kubelet/cm: don't set Devices
Since runc 1.0.0 it is now sufficient to have SkipDevices: true. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
		| @@ -33,7 +33,6 @@ import ( | ||||
| 	"github.com/opencontainers/runc/libcontainer/cgroups/fscommon" | ||||
| 	cgroupsystemd "github.com/opencontainers/runc/libcontainer/cgroups/systemd" | ||||
| 	libcontainerconfigs "github.com/opencontainers/runc/libcontainer/configs" | ||||
| 	libcontainerdevices "github.com/opencontainers/runc/libcontainer/devices" | ||||
| 	"k8s.io/klog/v2" | ||||
| 	v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper" | ||||
|  | ||||
| @@ -376,15 +375,6 @@ func getSupportedUnifiedControllers() sets.String { | ||||
|  | ||||
| func (m *cgroupManagerImpl) toResources(resourceConfig *ResourceConfig) *libcontainerconfigs.Resources { | ||||
| 	resources := &libcontainerconfigs.Resources{ | ||||
| 		Devices: []*libcontainerdevices.Rule{ | ||||
| 			{ | ||||
| 				Type:        'a', | ||||
| 				Permissions: "rwm", | ||||
| 				Allow:       true, | ||||
| 				Minor:       libcontainerdevices.Wildcard, | ||||
| 				Major:       libcontainerdevices.Wildcard, | ||||
| 			}, | ||||
| 		}, | ||||
| 		SkipDevices: true, | ||||
| 	} | ||||
| 	if resourceConfig == nil { | ||||
|   | ||||
| @@ -38,7 +38,6 @@ import ( | ||||
| 	utilio "k8s.io/utils/io" | ||||
| 	utilpath "k8s.io/utils/path" | ||||
|  | ||||
| 	libcontainerdevices "github.com/opencontainers/runc/libcontainer/devices" | ||||
| 	v1 "k8s.io/api/core/v1" | ||||
| 	"k8s.io/apimachinery/pkg/api/resource" | ||||
| 	utilerrors "k8s.io/apimachinery/pkg/util/errors" | ||||
| @@ -393,15 +392,6 @@ func createManager(containerName string) (cgroups.Manager, error) { | ||||
| 		Parent: "/", | ||||
| 		Name:   containerName, | ||||
| 		Resources: &configs.Resources{ | ||||
| 			Devices: []*libcontainerdevices.Rule{ | ||||
| 				{ | ||||
| 					Type:        'a', | ||||
| 					Permissions: "rwm", | ||||
| 					Allow:       true, | ||||
| 					Minor:       libcontainerdevices.Wildcard, | ||||
| 					Major:       libcontainerdevices.Wildcard, | ||||
| 				}, | ||||
| 			}, | ||||
| 			SkipDevices: true, | ||||
| 		}, | ||||
| 	} | ||||
|   | ||||
| @@ -28,7 +28,6 @@ import ( | ||||
| 	"github.com/opencontainers/runc/libcontainer/cgroups" | ||||
| 	cgroupfs "github.com/opencontainers/runc/libcontainer/cgroups/fs" | ||||
| 	"github.com/opencontainers/runc/libcontainer/configs" | ||||
| 	libcontainerdevices "github.com/opencontainers/runc/libcontainer/devices" | ||||
| 	utilversion "k8s.io/apimachinery/pkg/util/version" | ||||
| 	"k8s.io/apimachinery/pkg/util/wait" | ||||
| 	"k8s.io/klog/v2" | ||||
| @@ -127,15 +126,6 @@ func createCgroupManager(name string) (cgroups.Manager, error) { | ||||
| 			Memory:      int64(memoryLimit), | ||||
| 			MemorySwap:  -1, | ||||
| 			SkipDevices: true, | ||||
| 			Devices: []*libcontainerdevices.Rule{ | ||||
| 				{ | ||||
| 					Minor:       libcontainerdevices.Wildcard, | ||||
| 					Major:       libcontainerdevices.Wildcard, | ||||
| 					Type:        'a', | ||||
| 					Permissions: "rwm", | ||||
| 					Allow:       true, | ||||
| 				}, | ||||
| 			}, | ||||
| 		}, | ||||
| 	} | ||||
| 	return cgroupfs.NewManager(cg, nil, false), nil | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Kir Kolyshkin
					Kir Kolyshkin