3 years ago · 011e1c71ff
--- a/cmd/dockerd/config_unix.go
+++ b/cmd/dockerd/config_unix.go
@@ -57,8 +57,8 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
 
				 	flags.IntVar(&conf.OOMScoreAdjust, "oom-score-adjust", 0, "Set the oom_score_adj for the daemon")
			
 
				 	flags.BoolVar(&conf.Init, "init", false, "Run an init in the container to forward signals and reap processes")
			
 
				 	flags.StringVar(&conf.InitPath, "init-path", "", "Path to the docker-init binary")
			
 
				-	flags.Int64Var(&conf.CPURealtimePeriod, "cpu-rt-period", 0, "Limit the CPU real-time period in microseconds for the parent cgroup for all containers")
			
 
				-	flags.Int64Var(&conf.CPURealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds for the parent cgroup for all containers")
			
 
				+	flags.Int64Var(&conf.CPURealtimePeriod, "cpu-rt-period", 0, "Limit the CPU real-time period in microseconds for the parent cgroup for all containers (not supported with cgroups v2)")
			
 
				+	flags.Int64Var(&conf.CPURealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds for the parent cgroup for all containers (not supported with cgroups v2)")
			
 
				 	flags.StringVar(&conf.SeccompProfile, "seccomp-profile", config.SeccompProfileDefault, `Path to seccomp profile. Use "unconfined" to disable the default seccomp profile`)
			
 
				 	flags.Var(&conf.ShmSize, "default-shm-size", "Default shm size for containers")
			
 
				 	flags.BoolVar(&conf.NoNewPrivileges, "no-new-privileges", false, "Set no-new-privileges by default for new containers")
			
--- a/cmd/dockerd/daemon.go
+++ b/cmd/dockerd/daemon.go
@@ -463,6 +463,11 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
 
				 		conf.TLSVerify = conf.TLS
			
 
				 	}
			
 
				 
			
 
				+	err = validateCPURealtimeOptions(conf)
			
 
				+	if err != nil {
			
 
				+		return nil, err
			
 
				+	}
			
 
				+
			
 
				 	return conf, nil
			
 
				 }
			
 
				 
			
--- a/cmd/dockerd/daemon_freebsd.go
+++ b/cmd/dockerd/daemon_freebsd.go
@@ -1,5 +1,7 @@
 
				 package main
			
 
				 
			
 
				+import "github.com/docker/docker/daemon/config"
			
 
				+
			
 
				 // preNotifyReady sends a message to the host when the API is active, but before the daemon is
			
 
				 func preNotifyReady() {
			
 
				 }
			
@@ -11,3 +13,7 @@ func notifyReady() {
 
				 // notifyStopping sends a message to the host when the server is shutting down
			
 
				 func notifyStopping() {
			
 
				 }
			
 
				+
			
 
				+func validateCPURealtimeOptions(_ *config.Config) error {
			
 
				+	return nil
			
 
				+}
			
--- a/cmd/dockerd/daemon_linux.go
+++ b/cmd/dockerd/daemon_linux.go
@@ -1,6 +1,12 @@
 
				 package main
			
 
				 
			
 
				-import systemdDaemon "github.com/coreos/go-systemd/v22/daemon"
			
 
				+import (
			
 
				+	cdcgroups "github.com/containerd/cgroups"
			
 
				+	systemdDaemon "github.com/coreos/go-systemd/v22/daemon"
			
 
				+	"github.com/docker/docker/daemon/config"
			
 
				+	"github.com/docker/docker/pkg/sysinfo"
			
 
				+	"github.com/pkg/errors"
			
 
				+)
			
 
				 
			
 
				 // preNotifyReady sends a message to the host when the API is active, but before the daemon is
			
 
				 func preNotifyReady() {
			
@@ -16,3 +22,16 @@ func notifyReady() {
 
				 func notifyStopping() {
			
 
				 	go systemdDaemon.SdNotify(false, systemdDaemon.SdNotifyStopping)
			
 
				 }
			
 
				+
			
 
				+func validateCPURealtimeOptions(config *config.Config) error {
			
 
				+	if config.CPURealtimePeriod == 0 && config.CPURealtimeRuntime == 0 {
			
 
				+		return nil
			
 
				+	}
			
 
				+	if cdcgroups.Mode() == cdcgroups.Unified {
			
 
				+		return errors.New("daemon-scoped cpu-rt-period and cpu-rt-runtime are not implemented for cgroup v2")
			
 
				+	}
			
 
				+	if !sysinfo.New().CPURealtime {
			
 
				+		return errors.New("daemon-scoped cpu-rt-period and cpu-rt-runtime are not supported by the kernel")
			
 
				+	}
			
 
				+	return nil
			
 
				+}
			
--- a/cmd/dockerd/daemon_windows.go
+++ b/cmd/dockerd/daemon_windows.go
@@ -97,3 +97,7 @@ func (cli *DaemonCli) initContainerD(_ context.Context) (func(time.Duration) err
 
				 	system.InitContainerdRuntime(cli.Config.ContainerdAddr)
			
 
				 	return nil, nil
			
 
				 }
			
 
				+
			
 
				+func validateCPURealtimeOptions(_ *config.Config) error {
			
 
				+	return nil
			
 
				+}
			
--- a/daemon/oci_linux.go
+++ b/daemon/oci_linux.go
@@ -818,16 +818,6 @@ func WithCgroups(daemon *Daemon, c *container.Container) coci.SpecOpts {
 
				 			return nil
			
 
				 		}
			
 
				 
			
 
				-		if cdcgroups.Mode() == cdcgroups.Unified {
			
 
				-			return errors.New("daemon-scoped cpu-rt-period and cpu-rt-runtime are not implemented for cgroup v2")
			
 
				-		}
			
 
				-
			
 
				-		// FIXME this is very expensive way to check if cpu rt is supported
			
 
				-		sysInfo := daemon.RawSysInfo()
			
 
				-		if !sysInfo.CPURealtime {
			
 
				-			return errors.New("daemon-scoped cpu-rt-period and cpu-rt-runtime are not supported by the kernel")
			
 
				-		}
			
 
				-
			
 
				 		p := cgroupsPath
			
 
				 		if useSystemd {
			
 
				 			initPath, err := cgroups.GetInitCgroup("cpu")