63 lines
2.4 KiB
Diff
63 lines
2.4 KiB
Diff
|
From dfb3496c174377b860b62872ce6af951364cc3ac Mon Sep 17 00:00:00 2001
|
||
|
From: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
||
|
Date: Tue, 12 Dec 2017 13:22:42 +0530
|
||
|
Subject: [PATCH] Revert "Apply cgroups earlier"
|
||
|
|
||
|
This reverts commit 7062c7556b71188abc18d7516441ff4b03fbc1fc.
|
||
|
---
|
||
|
libcontainer/process_linux.go | 31 ++++++++++++++-----------------
|
||
|
1 file changed, 14 insertions(+), 17 deletions(-)
|
||
|
|
||
|
diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
|
||
|
index 149b1126..b8a395af 100644
|
||
|
--- a/libcontainer/process_linux.go
|
||
|
+++ b/libcontainer/process_linux.go
|
||
|
@@ -272,6 +272,20 @@ func (p *initProcess) start() error {
|
||
|
p.process.ops = nil
|
||
|
return newSystemErrorWithCause(err, "starting init process command")
|
||
|
}
|
||
|
+ if _, err := io.Copy(p.parentPipe, p.bootstrapData); err != nil {
|
||
|
+ return newSystemErrorWithCause(err, "copying bootstrap data to pipe")
|
||
|
+ }
|
||
|
+ if err := p.execSetns(); err != nil {
|
||
|
+ return newSystemErrorWithCause(err, "running exec setns process for init")
|
||
|
+ }
|
||
|
+ // Save the standard descriptor names before the container process
|
||
|
+ // can potentially move them (e.g., via dup2()). If we don't do this now,
|
||
|
+ // we won't know at checkpoint time which file descriptor to look up.
|
||
|
+ fds, err := getPipeFds(p.pid())
|
||
|
+ if err != nil {
|
||
|
+ return newSystemErrorWithCausef(err, "getting pipe fds for pid %d", p.pid())
|
||
|
+ }
|
||
|
+ p.setExternalDescriptors(fds)
|
||
|
// Do this before syncing with child so that no children can escape the
|
||
|
// cgroup. We don't need to worry about not doing this and not being root
|
||
|
// because we'd be using the rootless cgroup manager in that case.
|
||
|
@@ -292,23 +306,6 @@ func (p *initProcess) start() error {
|
||
|
}
|
||
|
}
|
||
|
}()
|
||
|
-
|
||
|
- if _, err := io.Copy(p.parentPipe, p.bootstrapData); err != nil {
|
||
|
- return newSystemErrorWithCause(err, "copying bootstrap data to pipe")
|
||
|
- }
|
||
|
-
|
||
|
- if err := p.execSetns(); err != nil {
|
||
|
- return newSystemErrorWithCause(err, "running exec setns process for init")
|
||
|
- }
|
||
|
-
|
||
|
- // Save the standard descriptor names before the container process
|
||
|
- // can potentially move them (e.g., via dup2()). If we don't do this now,
|
||
|
- // we won't know at checkpoint time which file descriptor to look up.
|
||
|
- fds, err := getPipeFds(p.pid())
|
||
|
- if err != nil {
|
||
|
- return newSystemErrorWithCausef(err, "getting pipe fds for pid %d", p.pid())
|
||
|
- }
|
||
|
- p.setExternalDescriptors(fds)
|
||
|
if err := p.createNetworkInterfaces(); err != nil {
|
||
|
return newSystemErrorWithCause(err, "creating network interfaces")
|
||
|
}
|
||
|
--
|
||
|
2.14.3
|
||
|
|