Browse code
Add cgroup bind mount by default
Libcontainer already supported mount container's own cgroup into
container, with this patch, we can see container's own cgroup info
in container.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Qiang Huang authored on 2015/07/10 14:12:09Showing 2 changed files
| ... | ... |
@@ -80,6 +80,12 @@ func New() *configs.Config {
|
| 80 | 80 |
Device: "sysfs", |
| 81 | 81 |
Flags: defaultMountFlags | syscall.MS_RDONLY, |
| 82 | 82 |
}, |
| 83 |
+ {
|
|
| 84 |
+ Source: "cgroup", |
|
| 85 |
+ Destination: "/sys/fs/cgroup", |
|
| 86 |
+ Device: "cgroup", |
|
| 87 |
+ Flags: defaultMountFlags | syscall.MS_RDONLY, |
|
| 88 |
+ }, |
|
| 83 | 89 |
}, |
| 84 | 90 |
MaskPaths: []string{
|
| 85 | 91 |
"/proc/kcore", |
| ... | ... |
@@ -159,6 +159,21 @@ func (s *DockerSuite) TestRunContainerWithCgroupParentAbsPath(c *check.C) {
|
| 159 | 159 |
} |
| 160 | 160 |
} |
| 161 | 161 |
|
| 162 |
+func (s *DockerSuite) TestRunContainerWithCgroupMountRO(c *check.C) {
|
|
| 163 |
+ testRequires(c, NativeExecDriver) |
|
| 164 |
+ |
|
| 165 |
+ filename := "/sys/fs/cgroup/devices/test123" |
|
| 166 |
+ cmd := exec.Command(dockerBinary, "run", "busybox", "touch", filename) |
|
| 167 |
+ out, _, err := runCommandWithOutput(cmd) |
|
| 168 |
+ if err == nil {
|
|
| 169 |
+ c.Fatal("expected cgroup mount point to be read-only, touch file should fail")
|
|
| 170 |
+ } |
|
| 171 |
+ expected := "Read-only file system" |
|
| 172 |
+ if !strings.Contains(out, expected) {
|
|
| 173 |
+ c.Fatalf("expected output from failure to contain %s but contains %s", expected, out)
|
|
| 174 |
+ } |
|
| 175 |
+} |
|
| 176 |
+ |
|
| 162 | 177 |
func (s *DockerSuite) TestRunDeviceDirectory(c *check.C) {
|
| 163 | 178 |
testRequires(c, NativeExecDriver) |
| 164 | 179 |
cmd := exec.Command(dockerBinary, "run", "--device", "/dev/snd:/dev/snd", "busybox", "sh", "-c", "ls /dev/snd/") |