mirror of
https://github.com/containers/youki
synced 2024-06-10 16:56:17 +02:00
Support sysctl
This commit is contained in:
Furisto
parent
1f613aefde
commit
4226cb4a02
|
|
@ -8,7 +8,7 @@ test_cases=("default/default.t" "linux_cgroups_devices/linux_cgroups_devices.t"
|
|||
"linux_cgroups_cpus/linux_cgroups_cpus.t" "linux_cgroups_relative_cpus/linux_cgroups_relative_cpus.t"
|
||||
"linux_cgroups_relative_devices/linux_cgroups_relative_devices.t" "linux_cgroups_relative_hugetlb/linux_cgroups_relative_hugetlb.t"
|
||||
"linux_cgroups_relative_memory/linux_cgroups_relative_memory.t" "linux_cgroups_relative_network/linux_cgroups_relative_network.t"
|
||||
"linux_cgroups_relative_pids/linux_cgroups_relative_pids.t" "create/create.t" "kill/kill.t" "delete/delete.t" "state/state.t")
|
||||
"linux_cgroups_relative_pids/linux_cgroups_relative_pids.t" "create/create.t" "kill/kill.t" "delete/delete.t" "state/state.t" "linux_sysctl/linux_sysctl.t")
|
||||
# Record the tests that runc also fails to pass below, maybe we will fix this by origin integration test, issue: https://github.com/containers/youki/issues/56
|
||||
# no_paas_test_case=("start/start.t")
|
||||
for case in "${test_cases[@]}"; do
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ use nix::{
|
|||
unistd::{Gid, Uid},
|
||||
};
|
||||
use oci_spec::Spec;
|
||||
use std::collections::HashMap;
|
||||
use std::{
|
||||
env,
|
||||
os::unix::{io::AsRawFd, prelude::RawFd},
|
||||
|
|
@ -188,6 +189,10 @@ pub fn container_init(args: ContainerInitArgs) -> Result<()> {
|
|||
command
|
||||
.pivot_rootfs(rootfs)
|
||||
.with_context(|| format!("Failed to pivot root to {:?}", rootfs))?;
|
||||
|
||||
if let Some(kernel_params) = &linux.sysctl {
|
||||
sysctl(kernel_params)?;
|
||||
}
|
||||
}
|
||||
|
||||
if let Some(paths) = &linux.readonly_paths {
|
||||
|
|
@ -263,6 +268,22 @@ pub fn container_init(args: ContainerInitArgs) -> Result<()> {
|
|||
unreachable!();
|
||||
}
|
||||
|
||||
fn sysctl(kernel_params: &HashMap<String, String>) -> Result<()> {
|
||||
let sys = PathBuf::from("/proc/sys");
|
||||
for (kernel_param, value) in kernel_params {
|
||||
let path = sys.join(kernel_param.replace(".", "/"));
|
||||
log::debug!(
|
||||
"apply value {} to kernel parameter {}.",
|
||||
value,
|
||||
kernel_param
|
||||
);
|
||||
fs::write(path, value.as_bytes())
|
||||
.with_context(|| format!("failed to set sysctl {}={}", kernel_param, value))?;
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn readonly_path(path: &str) -> Result<()> {
|
||||
match nix_mount::<str, str, str, str>(
|
||||
Some(path),
|
||||
|
|
|
|||
Loading…
Reference in New Issue