93 lines
3.2 KiB
Diff
93 lines
3.2 KiB
Diff
From 0f7ec1274b90032ca0383ec7c6385af1aa98b284 Mon Sep 17 00:00:00 2001
|
|
Message-Id: <0f7ec1274b90032ca0383ec7c6385af1aa98b284.1659958805.git.stefan@agner.ch>
|
|
In-Reply-To: <410089ea4bb8bf051a941febd087b0346b967a10.1659958805.git.stefan@agner.ch>
|
|
References: <410089ea4bb8bf051a941febd087b0346b967a10.1659958805.git.stefan@agner.ch>
|
|
From: Stefan Agner <stefan@agner.ch>
|
|
Date: Thu, 3 Mar 2022 15:43:10 +0100
|
|
Subject: [PATCH 03/11] Implement Device Resources updates
|
|
|
|
Add support to update Device Resources with runc update.
|
|
|
|
Signed-off-by: Stefan Agner <stefan@agner.ch>
|
|
---
|
|
libcontainer/specconv/spec_linux.go | 4 ++--
|
|
update.go | 26 +++++++++++++++++++-------
|
|
2 files changed, 21 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
|
|
index c5b32b1e..555c39ca 100644
|
|
--- a/libcontainer/specconv/spec_linux.go
|
|
+++ b/libcontainer/specconv/spec_linux.go
|
|
@@ -385,7 +385,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
|
|
return nil, err
|
|
}
|
|
|
|
- defaultAllowedDevices := createDefaultDevicesCgroups(config)
|
|
+ defaultAllowedDevices := CreateDefaultDevicesCgroups(config)
|
|
|
|
c, err := CreateCgroupConfig(opts, defaultAllowedDevices)
|
|
if err != nil {
|
|
@@ -979,7 +979,7 @@ next:
|
|
return nil
|
|
}
|
|
|
|
-func createDefaultDevicesCgroups(config *configs.Config) []*devices.Device {
|
|
+func CreateDefaultDevicesCgroups(config *configs.Config) []*devices.Device {
|
|
defaultAllowedDevices := []*devices.Device{}
|
|
next:
|
|
for _, ad := range AllowedDevices {
|
|
diff --git a/update.go b/update.go
|
|
index d02e7af9..9332515c 100644
|
|
--- a/update.go
|
|
+++ b/update.go
|
|
@@ -8,6 +8,7 @@ import (
|
|
"strconv"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/cgroups"
|
|
+ "github.com/opencontainers/runc/libcontainer/specconv"
|
|
"github.com/sirupsen/logrus"
|
|
|
|
"github.com/docker/go-units"
|
|
@@ -298,6 +299,24 @@ other options are ignored.
|
|
config.Cgroups.Resources.PidsLimit = r.Pids.Limit
|
|
config.Cgroups.Resources.Unified = r.Unified
|
|
|
|
+ if len(r.Devices) > 0 {
|
|
+ config.Cgroups.Resources.Devices = nil
|
|
+ defaultAllowedDevices := specconv.CreateDefaultDevicesCgroups(&config)
|
|
+
|
|
+ err = specconv.CreateCgroupDeviceConfig(config.Cgroups.Resources, &r, defaultAllowedDevices)
|
|
+ if err != nil {
|
|
+ return err
|
|
+ }
|
|
+ config.Cgroups.SkipDevices = false
|
|
+ } else {
|
|
+ // If "runc update" is not changing device configuration, add
|
|
+ // this to skip device update.
|
|
+ // This helps in case an extra plugin (nvidia GPU) applies some
|
|
+ // configuration on top of what runc does.
|
|
+ // Note this field is not saved into container's state.json.
|
|
+ config.Cgroups.SkipDevices = true
|
|
+ }
|
|
+
|
|
// Update Intel RDT
|
|
l3CacheSchema := context.String("l3-cache-schema")
|
|
memBwSchema := context.String("mem-bw-schema")
|
|
@@ -329,13 +348,6 @@ other options are ignored.
|
|
config.IntelRdt.MemBwSchema = memBwSchema
|
|
}
|
|
|
|
- // XXX(kolyshkin@): currently "runc update" is unable to change
|
|
- // device configuration, so add this to skip device update.
|
|
- // This helps in case an extra plugin (nvidia GPU) applies some
|
|
- // configuration on top of what runc does.
|
|
- // Note this field is not saved into container's state.json.
|
|
- config.Cgroups.SkipDevices = true
|
|
-
|
|
return container.Set(config)
|
|
},
|
|
}
|
|
--
|
|
2.37.1
|
|
|