beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/cmd/dockerd/daemon_linux.go
Djordje Lukic 3a617e5463
c8d: Use a specific containerd namespace when userns are remapped 
We need to isolate the images that we are remapping to a userns, we
can't mix them with "normal" images. In the graph driver case this means
we create a new root directory where we store the images and everything
else, in the containerd case we can use a new namespace.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2024-01-24 15:46:16 +01:00

54 lines
1.6 KiB
Go
Raw Blame History

package main
import (
cdcgroups "github.com/containerd/cgroups/v3"
systemdDaemon "github.com/coreos/go-systemd/v22/daemon"
"github.com/docker/docker/daemon"
"github.com/docker/docker/daemon/config"
"github.com/docker/docker/pkg/sysinfo"
"github.com/pkg/errors"
)
// loadCLIPlatformConfig loads the platform specific CLI configuration
func loadCLIPlatformConfig(conf *config.Config) error {
if conf.RemappedRoot == "" {
return nil
}
containerdNamespace, containerdPluginNamespace, err := daemon.RemapContainerdNamespaces(conf)
if err != nil {
return err
}
conf.ContainerdNamespace = containerdNamespace
conf.ContainerdPluginNamespace = containerdPluginNamespace
return nil
}
// preNotifyReady sends a message to the host when the API is active, but before the daemon is
func preNotifyReady() {
}
// notifyReady sends a message to the host when the server is ready to be used
func notifyReady() {
// Tell the init daemon we are accepting requests
go systemdDaemon.SdNotify(false, systemdDaemon.SdNotifyReady)
}
// notifyStopping sends a message to the host when the server is shutting down
func notifyStopping() {
go systemdDaemon.SdNotify(false, systemdDaemon.SdNotifyStopping)
}
func validateCPURealtimeOptions(config *config.Config) error {
if config.CPURealtimePeriod == 0 && config.CPURealtimeRuntime == 0 {
return nil
}
if cdcgroups.Mode() == cdcgroups.Unified {
return errors.New("daemon-scoped cpu-rt-period and cpu-rt-runtime are not implemented for cgroup v2")
}
if !sysinfo.New().CPURealtime {
return errors.New("daemon-scoped cpu-rt-period and cpu-rt-runtime are not supported by the kernel")
}
return nil
}
Reference in a new issue View git blame Copy permalink