[Devel] [PATCH] cgroup/cpuset: emulate cgroup in container
Stanislav Kinsburskiy
skinsbursky at virtuozzo.com
Wed Dec 13 13:37:48 MSK 2017
Any changes to this cgroup are skipped in container, but success code is
returned.
The idea is to fool Docker/Kubernetes.
https://jira.sw.ru/browse/PSBM-58423
This patch obsoletes "ve/proc/cpuset: do not show cpuset in CT"
Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
---
kernel/cpuset.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/kernel/cpuset.c b/kernel/cpuset.c
index 26d88eb..dfac505 100644
--- a/kernel/cpuset.c
+++ b/kernel/cpuset.c
@@ -1441,6 +1441,9 @@ static int cpuset_can_attach(struct cgroup *cgrp, struct cgroup_taskset *tset)
struct task_struct *task;
int ret;
+ if (!ve_is_super(get_exec_env()))
+ return 0;
+
mutex_lock(&cpuset_mutex);
ret = -ENOSPC;
@@ -1470,6 +1473,9 @@ static int cpuset_can_attach(struct cgroup *cgrp, struct cgroup_taskset *tset)
static void cpuset_cancel_attach(struct cgroup *cgrp,
struct cgroup_taskset *tset)
{
+ if (!ve_is_super(get_exec_env()))
+ return;
+
mutex_lock(&cpuset_mutex);
cgroup_cs(cgrp)->attach_in_progress--;
mutex_unlock(&cpuset_mutex);
@@ -1494,6 +1500,9 @@ static void cpuset_attach(struct cgroup *cgrp, struct cgroup_taskset *tset)
struct cpuset *cs = cgroup_cs(cgrp);
struct cpuset *oldcs = cgroup_cs(oldcgrp);
+ if (!ve_is_super(get_exec_env()))
+ return;
+
mutex_lock(&cpuset_mutex);
/* prepare for attach */
More information about the Devel
mailing list