1. docker
  2. Commit 81aa1b507f51901eafcfaad70a656da376cf937d
Browse code

Remove cgroups mounting in dind

Signed-off-by: Alexander Morozov <lk4d4@docker.com>

Alexander Morozov authored on 2015/11/17 10:10:53
Showing 1 changed files
hack/dind
History View file @ 81aa1b5
... ... 
@@ -13,74 +13,6 @@ set -e
13 13 
 # apparmor sucks and Docker needs to know that it's in a container (c) @tianon
14 14 
 export container=docker
15 15
16 
-# as of docker 1.8, cgroups will be mounted in the container
17 
-if ! mountpoint -q /sys/fs/cgroup; then
18 
-
19 
-	# First, make sure that cgroups are mounted correctly.
20 
-	CGROUP=/cgroup
21 
-
22 
-	mkdir -p "$CGROUP"
23 
-
24 
-	if ! mountpoint -q "$CGROUP"; then
25 
-		mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || {
26 
-			echo >&2 'Could not make a tmpfs mount. Did you use --privileged?'
27 
-			exit 1
28 
-		}
29 
-	fi
30 
-
31 
-	# Mount the cgroup hierarchies exactly as they are in the parent system.
32 
-	for HIER in $(cut -d: -f2 /proc/1/cgroup); do
33 
-
34 
-		SUBSYSTEMS="${HIER%name=*}"
35 
-
36 
-		# If cgroup hierarchy is named(mounted with "-o name=foo") we
37 
-		# need to mount it in $CGROUP/foo to create exect same
38 
-		# directoryes as on host. Else we need to mount it as is e.g.
39 
-		# "subsys1,subsys2" if it has two subsystems
40 
-
41 
-		# Named, control-less cgroups are mounted with "-o name=foo"
42 
-		# (and appear as such under /proc/<pid>/cgroup) but are usually
43 
-		# mounted on a directory named "foo" (without the "name=" prefix).
44 
-		# Systemd and OpenRC (and possibly others) both create such a
45 
-		# cgroup. So just mount them on directory $CGROUP/foo.
46 
-
47 
-		OHIER=$HIER
48 
-		HIER="${HIER#*name=}"
49 
-
50 
-		mkdir -p "$CGROUP/$HIER"
51 
-
52 
-		if ! mountpoint -q "$CGROUP/$HIER"; then
53 
-			mount -n -t cgroup -o "$OHIER" cgroup "$CGROUP/$HIER"
54 
-		fi
55 
-
56 
-		# Likewise, on at least one system, it has been reported that
57 
-		# systemd would mount the CPU and CPU accounting controllers
58 
-		# (respectively "cpu" and "cpuacct") with "-o cpuacct,cpu"
59 
-		# but on a directory called "cpu,cpuacct" (note the inversion
60 
-		# in the order of the groups). This tries to work around it.
61 
-
62 
-		if [ "$HIER" = 'cpuacct,cpu' ]; then
63 
-			ln -s "$HIER" "$CGROUP/cpu,cpuacct"
64 
-		fi
65 
-
66 
-		# If hierarchy has multiple subsystems, in /proc/<pid>/cgroup
67 
-		# we will see ":subsys1,subsys2,subsys3,name=foo:" substring,
68 
-		# we need to mount it to "$CGROUP/foo" and if there were no
69 
-		# name to "$CGROUP/subsys1,subsys2,subsys3", so we must create
70 
-		# symlinks for docker daemon to find these subsystems:
71 
-		# ln -s $CGROUP/foo $CGROUP/subsys1
72 
-		# ln -s $CGROUP/subsys1,subsys2,subsys3 $CGROUP/subsys1
73 
-
74 
-		if [ "$SUBSYSTEMS" != "${SUBSYSTEMS//,/ }" ]; then
75 
-			SUBSYSTEMS="${SUBSYSTEMS//,/ }"
76 
-			for SUBSYS in $SUBSYSTEMS
77 
-			do
78 
-				ln -s "$CGROUP/$HIER" "$CGROUP/$SUBSYS"
79 
-			done
80 
-		fi
81 
-	done
82 
-fi
83 
-
84 16 
 if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
85 17 
 	mount -t securityfs none /sys/kernel/security || {
86 18 
 		echo >&2 'Could not mount /sys/kernel/security.'
... ... 
@@ -88,16 +20,6 @@ if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
88 88 
 	}
89 89 
 fi
90 90
91 
-# Note: as I write those lines, the LXC userland tools cannot setup
92 
-# a "sub-container" properly if the "devices" cgroup is not in its
93 
-# own hierarchy. Let's detect this and issue a warning.
94 
-if ! grep -q :devices: /proc/1/cgroup; then
95 
-	echo >&2 'WARNING: the "devices" cgroup should be in its own hierarchy.'
96 
-fi
97 
-if ! grep -qw devices /proc/1/cgroup; then
98 
-	echo >&2 'WARNING: it looks like the "devices" cgroup is not mounted.'
99 
-fi
100 
-
101 91 
 # Mount /tmp (conditionally)
102 92 
 if ! mountpoint -q /tmp; then
103 93 
 	mount -t tmpfs none /tmp