use containerd/cgroups to detect cgroups v2

libcontainer does not guarantee a stable API, and is not intended
for external consumers.

this patch replaces some uses of libcontainer/cgroups with
containerd/cgroups.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2020-11-09 15:00:32 +01:00
parent c7109494fe
commit 6458f750e1
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
5 changed files with 14 additions and 12 deletions

View file

@ -5,11 +5,11 @@ package main
import (
"os/exec"
"github.com/containerd/cgroups"
"github.com/docker/docker/daemon/config"
"github.com/docker/docker/opts"
"github.com/docker/docker/rootless"
units "github.com/docker/go-units"
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/pkg/errors"
"github.com/spf13/pflag"
)
@ -66,7 +66,7 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
// Note that defaultUserlandProxyPath and honorXDG are configured according to the value of rootless.RunningWithRootlessKit, not the value of --rootless.
flags.BoolVar(&conf.Rootless, "rootless", rootless.RunningWithRootlessKit(), "Enable rootless mode; typically used with RootlessKit")
defaultCgroupNamespaceMode := "host"
if cgroups.IsCgroup2UnifiedMode() {
if cgroups.Mode() == cgroups.Unified {
defaultCgroupNamespaceMode = "private"
}
flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", defaultCgroupNamespaceMode, `Default mode for containers cgroup namespace ("host" | "private")`)

View file

@ -16,6 +16,7 @@ import (
"strings"
"time"
"github.com/containerd/cgroups"
statsV1 "github.com/containerd/cgroups/stats/v1"
statsV2 "github.com/containerd/cgroups/v2/stats"
"github.com/containerd/containerd/sys"
@ -43,7 +44,6 @@ import (
"github.com/docker/libnetwork/options"
lntypes "github.com/docker/libnetwork/types"
"github.com/moby/sys/mount"
"github.com/opencontainers/runc/libcontainer/cgroups"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
@ -362,11 +362,11 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
if hostConfig.CgroupnsMode.IsEmpty() {
// for cgroup v2: unshare cgroupns even for privileged containers
// https://github.com/containers/libpod/pull/4374#issuecomment-549776387
if hostConfig.Privileged && !cgroups.IsCgroup2UnifiedMode() {
if hostConfig.Privileged && cgroups.Mode() != cgroups.Unified {
hostConfig.CgroupnsMode = containertypes.CgroupnsMode("host")
} else {
m := "host"
if cgroups.IsCgroup2UnifiedMode() {
if cgroups.Mode() == cgroups.Unified {
m = "private"
}
if daemon.configStore != nil {
@ -637,7 +637,7 @@ func UsingSystemd(config *config.Config) bool {
return true
}
// On cgroup v2 hosts, default to systemd driver
if getCD(config) == "" && cgroups.IsCgroup2UnifiedMode() && IsRunningSystemd() {
if getCD(config) == "" && cgroups.Mode() == cgroups.Unified && IsRunningSystemd() {
return true
}
return false
@ -758,7 +758,7 @@ func verifyDaemonSettings(conf *config.Config) error {
}
}
if conf.Rootless && UsingSystemd(conf) && !cgroups.IsCgroup2UnifiedMode() {
if conf.Rootless && UsingSystemd(conf) && cgroups.Mode() != cgroups.Unified {
return fmt.Errorf("exec-opt native.cgroupdriver=systemd requires cgroup v2 for rootless mode")
}

View file

@ -11,6 +11,7 @@ import (
"strconv"
"strings"
cdcgroups "github.com/containerd/cgroups"
"github.com/containerd/containerd/containers"
coci "github.com/containerd/containerd/oci"
"github.com/containerd/containerd/sys"
@ -89,7 +90,7 @@ func WithRootless(daemon *Daemon) coci.SpecOpts {
return func(_ context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
var v2Controllers []string
if daemon.getCgroupDriver() == cgroupSystemdDriver {
if !cgroups.IsCgroup2UnifiedMode() {
if cdcgroups.Mode() != cdcgroups.Unified {
return errors.New("rootless systemd driver doesn't support cgroup v1")
}
rootlesskitParentEUID := os.Getenv("ROOTLESSKIT_PARENT_EUID")
@ -814,7 +815,7 @@ func WithCgroups(daemon *Daemon, c *container.Container) coci.SpecOpts {
return nil
}
if cgroups.IsCgroup2UnifiedMode() {
if cdcgroups.Mode() == cdcgroups.Unified {
return errors.New("daemon-scoped cpu-rt-period and cpu-rt-runtime are not implemented for cgroup v2")
}

View file

@ -3,9 +3,9 @@
package daemon // import "github.com/docker/docker/daemon"
import (
"github.com/containerd/cgroups"
"github.com/docker/docker/container"
"github.com/docker/docker/errdefs"
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@ -27,7 +27,7 @@ func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Contain
rt.Shim = defaultV2ShimConfig(daemon.configStore, p)
}
if rt.Shim.Binary == linuxShimV1 {
if cgroups.IsCgroup2UnifiedMode() {
if cgroups.Mode() == cgroups.Unified {
return "", nil, errdefs.InvalidParameter(errors.Errorf("runtime %q is not supported while cgroups v2 (unified hierarchy) is being used", container.HostConfig.Runtime))
}
logrus.Warnf("Configured runtime %q is deprecated and will be removed in the next release", container.HostConfig.Runtime)

View file

@ -8,6 +8,7 @@ import (
"strings"
"sync"
cdcgroups "github.com/containerd/cgroups"
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
@ -56,7 +57,7 @@ func New(quiet bool, options ...Opt) *SysInfo {
for _, o := range options {
o(&opts)
}
if cgroups.IsCgroup2UnifiedMode() {
if cdcgroups.Mode() == cdcgroups.Unified {
return newV2(quiet, &opts)
}