From 79db05ff0192bae1d0e505b93c5ac28818beb441 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Mon, 17 Jul 2017 12:32:21 +0200 Subject: [PATCH] BACKPORT: Fix setup cgroup before prestart hook Upstream reference: https://github.com/opencontainers/runc/pull/1239 Fixes: https://github.com/stefwalter/oci-kvm-hook/issues/3 * User Case: User could use prestart hook to add block devices to container. so the hook should have a way to set the permissions of the devices. Just move cgroup config operation before prestart hook will work. Signed-off-by: Antonio Murdaca --- libcontainer/process_linux.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 4b54e4b21..22f292bac 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -287,9 +287,6 @@ loop: } switch procSync.Type { case procReady: - if err := p.manager.Set(p.config.Config); err != nil { - return newSystemErrorWithCause(err, "setting cgroup config for ready process") - } // set oom_score_adj if err := setOomScoreAdj(p.config.Config.OomScoreAdj, p.pid()); err != nil { return newSystemErrorWithCause(err, "setting oom score for ready process") @@ -301,6 +298,10 @@ loop: } // call prestart hooks if !p.config.Config.Namespaces.Contains(configs.NEWNS) { + // Setup cgroup before prestart hook, so that the prestart hook could apply cgroup permissions. + if err := p.manager.Set(p.config.Config); err != nil { + return newSystemErrorWithCause(err, "setting cgroup config for ready process") + } if p.config.Config.Hooks != nil { s := configs.HookState{ Version: p.container.config.Version, @@ -321,6 +322,10 @@ loop: } sentRun = true case procHooks: + // Setup cgroup before prestart hook, so that the prestart hook could apply cgroup permissions. + if err := p.manager.Set(p.config.Config); err != nil { + return newSystemErrorWithCause(err, "setting cgroup config for procHooks process") + } if p.config.Config.Hooks != nil { s := configs.HookState{ Version: p.container.config.Version,