Skip to content

Commit

Permalink
jail: parse OCI cgroups resources
Browse files Browse the repository at this point in the history 
Start pure cgroup2 implementation with emulation of (some) cgroup1
properties.
Initially support converting cpu, memory, blockIO, pids to unified in
addition to directly specifying unified attributes as suggested in
opencontainers/runtime-spec#1040

Support for converting devices and network into BPF programs is
planned.

Now that containers have their representation in the unified cgroup
hierarchy, make sure using cgroup namespaces also produces meaningful
results.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  • Loading branch information
@dangowrt
dangowrt committed Aug 6, 2020
1 parent 83053b6 commit 16159bb
Show file tree
Hide file tree
Showing 4 changed files with 900 additions and 31 deletions.
2 changes: 1 addition & 1 deletion CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ IF(SECCOMP_SUPPORT)
ENDIF()

IF(JAIL_SUPPORT)
ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c jail/fs.c jail/capabilities.c ${SOURCES_OCI_SECCOMP})
ADD_EXECUTABLE(ujail jail/jail.c jail/cgroups.c jail/elf.c jail/fs.c jail/capabilities.c ${SOURCES_OCI_SECCOMP})
TARGET_LINK_LIBRARIES(ujail ${ubox} ${ubus} ${blobmsg_json})
INSTALL(TARGETS ujail
RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
Expand Down

0 comments on commit 16159bb

Please sign in to comment.