diff options
| author |   HuabingZhao <zhao.huabing@zte.com.cn> | 2017-08-31 11:59:47 +0800 |
|---|---|---|
| committer | HuabingZhao <zhao.huabing@zte.com.cn> | 2017-08-31 12:00:09 +0800 |
| commit | c0f3b093c704da85252044b3a177dbabab63c49a (patch) | |
| tree | f6cb5d85315c307bcf4984ac04e76e84b9abeac6 /kube2msb/src/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices.go | |
| parent | c1737d2abac61511e00f388538779d67464b8a98 (diff) | |
add vendor package
Issue-Id: OOM-61
Change-Id: I251336e3b711b14f8ae9a8b0bf6055011a1d9bc8
Signed-off-by: HuabingZhao <zhao.huabing@zte.com.cn>
Diffstat (limited to 'kube2msb/src/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices.go')
| -rw-r--r-- | kube2msb/src/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices.go | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/kube2msb/src/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices.go b/kube2msb/src/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices.go new file mode 100644 index 0000000..5f78331 --- /dev/null +++ b/kube2msb/src/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/devices.go @@ -0,0 +1,78 @@ +// +build linux + +package fs + +import ( + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/system" +) + +type DevicesGroup struct { +} + +func (s *DevicesGroup) Name() string { + return "devices" +} + +func (s *DevicesGroup) Apply(d *cgroupData) error { + _, err := d.join("devices") + if err != nil { + // We will return error even it's `not found` error, devices + // cgroup is hard requirement for container's security. + return err + } + return nil +} + +func (s *DevicesGroup) Set(path string, cgroup *configs.Cgroup) error { + if system.RunningInUserNS() { + return nil + } + + devices := cgroup.Resources.Devices + if len(devices) > 0 { + for _, dev := range devices { + file := "devices.deny" + if dev.Allow { + file = "devices.allow" + } + if err := writeFile(path, file, dev.CgroupString()); err != nil { + return err + } + } + return nil + } + if !cgroup.Resources.AllowAllDevices { + if err := writeFile(path, "devices.deny", "a"); err != nil { + return err + } + + for _, dev := range cgroup.Resources.AllowedDevices { + if err := writeFile(path, "devices.allow", dev.CgroupString()); err != nil { + return err + } + } + return nil + } + + if err := writeFile(path, "devices.allow", "a"); err != nil { + return err + } + + for _, dev := range cgroup.Resources.DeniedDevices { + if err := writeFile(path, "devices.deny", dev.CgroupString()); err != nil { + return err + } + } + + return nil +} + +func (s *DevicesGroup) Remove(d *cgroupData) error { + return removePath(d.path("devices")) +} + +func (s *DevicesGroup) GetStats(path string, stats *cgroups.Stats) error { + return nil +} |