1. docker
  2. Commit 031fcb31d3a81fbd5c5ab8d898d53fbd486413e6
Browse code

Setup cgroups for all subsystems

Fixes #5117
Fixes #5118
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

Michael Crosby authored on 2014/04/09 20:43:19
Showing 2 changed files
integration-cli/docker_cli_top_test.go
History View file @ 031fcb3
... ... 
@@ -7,7 +7,7 @@ import (
7 7 
 	"testing"
8 8 
 )
9 9
10 
-func TestTop(t *testing.T) {
10 
+func TestTopNonPrivileged(t *testing.T) {
11 11 
 	runCmd := exec.Command(dockerBinary, "run", "-i", "-d", "busybox", "sleep", "20")
12 12 
 	out, _, err := runCommandWithOutput(runCmd)
13 13 
 	errorOut(err, t, fmt.Sprintf("failed to start the container: %v", err))
... ... 
@@ -28,5 +28,29 @@ func TestTop(t *testing.T) {
28 28 
 		t.Fatal("top should've listed sleep 20 in the process list")
29 29 
 	}
30 30
31 
-	logDone("top - sleep process should be listed")
31 
+	logDone("top - sleep process should be listed in non privileged mode")
32 
+}
33 
+
34 
+func TestTopPrivileged(t *testing.T) {
35 
+	runCmd := exec.Command(dockerBinary, "run", "--privileged", "-i", "-d", "busybox", "sleep", "20")
36 
+	out, _, err := runCommandWithOutput(runCmd)
37 
+	errorOut(err, t, fmt.Sprintf("failed to start the container: %v", err))
38 
+
39 
+	cleanedContainerID := stripTrailingCharacters(out)
40 
+
41 
+	topCmd := exec.Command(dockerBinary, "top", cleanedContainerID)
42 
+	out, _, err = runCommandWithOutput(topCmd)
43 
+	errorOut(err, t, fmt.Sprintf("failed to run top: %v %v", out, err))
44 
+
45 
+	killCmd := exec.Command(dockerBinary, "kill", cleanedContainerID)
46 
+	_, err = runCommand(killCmd)
47 
+	errorOut(err, t, fmt.Sprintf("failed to kill container: %v", err))
48 
+
49 
+	deleteContainer(cleanedContainerID)
50 
+
51 
+	if !strings.Contains(out, "sleep 20") {
52 
+		t.Fatal("top should've listed sleep 20 in the process list")
53 
+	}
54 
+
55 
+	logDone("top - sleep process should be listed in privileged mode")
32 56 
 }
pkg/cgroups/apply_raw.go
History View file @ 031fcb3
... ... 
@@ -78,17 +78,17 @@ func (raw *rawCgroup) join(subsystem string, pid int) (string, error) {
78 78 
 }
79 79
80 80 
 func (raw *rawCgroup) setupDevices(c *Cgroup, pid int) (err error) {
81 
-	if !c.DeviceAccess {
82 
-		dir, err := raw.join("devices", pid)
81 
+	dir, err := raw.join("devices", pid)
82 
+	if err != nil {
83 
+		return err
84 
+	}
85 
+	defer func() {
83 86 
 		if err != nil {
84 
-			return err
87 
+			os.RemoveAll(dir)
85 88 
 		}
89 
+	}()
86 90
87 
-		defer func() {
88 
-			if err != nil {
89 
-				os.RemoveAll(dir)
90 
-			}
91 
-		}()
91 
+	if !c.DeviceAccess {
92 92
93 93 
 		if err := writeFile(dir, "devices.deny", "a"); err != nil {
94 94 
 			return err
... ... 
@@ -132,16 +132,17 @@ func (raw *rawCgroup) setupDevices(c *Cgroup, pid int) (err error) {
132 132 
 }
133 133
134 134 
 func (raw *rawCgroup) setupMemory(c *Cgroup, pid int) (err error) {
135 
-	if c.Memory != 0 || c.MemorySwap != 0 {
136 
-		dir, err := raw.join("memory", pid)
135 
+	dir, err := raw.join("memory", pid)
136 
+	if err != nil && (c.Memory != 0 || c.MemorySwap != 0) {
137 
+		return err
138 
+	}
139 
+	defer func() {
137 140 
 		if err != nil {
138 
-			return err
141 
+			os.RemoveAll(dir)
139 142 
 		}
140 
-		defer func() {
141 
-			if err != nil {
142 
-				os.RemoveAll(dir)
143 
-			}
144 
-		}()
143 
+	}()
144 
+
145 
+	if c.Memory != 0 || c.MemorySwap != 0 {
145 146
146 147 
 		if c.Memory != 0 {
147 148 
 			if err := writeFile(dir, "memory.limit_in_bytes", strconv.FormatInt(c.Memory, 10)); err != nil {
... ... 
@@ -178,9 +179,10 @@ func (raw *rawCgroup) setupCpu(c *Cgroup, pid int) (err error) {
178 178 
 }
179 179
180 180 
 func (raw *rawCgroup) setupCpuset(c *Cgroup, pid int) (err error) {
181 
+	// we don't want to join this cgroup unless it is specified
181 182 
 	if c.CpusetCpus != "" {
182 183 
 		dir, err := raw.join("cpuset", pid)
183 
-		if err != nil {
184 
+		if err != nil && c.CpusetCpus != "" {
184 185 
 			return err
185 186 
 		}
186 187 
 		defer func() {