From 1f50057df8a4c6daadb8a5d84ff51cbffc3e5dd4 Mon Sep 17 00:00:00 2001 From: Vishnu Kannan Date: Mon, 16 Mar 2015 22:42:15 +0000 Subject: [PATCH] Adding '--cgroup-parent' flag to docker run. This feature helps users implement more complex resource isolation policies on top of what native docker provides. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan (github: vishh) Upstream-commit: 0b1e2b5a553565e99afd7ceda36beab098f506d0 Component: engine --- components/engine/daemon/container.go | 1 + components/engine/daemon/execdriver/driver.go | 6 ++++++ components/engine/runconfig/hostconfig.go | 2 ++ components/engine/runconfig/parse.go | 2 ++ 4 files changed, 11 insertions(+) diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go index 31bce1317a..e9b360083c 100644 --- a/components/engine/daemon/container.go +++ b/components/engine/daemon/container.go @@ -345,6 +345,7 @@ func populateCommand(c *Container, env []string) error { MountLabel: c.GetMountLabel(), LxcConfig: lxcConfig, AppArmorProfile: c.AppArmorProfile, + CgroupParent: c.hostConfig.CgroupParent, } return nil diff --git a/components/engine/daemon/execdriver/driver.go b/components/engine/daemon/execdriver/driver.go index 932b734d27..e937de3beb 100644 --- a/components/engine/daemon/execdriver/driver.go +++ b/components/engine/daemon/execdriver/driver.go @@ -164,6 +164,7 @@ type Command struct { MountLabel string `json:"mount_label"` LxcConfig []string `json:"lxc_config"` AppArmorProfile string `json:"apparmor_profile"` + CgroupParent string `json:"cgroup_parent"` // The parent cgroup for this command. } func InitContainer(c *Command) *configs.Config { @@ -179,6 +180,11 @@ func InitContainer(c *Command) *configs.Config { // check to see if we are running in ramdisk to disable pivot root container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != "" + + // Default parent cgroup is "docker". Override if required. + if c.CgroupParent != "" { + container.Cgroups.Parent = c.CgroupParent + } return container } diff --git a/components/engine/runconfig/hostconfig.go b/components/engine/runconfig/hostconfig.go index 72a80dc5d1..84d636b5c4 100644 --- a/components/engine/runconfig/hostconfig.go +++ b/components/engine/runconfig/hostconfig.go @@ -131,6 +131,7 @@ type HostConfig struct { ReadonlyRootfs bool Ulimits []*ulimit.Ulimit LogConfig LogConfig + CgroupParent string // Parent cgroup. } // This is used by the create command when you want to set both the @@ -182,6 +183,7 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig { IpcMode: IpcMode(job.Getenv("IpcMode")), PidMode: PidMode(job.Getenv("PidMode")), ReadonlyRootfs: job.GetenvBool("ReadonlyRootfs"), + CgroupParent: job.Getenv("CgroupParent"), } // FIXME: This is for backward compatibility, if people use `Cpuset` diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go index 34b0becf6a..ccd8056cf9 100644 --- a/components/engine/runconfig/parse.go +++ b/components/engine/runconfig/parse.go @@ -71,6 +71,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSe flRestartPolicy = cmd.String([]string{"-restart"}, "no", "Restart policy to apply when a container exits") flReadonlyRootfs = cmd.Bool([]string{"-read-only"}, false, "Mount the container's root filesystem as read only") flLoggingDriver = cmd.String([]string{"-log-driver"}, "", "Logging driver for container") + flCgroupParent = cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container") ) cmd.Var(&flAttach, []string{"a", "-attach"}, "Attach to STDIN, STDOUT or STDERR") @@ -332,6 +333,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSe ReadonlyRootfs: *flReadonlyRootfs, Ulimits: flUlimits.GetList(), LogConfig: LogConfig{Type: *flLoggingDriver}, + CgroupParent: *flCgroupParent, } // When allocating stdin in attached mode, close stdin at client disconnect