mirror of
https://github.com/containers/podman.git
synced 2025-11-30 01:58:46 +08:00
podman cgroup enhancement
currently, setting any sort of resource limit in a pod does nothing. With the newly refactored creation process in c/common, podman ca now set resources at a pod level meaning that resource related flags can now be exposed to podman pod create. cgroupfs and systemd are both supported with varying completion. cgroupfs is a much simpler process and one that is virtually complete for all resource types, the flags now just need to be added. systemd on the other hand has to be handeled via the dbus api meaning that the limits need to be passed as recognized properties to systemd. The properties added so far are the ones that podman pod create supports as well as `cpuset-mems` as this will be the next flag I work on. Signed-off-by: Charlie Doern <cdoern@redhat.com>
This commit is contained in:
cdoern
17
vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go
generated
vendored
17
vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go
generated
vendored
@@ -340,7 +340,7 @@ func ensureSupportedVersion() error {
|
||||
func getAPI() (uint, error) {
|
||||
api := C.seccomp_api_get()
|
||||
if api == 0 {
|
||||
return 0, fmt.Errorf("API level operations are not supported")
|
||||
return 0, errors.New("API level operations are not supported")
|
||||
}
|
||||
|
||||
return uint(api), nil
|
||||
@@ -349,11 +349,12 @@ func getAPI() (uint, error) {
|
||||
// Set the API level
|
||||
func setAPI(api uint) error {
|
||||
if retCode := C.seccomp_api_set(C.uint(api)); retCode != 0 {
|
||||
if errRc(retCode) == syscall.EOPNOTSUPP {
|
||||
return fmt.Errorf("API level operations are not supported")
|
||||
e := errRc(retCode)
|
||||
if e == syscall.EOPNOTSUPP {
|
||||
return errors.New("API level operations are not supported")
|
||||
}
|
||||
|
||||
return fmt.Errorf("could not set API level: %v", retCode)
|
||||
return fmt.Errorf("could not set API level: %w", e)
|
||||
}
|
||||
|
||||
return nil
|
||||
@@ -411,7 +412,7 @@ func (f *ScmpFilter) setFilterAttr(attr scmpFilterAttr, value C.uint32_t) error
|
||||
// Wrapper for seccomp_rule_add_... functions
|
||||
func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact bool, length C.uint, cond C.scmp_cast_t) error {
|
||||
if length != 0 && cond == nil {
|
||||
return fmt.Errorf("null conditions list, but length is nonzero")
|
||||
return errors.New("null conditions list, but length is nonzero")
|
||||
}
|
||||
|
||||
var retCode C.int
|
||||
@@ -430,7 +431,7 @@ func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact b
|
||||
case syscall.EPERM, syscall.EACCES:
|
||||
return errDefAction
|
||||
case syscall.EINVAL:
|
||||
return fmt.Errorf("two checks on same syscall argument")
|
||||
return errors.New("two checks on same syscall argument")
|
||||
default:
|
||||
return e
|
||||
}
|
||||
@@ -455,7 +456,7 @@ func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall, action ScmpAction, exact b
|
||||
} else {
|
||||
argsArr := C.make_arg_cmp_array(C.uint(len(conds)))
|
||||
if argsArr == nil {
|
||||
return fmt.Errorf("error allocating memory for conditions")
|
||||
return errors.New("error allocating memory for conditions")
|
||||
}
|
||||
defer C.free(argsArr)
|
||||
|
||||
@@ -495,7 +496,7 @@ func sanitizeAction(in ScmpAction) error {
|
||||
}
|
||||
|
||||
if inTmp != ActTrace && inTmp != ActErrno && (in&0xFFFF0000) != 0 {
|
||||
return fmt.Errorf("highest 16 bits must be zeroed except for Trace and Errno")
|
||||
return errors.New("highest 16 bits must be zeroed except for Trace and Errno")
|
||||
}
|
||||
|
||||
return nil
|
||||
|
||||
Reference in New Issue
Block a user