mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-12-01 05:43:54 +00:00
3c0c5ed4e0
godep restore pushd $GOPATH/src/github.com/appc/spec git co master popd go get go4.org/errorutil rm -rf Godeps godep save ./... git add vendor git add -f $(git ls-files --other vendor/) git co -- Godeps/LICENSES Godeps/.license_file_state Godeps/OWNERS
61 lines
1.3 KiB
Go
61 lines
1.3 KiB
Go
// +build linux
|
|
|
|
package fs
|
|
|
|
import (
|
|
"github.com/opencontainers/runc/libcontainer/cgroups"
|
|
"github.com/opencontainers/runc/libcontainer/configs"
|
|
)
|
|
|
|
type DevicesGroup struct {
|
|
}
|
|
|
|
func (s *DevicesGroup) Name() string {
|
|
return "devices"
|
|
}
|
|
|
|
func (s *DevicesGroup) Apply(d *cgroupData) error {
|
|
_, err := d.join("devices")
|
|
if err != nil {
|
|
// We will return error even it's `not found` error, devices
|
|
// cgroup is hard requirement for container's security.
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (s *DevicesGroup) Set(path string, cgroup *configs.Cgroup) error {
|
|
if !cgroup.Resources.AllowAllDevices {
|
|
if err := writeFile(path, "devices.deny", "a"); err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, dev := range cgroup.Resources.AllowedDevices {
|
|
if err := writeFile(path, "devices.allow", dev.CgroupString()); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
if err := writeFile(path, "devices.allow", "a"); err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, dev := range cgroup.Resources.DeniedDevices {
|
|
if err := writeFile(path, "devices.deny", dev.CgroupString()); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *DevicesGroup) Remove(d *cgroupData) error {
|
|
return removePath(d.path("devices"))
|
|
}
|
|
|
|
func (s *DevicesGroup) GetStats(path string, stats *cgroups.Stats) error {
|
|
return nil
|
|
}
|