diff --git a/cgroups/systemd/apply_systemd.go b/cgroups/systemd/apply_systemd.go index 6c87eb774..3f5f9381d 100644 --- a/cgroups/systemd/apply_systemd.go +++ b/cgroups/systemd/apply_systemd.go @@ -147,8 +147,8 @@ func (m *Manager) Apply(pid int) error { properties []systemd.Property ) - if c.Slice != "" { - slice = c.Slice + if c.Parent != "" { + slice = c.Parent } properties = append(properties, @@ -312,8 +312,8 @@ func getSubsystemPath(c *configs.Cgroup, subsystem string) (string, error) { } slice := "system.slice" - if c.Slice != "" { - slice = c.Slice + if c.Parent != "" { + slice = c.Parent } return filepath.Join(mountpoint, initPath, slice, getUnitName(c)), nil @@ -377,7 +377,7 @@ func (m *Manager) Set(container *configs.Config) error { } func getUnitName(c *configs.Cgroup) string { - return fmt.Sprintf("%s-%s.scope", c.Parent, c.Name) + return fmt.Sprintf("%s-%s.scope", c.ScopePrefix, c.Name) } // Atm we can't use the systemd device support because of two missing things: diff --git a/configs/cgroup.go b/configs/cgroup.go index 8a699ac10..7cf17c54f 100644 --- a/configs/cgroup.go +++ b/configs/cgroup.go @@ -52,8 +52,8 @@ type Cgroup struct { // set the freeze value for the process Freezer FreezerState `json:"freezer"` - // Parent slice to use for systemd TODO: remove in favor or parent - Slice string `json:"slice"` + // prefix for the scope name + ScopePrefix string `json:"scope_prefix"` // Whether to disable OOM Killer OomKillDisable bool `json:"oom_kill_disable"` diff --git a/nsinit/config.go b/nsinit/config.go index e50bb3c11..923c792d5 100644 --- a/nsinit/config.go +++ b/nsinit/config.go @@ -28,6 +28,7 @@ var createFlags = []cli.Flag{ cli.IntFlag{Name: "memory-swap", Usage: "set the memory swap limit for the container"}, cli.StringFlag{Name: "cpuset-cpus", Usage: "set the cpuset cpus"}, cli.StringFlag{Name: "cpuset-mems", Usage: "set the cpuset mems"}, + cli.StringFlag{Name: "cgroup-parent", Usage: "set the cgroup parent"}, cli.StringFlag{Name: "apparmor-profile", Usage: "set the apparmor profile"}, cli.StringFlag{Name: "process-label", Usage: "set the process label"}, cli.StringFlag{Name: "mount-label", Usage: "set the mount label"}, @@ -92,6 +93,11 @@ func modify(config *configs.Config, context *cli.Context) { config.Rootfs = rootfs } + cgroupParent := context.String("cgroup-parent") + if cgroupParent != "" { + config.Cgroups.Parent = cgroupParent + } + userns_uid := context.Int("userns-root-uid") if userns_uid != 0 { config.Namespaces.Add(configs.NEWUSER, "") @@ -222,7 +228,7 @@ func getTemplate() *configs.Config { }), Cgroups: &configs.Cgroup{ Name: filepath.Base(cwd), - Parent: "nsinit", + ScopePrefix: "nsinit", AllowAllDevices: false, AllowedDevices: configs.DefaultAllowedDevices, },