeze(state configs.FreezerState) error {
 	prevState := m.cgroups.Resources.Freezer
 	m.cgroups.Resources.Freezer = state
 	freezer := &fs.FreezerGroup{}
-	if err := freezer.Set(path, m.cgroups.Resources); err != nil {
+	if err := freezer.Set(path, m.cgroups); err != nil {
 		m.cgroups.Resources.Freezer = prevState
 		return err
 	}
@@ -324,16 +345,20 @@ func (m *legacyManager) GetStats() (*cgroups.Stats, error) {
 	return stats, nil
 }

-func (m *legacyManager) Set(r *configs.Resources) error {
+func (m *legacyManager) Set(container *configs.Config) error {
 	// If Paths are set, then we are just joining cgroups paths
 	// and there is no need to set any values.
 	if m.cgroups.Paths != nil {
 		return nil
 	}
-	if r.Unified != nil {
+	if container.Cgroups.Resources.Unified != nil {
 		return cgroups.ErrV1NoUnified
 	}
-	properties, err := genV1ResourcesProperties(r, m.dbus)
+	dbusConnection, err := getDbusConnection(false)
+	if err != nil {
+		return err
+	}
+	properties, err := genV1ResourcesProperties(container.Cgroups, dbusConnection)
 	if err != nil {
 		return err
 	}
@@ -361,7 +386,7 @@ func (m *legacyManager) Set(r *configs.Resources) error {
 		}
 	}

-	if err := setUnitProperties(m.dbus, getUnitName(m.cgroups), properties...); err != nil {
+	if err := dbusConnection.SetUnitProperties(getUnitName(container.Cgroups), true, properties...); err != nil {
 		_ = m.Freeze(targetFreezerState)
 		return err
 	}
@@ -376,7 +401,7 @@ func (m *legacyManager) Set(r *configs.Resources) error {
 		if !ok {
 			continue
 		}
-		if err := sys.Set(path, r); err != nil {
+		if err := sys.Set(path, container.Cgroups); err != nil {
 			return err
 		}
 	}
@@ -384,6 +409,30 @@ func (m *legacyManager) Set(r *configs.Resources) error {
 	return nil
 }

+func enableKmem(c *configs.Cgroup) error {
+	path, err := getSubsystemPath(c, "memory")
+	if err != nil {
+		if cgroups.IsNotFound(err) {
+			return nil
+		}
+		return err
+	}
+
+	if err := os.MkdirAll(path, 0755); err != nil {
+		return err
+	}
+	// do not try to enable the kernel memory if we already have
+	// tasks in the cgroup.
+	content, err := fscommon.ReadFile(path, "tasks")
+	if err != nil {
+		return err
+	}
+	if len(content) > 0 {
+		return nil
+	}
+	return fs.EnableKernelMemoryAccounting(path)
+}
+
 func (m *legacyManager) GetPaths() map[string]string {
 	m.mu.Lock()
 	defer m.mu.Unlock()
@@ -406,7 +455,3 @@ func (m *legacyManager) GetFreezerState() (configs.FreezerState, error) {
 func (m *legacyManager) Exists() bool {
 	return cgroups.PathExists(m.Path("devices"))
 }
-
-func (m *legacyManager) OOMKillCount() (uint64, error) {
-	return fs.OOMKillCount(m.Path("memory"))
-}