GitList

Browse code

cgroup2: unshare cgroupns by default regardless to API version

Fix #41071

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

Akihiro Suda authored on 2020/06/05 17:59:52
Showing 3 changed files

api/server/router/container/container.go index 401be4a..df68fcb 100644
api/server/router/container/container_routes.go index 6720507..b293cf2 100644
cmd/dockerd/daemon.go index f8fd53b..88e59ae 100644

api/server/router/container/container.go

@@ -10,13 +10,15 @@ type containerRouter struct {
                      	backend Backend
                      	decoder httputils.ContainerDecoder
                      	routes  []router.Route
                     +	cgroup2 bool
+                     }
                      // NewRouter initializes a new container router
                     -func NewRouter(b Backend, decoder httputils.ContainerDecoder) router.Router {
                     +func NewRouter(b Backend, decoder httputils.ContainerDecoder, cgroup2 bool) router.Router {
                      	r := &containerRouter{
                      		backend: b,
                      		decoder: decoder,
                     +		cgroup2: cgroup2,
+                     	}
                      	r.initRoutes()
                      	return r

api/server/router/container/container_routes.go

History View file @ 79cfcba

@@ -497,8 +497,8 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
 			hostConfig.IpcMode = container.IpcMode("shareable")
 		}
 	}
-	if hostConfig != nil && versions.LessThan(version, "1.41") {
-		// Older clients expect the default to be "host"
+	if hostConfig != nil && versions.LessThan(version, "1.41") && !s.cgroup2 {
+		// Older clients expect the default to be "host" on cgroup v1 hosts
 		if hostConfig.CgroupnsMode.IsEmpty() {
 			hostConfig.CgroupnsMode = container.CgroupnsMode("host")
 		}

cmd/dockerd/daemon.go

History View file @ 79cfcba

@@ -462,7 +462,7 @@ func initRouter(opts routerOptions) {
                      	routers := []router.Router{
                      		// we need to add the checkpoint router before the container router or the DELETE gets masked
                      		checkpointrouter.NewRouter(opts.daemon, decoder),
                     -		container.NewRouter(opts.daemon, decoder),
                     +		container.NewRouter(opts.daemon, decoder, opts.daemon.RawSysInfo(true).CgroupUnified),
                      		image.NewRouter(opts.daemon.ImageService()),
                      		systemrouter.NewRouter(opts.daemon, opts.cluster, opts.buildkit, opts.features),
                      		volume.NewRouter(opts.daemon.VolumesService()),

...	...	@@ -497,8 +497,8 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
497	497	hostConfig.IpcMode = container.IpcMode("shareable")
498	498	}
499	499	}
500		- if hostConfig != nil && versions.LessThan(version, "1.41") {
501		- // Older clients expect the default to be "host"
	500	+ if hostConfig != nil && versions.LessThan(version, "1.41") && !s.cgroup2 {
	501	+ // Older clients expect the default to be "host" on cgroup v1 hosts
502	502	if hostConfig.CgroupnsMode.IsEmpty() {
503	503	hostConfig.CgroupnsMode = container.CgroupnsMode("host")
504	504	}