Skip to content

Commit 77ffd49

Browse files
author
Michael Crosby
committed
Merge pull request docker-archive#30 from crosbymichael/revert-mount-cgroup
Revert "Mount cgroups in the container"
2 parents 2a9ff02 + c7d1cb2 commit 77ffd49

File tree

1 file changed

+0
-66
lines changed

1 file changed

+0
-66
lines changed

mount/init.go

Lines changed: 0 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,9 @@ import (
66
"fmt"
77
"os"
88
"path/filepath"
9-
"strings"
109
"syscall"
1110

1211
"github.com/docker/libcontainer"
13-
"github.com/docker/libcontainer/cgroups"
1412
"github.com/docker/libcontainer/label"
1513
"github.com/docker/libcontainer/mount/nodes"
1614
"github.com/dotcloud/docker/pkg/symlink"
@@ -94,69 +92,6 @@ func mountSystem(rootfs string, container *libcontainer.Container) error {
9492
return fmt.Errorf("mounting %s into %s %s", m.source, m.path, err)
9593
}
9694
}
97-
98-
// Mount all cgroup subsystems into the container, read-only. Create symlinks for each
99-
// subsystem if any subsystems are merged
100-
cgroupMounts, err := cgroups.GetCgroupMounts()
101-
if err != nil {
102-
return err
103-
}
104-
105-
cgroupsDir := filepath.Join(rootfs, "/sys/fs/cgroup")
106-
107-
for _, m := range cgroupMounts {
108-
dir := filepath.Base(m.Mountpoint)
109-
mountpoint := filepath.Join(cgroupsDir, dir)
110-
111-
if err := os.MkdirAll(mountpoint, 0755); err != nil && !os.IsExist(err) {
112-
return fmt.Errorf("mkdirall %s %s", mountpoint, err)
113-
}
114-
115-
// Bind-mount the cgroup to /sys/fs/cgroup with the same name as the outer mount
116-
if err := system.Mount(m.Mountpoint, mountpoint, "bind", uintptr(syscall.MS_BIND|defaultMountFlags), ""); err != nil {
117-
return fmt.Errorf("mounting %s into %s %s", m.Mountpoint, mountpoint, err)
118-
}
119-
// Make it read-only
120-
if err := system.Mount(mountpoint, mountpoint, "bind", uintptr(syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|defaultMountFlags), ""); err != nil {
121-
return fmt.Errorf("remounting %s into %s %s", mountpoint, mountpoint, err)
122-
}
123-
124-
hasName := false
125-
for _, subsys := range m.Subsystems {
126-
isName := strings.HasPrefix(subsys, "name=")
127-
canonicalName := subsys
128-
if isName {
129-
hasName = true
130-
canonicalName = subsys[5:]
131-
}
132-
133-
// For the merged case dir will be something like "cpu,cpuacct", so
134-
// we make symlinks for all the pure subsystem names "cpu -> cpu,cpuacct", etc
135-
if canonicalName != dir {
136-
if err := os.Symlink(dir, filepath.Join(cgroupsDir, canonicalName)); err != nil {
137-
return fmt.Errorf("creating cgroup symlink for %s: %s", dir, err)
138-
}
139-
}
140-
}
141-
142-
// For named cgroups, such as name=systemd we mount a read-write subset at the
143-
// current cgroup path. This lets e.g. systemd work inside a container, as it can create subcgroups inside the
144-
// current cgroup, while not being able to do anything dangerous in the real cgroups
145-
if hasName {
146-
cgroupPath, _ := m.GetThisCgroupDir()
147-
if cgroupPath != "" && cgroupPath != "/" {
148-
if err := system.Mount(filepath.Join(m.Mountpoint, cgroupPath), filepath.Join(mountpoint, cgroupPath), "bind", uintptr(syscall.MS_BIND|defaultMountFlags), ""); err != nil {
149-
return fmt.Errorf("mounting %s into %s %s", filepath.Join(m.Mountpoint, cgroupPath), filepath.Join(mountpoint, cgroupPath), err)
150-
}
151-
}
152-
}
153-
}
154-
155-
// Make /sys/fs/cgroup read-only
156-
if err := system.Mount(cgroupsDir, cgroupsDir, "bind", uintptr(syscall.MS_REMOUNT|syscall.MS_RDONLY|defaultMountFlags), ""); err != nil {
157-
return fmt.Errorf("remounting %s read-only %s", cgroupsDir, err)
158-
}
159-
16095
return nil
16196
}
16297

@@ -258,7 +193,6 @@ func newSystemMounts(rootfs, mountLabel string, mounts libcontainer.Mounts) []mo
258193
{source: "proc", path: filepath.Join(rootfs, "proc"), device: "proc", flags: defaultMountFlags},
259194
{source: "sysfs", path: filepath.Join(rootfs, "sys"), device: "sysfs", flags: defaultMountFlags},
260195
{source: "tmpfs", path: filepath.Join(rootfs, "dev"), device: "tmpfs", flags: syscall.MS_NOSUID | syscall.MS_STRICTATIME, data: label.FormatMountLabel("mode=755", mountLabel)},
261-
{source: "tmpfs", path: filepath.Join(rootfs, "sys/fs/cgroup"), device: "tmpfs", flags: defaultMountFlags},
262196
{source: "shm", path: filepath.Join(rootfs, "dev", "shm"), device: "tmpfs", flags: defaultMountFlags, data: label.FormatMountLabel("mode=1777,size=65536k", mountLabel)},
263197
{source: "devpts", path: filepath.Join(rootfs, "dev", "pts"), device: "devpts", flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, data: label.FormatMountLabel("newinstance,ptmxmode=0666,mode=620,gid=5", mountLabel)},
264198
}

0 commit comments

Comments
 (0)