Add support for cgroups managed by systemd

containers · Jun 1, 2021 · 52180d5 · 52180d5
1 parent 28ccb95
commit 52180d5
Show file tree

Hide file tree

Showing 19 changed files with 315 additions and 144 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -22,3 +22,4 @@ once_cell = "1.6.0"
 futures = { version = "0.3", features = ["thread-pool"] }
 regex = "1.5"
 oci_spec = { version = "0.1.0", path = "./oci_spec" }
+systemd = "0.8.2"
diff --git a/src/capabilities.rs b/src/capabilities.rs
@@ -1,6 +1,4 @@
-use crate::{
- command::Command,
-};
+use crate::command::Command;
 use caps::*;
 
 use anyhow::Result;

diff --git a/src/cgroups/blkio.rs b/src/cgroups/blkio.rs
@@ -4,9 +4,7 @@ use std::{
  path::Path,
 };
 
-use crate::{
- cgroups::Controller,
-};
+use crate::cgroups::Controller;
 use oci_spec::{LinuxBlockIo, LinuxResources};
 
 const CGROUP_BLKIO_THROTTLE_READ_BPS: &str = "blkio.throttle.read_bps_device";

diff --git a/src/cgroups/cgroupsfs_manager.rs b/src/cgroups/cgroupsfs_manager.rs
@@ -0,0 +1,72 @@
+use crate::cgroups::Manager;
+use crate::cgroups::get_subsystem_path;
+
+use std::{collections::HashMap, path::PathBuf};
+use std::{fs::remove_dir, path::Path};
+
+use anyhow::Result;
+use nix::unistd::Pid;
+
+use super::{
+ blkio::Blkio, devices::Devices, hugetlb::Hugetlb, memory::Memory,
+ network_classifier::NetworkClassifier, network_priority::NetworkPriority, pids::Pids,
+ Controller,
+};
+use crate::{cgroups::ControllerType, utils::PathBufExt};
+use oci_spec::LinuxResources;
+
+pub const CONTROLLERS: &[ControllerType] = &[
+ ControllerType::Devices,
+ ControllerType::HugeTlb,
+ ControllerType::Memory,
+ ControllerType::Pids,
+ ControllerType::Blkio,
+ ControllerType::NetworkPriority,
+ ControllerType::NetworkClassifier,
+];
+
+pub struct CGroupsFSManager {
+ subsystems: HashMap<String, PathBuf>,
+}
+
+impl CGroupsFSManager {
+ pub fn new(cgroup_path: PathBuf) -> Result<Self> {
+ let mut subsystems = HashMap::<String, PathBuf>::new();
+ for subsystem in CONTROLLERS.iter().map(|c| c.to_string()) {
+ subsystems.insert(
+ subsystem.to_owned(),
+ get_subsystem_path(&cgroup_path, &subsystem)?,
+ );
+ }
+
+ Ok(CGroupsFSManager { subsystems })
+ }
+}
+
+impl Manager for CGroupsFSManager {
+ fn apply(&self, linux_resources: &LinuxResources, pid: Pid) -> Result<()> {
+ for subsys in &self.subsystems {
+ match subsys.0.as_str() {
+ "devices" => Devices::apply(linux_resources, &subsys.1, pid)?,
+ "hugetlb" => Hugetlb::apply(linux_resources, &subsys.1, pid)?,
+ "memory" => Memory::apply(linux_resources, &subsys.1, pid)?,
+ "pids" => Pids::apply(linux_resources, &subsys.1, pid)?,
+ "blkio" => Blkio::apply(linux_resources, &subsys.1, pid)?,
+ "net_prio" => NetworkPriority::apply(linux_resources, &subsys.1, pid)?,
+ "net_cls" => NetworkClassifier::apply(linux_resources, &subsys.1, pid)?,
+ _ => continue,
+ }
+ }
+ Ok(())
+ }
+
+ fn remove(&self) -> Result<()> {
+ for cgroup_path in &self.subsystems {
+ if cgroup_path.1.exists() {
+ log::debug!("remove cgroup {:?}", cgroup_path.1);
+ remove_dir(&cgroup_path.1)?;
+ }
+ }
+ Ok(())
+ }
+}
diff --git a/src/cgroups/devices.rs b/src/cgroups/devices.rs
@@ -7,10 +7,7 @@ use std::{
 use anyhow::Result;
 use nix::unistd::Pid;
 
-use crate::{
- cgroups::Controller,
- rootfs::default_devices,
-};
+use crate::{cgroups::Controller, rootfs::default_devices};
 use oci_spec::{LinuxDeviceCgroup, LinuxDeviceType, LinuxResources};
 
 pub struct Devices {}

diff --git a/src/cgroups/hugetlb.rs b/src/cgroups/hugetlb.rs
@@ -7,9 +7,7 @@ use std::{
 use anyhow::anyhow;
 use regex::Regex;
 
-use crate::{
- cgroups::Controller,
-};
+use crate::cgroups::Controller;
 use oci_spec::{LinuxHugepageLimit, LinuxResources};
 
 pub struct Hugetlb {}