mirror of
https://github.com/weaveworks/scope.git
synced 2026-05-21 00:23:05 +00:00
a82ba60760
``` $ gvt delete github.com/opencontainers/runc/libcontainer/cgroups $ gvt delete github.com/opencontainers/runc/libcontainer/configs $ gvt delete github.com/opencontainers/runc/libcontainer/system $ gvt delete github.com/opencontainers/runc/libcontainer/user $ gvt delete github.com/opencontainers/runc/libcontainer/utils $ gvt fetch --tag v1.0.0-rc5 github.com/opencontainers/runc/libcontainer 2018/07/23 17:08:18 Fetching: github.com/opencontainers/runc/libcontainer 2018/07/23 17:08:24 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/vishvananda/netlink 2018/07/23 17:08:24 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/golang.org/x/sys/unix 2018/07/23 17:08:24 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/cyphar/filepath-securejoin 2018/07/23 17:08:24 ·· Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/pkg/errors 2018/07/23 17:08:24 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/opencontainers/selinux/go-selinux/label 2018/07/23 17:08:25 ·· Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/opencontainers/selinux/go-selinux 2018/07/23 17:08:25 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/containerd/console 2018/07/23 17:08:25 ·· Fetching recursive dependency: github.com/opencontainers/runc/vendor/golang.org/x/sys/windows 2018/07/23 17:08:25 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/sirupsen/logrus 2018/07/23 17:08:25 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/godbus/dbus 2018/07/23 17:08:25 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/mrunalp/fileutils 2018/07/23 17:08:25 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/coreos/go-systemd/util 2018/07/23 17:08:25 ·· Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/coreos/pkg/dlopen 2018/07/23 17:08:25 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/golang/protobuf/proto 2018/07/23 17:08:25 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/syndtr/gocapability/capability 2018/07/23 17:08:25 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/coreos/go-systemd/dbus 2018/07/23 17:08:25 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/opencontainers/runtime-spec/specs-go 2018/07/23 17:08:25 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/seccomp/libseccomp-golang 2018/07/23 17:08:25 · Fetching recursive dependency: github.com/opencontainers/runc/vendor/github.com/docker/go-units ```
81 lines
1.7 KiB
Go
81 lines
1.7 KiB
Go
// +build linux
|
|
|
|
package fs
|
|
|
|
import (
|
|
"github.com/opencontainers/runc/libcontainer/cgroups"
|
|
"github.com/opencontainers/runc/libcontainer/configs"
|
|
"github.com/opencontainers/runc/libcontainer/system"
|
|
)
|
|
|
|
type DevicesGroup struct {
|
|
}
|
|
|
|
func (s *DevicesGroup) Name() string {
|
|
return "devices"
|
|
}
|
|
|
|
func (s *DevicesGroup) Apply(d *cgroupData) error {
|
|
_, err := d.join("devices")
|
|
if err != nil {
|
|
// We will return error even it's `not found` error, devices
|
|
// cgroup is hard requirement for container's security.
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (s *DevicesGroup) Set(path string, cgroup *configs.Cgroup) error {
|
|
if system.RunningInUserNS() {
|
|
return nil
|
|
}
|
|
|
|
devices := cgroup.Resources.Devices
|
|
if len(devices) > 0 {
|
|
for _, dev := range devices {
|
|
file := "devices.deny"
|
|
if dev.Allow {
|
|
file = "devices.allow"
|
|
}
|
|
if err := writeFile(path, file, dev.CgroupString()); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
if cgroup.Resources.AllowAllDevices != nil {
|
|
if *cgroup.Resources.AllowAllDevices == false {
|
|
if err := writeFile(path, "devices.deny", "a"); err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, dev := range cgroup.Resources.AllowedDevices {
|
|
if err := writeFile(path, "devices.allow", dev.CgroupString()); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
if err := writeFile(path, "devices.allow", "a"); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
for _, dev := range cgroup.Resources.DeniedDevices {
|
|
if err := writeFile(path, "devices.deny", dev.CgroupString()); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *DevicesGroup) Remove(d *cgroupData) error {
|
|
return removePath(d.path("devices"))
|
|
}
|
|
|
|
func (s *DevicesGroup) GetStats(path string, stats *cgroups.Stats) error {
|
|
return nil
|
|
}
|