diff --git a/pkg/cgroups/apply_raw.go b/pkg/cgroups/apply_raw.go index 47a2a002b8..5fe317937a 100644 --- a/pkg/cgroups/apply_raw.go +++ b/pkg/cgroups/apply_raw.go @@ -49,6 +49,9 @@ func rawApply(c *Cgroup, pid int) (ActiveCgroup, error) { if err := raw.setupCpu(c, pid); err != nil { return nil, err } + if err := raw.setupCpuset(c, pid); err != nil { + return nil, err + } return raw, nil } @@ -170,6 +173,25 @@ func (raw *rawCgroup) setupCpu(c *Cgroup, pid int) (err error) { return nil } +func (raw *rawCgroup) setupCpuset(c *Cgroup, pid int) (err error) { + if c.CpusetCpus != "" { + dir, err := raw.join("cpuset", pid) + if err != nil { + return err + } + defer func() { + if err != nil { + os.RemoveAll(dir) + } + }() + + if err := writeFile(dir, "cpuset.cpus", c.CpusetCpus); err != nil { + return err + } + } + return nil +} + func (raw *rawCgroup) Cleanup() error { get := func(subsystem string) string { path, _ := raw.path(subsystem) @@ -180,6 +202,7 @@ func (raw *rawCgroup) Cleanup() error { get("memory"), get("devices"), get("cpu"), + get("cpuset"), } { if path != "" { os.RemoveAll(path) diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go index cdf268711a..5fe10346df 100644 --- a/pkg/cgroups/cgroups.go +++ b/pkg/cgroups/cgroups.go @@ -101,22 +101,3 @@ func (c *Cgroup) Apply(pid int) (ActiveCgroup, error) { return rawApply(c, pid) } } - -func (c *Cgroup) setupCpuset(cgroupRoot string, pid int) (err error) { - if c.CpusetCpus != "" { - dir, err := c.Join(cgroupRoot, "cpuset", pid) - if err != nil { - return err - } - defer func() { - if err != nil { - os.RemoveAll(dir) - } - }() - - if err := writeFile(dir, "cpuset.cpus", c.CpusetCpus); err != nil { - return err - } - } - return nil -} diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go index 1a9ffbada5..9a92258644 100644 --- a/runconfig/hostconfig.go +++ b/runconfig/hostconfig.go @@ -17,11 +17,6 @@ type HostConfig struct { DriverOptions map[string][]string } -type KeyValuePair struct { - Key string - Value string -} - func ContainerHostConfigFromJob(job *engine.Job) *HostConfig { hostConfig := &HostConfig{ ContainerIDFile: job.Getenv("ContainerIDFile"), diff --git a/runconfig/parse.go b/runconfig/parse.go index b89d6c4683..a330c6c869 100644 --- a/runconfig/parse.go +++ b/runconfig/parse.go @@ -4,10 +4,8 @@ import ( "fmt" "github.com/dotcloud/docker/nat" "github.com/dotcloud/docker/opts" - "github.com/dotcloud/docker/pkg/label" flag "github.com/dotcloud/docker/pkg/mflag" "github.com/dotcloud/docker/pkg/sysinfo" - "github.com/dotcloud/docker/runtime/execdriver" "github.com/dotcloud/docker/utils" "io/ioutil" "path" @@ -34,10 +32,6 @@ func ParseSubcommand(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) } func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Config, *HostConfig, *flag.FlagSet, error) { - var ( - processLabel string - mountLabel string - ) var ( // FIXME: use utils.ListOpts for attach and volumes? flAttach = opts.NewListOpts(opts.ValidateAttach) @@ -67,7 +61,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf flUser = cmd.String([]string{"u", "-user"}, "", "Username or UID") flWorkingDir = cmd.String([]string{"w", "-workdir"}, "", "Working directory inside the container") flCpuShares = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)") - flLabelOptions = cmd.String([]string{"Z", "-label"}, "", "Options to pass to underlying labeling system") // For documentation purpose _ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify all received signal to the process (even in non-tty mode)") @@ -159,15 +152,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf entrypoint = []string{*flEntrypoint} } - if !*flPrivileged { - pLabel, mLabel, e := label.GenLabels(*flLabelOptions) - if e != nil { - return nil, nil, cmd, fmt.Errorf("Invalid security labels : %s", e) - } - processLabel = pLabel - mountLabel = mLabel - } - lxcConf, err := parseKeyValueOpts(flLxcOpts) if err != nil { return nil, nil, cmd, err @@ -222,10 +206,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf VolumesFrom: strings.Join(flVolumesFrom.GetAll(), ","), Entrypoint: entrypoint, WorkingDir: *flWorkingDir, - Context: execdriver.Context{ - "mount_label": mountLabel, - "process_label": processLabel, - }, } driverOptions, err := parseDriverOpts(flDriverOpts) @@ -233,11 +213,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf return nil, nil, cmd, err } - pluginOptions, err := parseDriverOpts(flDriverOpts) - if err != nil { - return nil, nil, cmd, err - } - hostConfig := &HostConfig{ Binds: binds, ContainerIDFile: *flContainerIDFile, @@ -289,20 +264,3 @@ func parseKeyValueOpts(opts opts.ListOpts) ([]utils.KeyValuePair, error) { } return out, nil } - -// options will come in the format of name.type=value -func parseDriverOpts(opts opts.ListOpts) (map[string][]string, error) { - out := make(map[string][]string, len(opts.GetAll())) - for _, o := range opts.GetAll() { - parts := strings.SplitN(o, ".", 2) - if len(parts) < 2 { - return nil, fmt.Errorf("invalid opt format %s", o) - } - values, exists := out[parts[0]] - if !exists { - values = []string{} - } - out[parts[0]] = append(values, parts[1]) - } - return out, nil -} diff --git a/runtime/container.go b/runtime/container.go index 656e9ae587..f37ffcd1e7 100644 --- a/runtime/container.go +++ b/runtime/container.go @@ -404,7 +404,6 @@ func populateCommand(c *Container) { User: c.Config.User, Config: driverConfig, Resources: resources, - Context: c.Config.Context, } c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true} } diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go index 230518bd7f..67095383ec 100644 --- a/runtime/execdriver/lxc/lxc_template.go +++ b/runtime/execdriver/lxc/lxc_template.go @@ -30,9 +30,9 @@ lxc.pts = 1024 # disable the main console lxc.console = none -{{if getProcessLabel .Context}} -lxc.se_context = {{ getProcessLabel .Context}} -{{$MOUNTLABEL := getMountLabel .Context}} +{{if getProcessLabel .Config}} +lxc.se_context = {{ getProcessLabel .Config}} +{{$MOUNTLABEL := getMountLabel .Config}} {{end}} # no controlling tty at all @@ -147,12 +147,23 @@ func getMemorySwap(v *execdriver.Resources) int64 { return v.Memory * 2 } -func getProcessLabel(c execdriver.Context) string { - return c["process_label"] +func getProcessLabel(c map[string][]string) string { + return getLabel(c, "process") } -func getMountLabel(c execdriver.Context) string { - return c["mount_label"] +func getMountLabel(c map[string][]string) string { + return getLabel(c, "mount") +} + +func getLabel(c map[string][]string, name string) string { + label := c["label"] + for _, l := range label { + parts := strings.SplitN(l, "=", 2) + if parts[0] == name { + return parts[1] + } + } + return "" } func init() { diff --git a/runtime/utils_test.go b/runtime/utils_test.go index 81c745c0d5..833634cb47 100644 --- a/runtime/utils_test.go +++ b/runtime/utils_test.go @@ -2,13 +2,14 @@ package runtime import ( "github.com/dotcloud/docker/runconfig" + "github.com/dotcloud/docker/utils" "testing" ) func TestMergeLxcConfig(t *testing.T) { var ( hostConfig = &runconfig.HostConfig{ - LxcConf: []runconfig.KeyValuePair{ + LxcConf: []utils.KeyValuePair{ {Key: "lxc.cgroups.cpuset", Value: "1,2"}, }, }