mirror/youki
1
0
Fork 0
mirror of https://github.com/containers/youki synced 2024-12-04 19:18:29 +01:00
Code Issues

fix: oci-spec import path

Browse Source
This commit is contained in:
Takashi IIGUNI 2021-09-07 02:59:59 +00:00
parent c7ed69a2fe
commit a678111c75
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cgroups/src/v2/devices/controller.rs
View File

@ -6,9 +6,9 @@ use anyhow::Result;
use super::*;
use nix::fcntl::OFlag;
use nix::sys::stat::Mode;
use oci_spec::{LinuxDeviceCgroup, LinuxResources};
use oci_spec::runtime::LinuxDeviceCgroup;
use crate::common::{default_allow_devices, default_devices};
use crate::common::{default_allow_devices, default_devices, ControllerOpt};
use crate::v2::controller::Controller;
const LICENSE: &'static str = &"Apache";
@ -16,12 +16,12 @@ const LICENSE: &'static str = &"Apache";
pub struct Devices {}
impl Controller for Devices {
fn apply(linux_resources: &LinuxResources, cgroup_root: &Path) -> Result<()> {
fn apply(controller_opt: &ControllerOpt, cgroup_root: &Path) -> Result<()> {
#[cfg(not(feature = "cgroupsv2_devices"))]
return Ok(());
#[cfg(feature = "cgroupsv2_devices")]
return Self::apply_devices(cgroup_root, &linux_resources.devices);
return Self::apply_devices(cgroup_root, &controller_opt.resources.devices);
}
}

8
cgroups/src/v2/devices/emulator.rs
View File

@ -1,5 +1,5 @@
use anyhow::Result;
use oci_spec::*;
use oci_spec::runtime::{LinuxDeviceCgroup, LinuxDeviceType};
// For cgroup v1 compatiblity, runc implements a device emulator to caculate the final rules given
// a list of user-defined rules.
@ -28,17 +28,17 @@ impl Emulator {
}
}
pub fn add_rules(&mut self, rules: &Vec<oci_spec::LinuxDeviceCgroup>) -> Result<()> {
pub fn add_rules(&mut self, rules: &Vec<LinuxDeviceCgroup>) -> Result<()> {
for rule in rules {
self.add_rule(rule)?;
}
Ok(())
}
pub fn add_rule(&mut self, rule: &oci_spec::LinuxDeviceCgroup) -> Result<()> {
pub fn add_rule(&mut self, rule: &LinuxDeviceCgroup) -> Result<()> {
// special case, switch to blacklist or whitelist and clear all existing rules
// NOTE: we ignore other fields when type='a', this is same as cgroup v1 and runc
if rule.typ.clone().unwrap_or_default() == oci_spec::LinuxDeviceType::A {
if rule.typ.clone().unwrap_or_default() == LinuxDeviceType::A {
self.default_allow = rule.allow;
self.rules.clear();
return Ok(());

2
cgroups/src/v2/devices/program.rs
View File

@ -1,5 +1,5 @@
use anyhow::{bail, Result};
use oci_spec::*;
use oci_spec::runtime::*;
use rbpf::disassembler::disassemble;
use rbpf::insn_builder::Arch as RbpfArch;