cgroups: github.com/containerd/cgroups/v2 Index | Files | Directories

package v2

import "github.com/containerd/cgroups/v2"

Devicefilter containes eBPF device filter program

The implementation is based on https://github.com/containers/crun/blob/0.10.2/src/libcrun/ebpf.c

Although ebpf.c is originally licensed under LGPL-3.0-or-later, the author (Giuseppe Scrivano) agreed to relicense the file in Apache License 2.0: https://github.com/opencontainers/runc/issues/2144#issuecomment-543116397

This particular Go implementation based on runc version https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/ebpf/devicefilter/devicefilter.go

Index

Package Files

cpu.go devicefilter.go ebpf.go errors.go hugetlb.go io.go manager.go memory.go paths.go pids.go rdma.go state.go utils.go

Variables

var (
    ErrInvalidPid               = errors.New("cgroups: pid must be greater than 0")
    ErrMountPointNotExist       = errors.New("cgroups: cgroup mountpoint does not exist")
    ErrInvalidFormat            = errors.New("cgroups: parsing file with invalid format failed")
    ErrFreezerNotSupported      = errors.New("cgroups: freezer cgroup (v2) not supported on this system")
    ErrMemoryNotSupported       = errors.New("cgroups: memory cgroup (v2) not supported on this system")
    ErrPidsNotSupported         = errors.New("cgroups: pids cgroup (v2) not supported on this system")
    ErrCPUNotSupported          = errors.New("cgroups: cpu cgroup (v2) not supported on this system")
    ErrCgroupDeleted            = errors.New("cgroups: cgroup deleted")
    ErrNoCgroupMountDestination = errors.New("cgroups: cannot find cgroup mount destination")
    ErrInvalidGroupPath         = errors.New("cgroups: invalid group path")
)

func DeviceFilter Uses

func DeviceFilter(devices []specs.LinuxDeviceCgroup) (asm.Instructions, string, error)

DeviceFilter returns eBPF device filter program and its license string

func IgnoreNotExist Uses

func IgnoreNotExist(err error) error

IgnoreNotExist ignores any errors that are for not existing files

func LoadAttachCgroupDeviceFilter Uses

func LoadAttachCgroupDeviceFilter(insts asm.Instructions, license string, dirFD int) (func() error, error)

LoadAttachCgroupDeviceFilter installs eBPF device filter program to /sys/fs/cgroup/<foo> directory.

Requires the system to be running in cgroup2 unified-mode with kernel >= 4.15 .

https://github.com/torvalds/linux/commit/ebc614f687369f9df99828572b1d85a7c2de3d92

func NestedGroupPath Uses

func NestedGroupPath(suffix string) (string, error)

NestedGroupPath will nest the cgroups based on the calling processes cgroup placing its child processes inside its own path

func PidGroupPath Uses

func PidGroupPath(pid int) (string, error)

PidGroupPath will return the correct cgroup paths for an existing process running inside a cgroup This is commonly used for the Load function to restore an existing container

func VerifyGroupPath Uses

func VerifyGroupPath(g string) error

VerifyGroupPath verifies the format of group path string g. The format is same as the third field in /proc/PID/cgroup. e.g. "/user.slice/user-1001.slice/session-1.scope"

g must be a "clean" absolute path starts with "/", and must not contain "/sys/fs/cgroup" prefix.

VerifyGroupPath doesn't verify whether g actually exists on the system.

type BFQ Uses

type BFQ struct {
    Weight uint16
}

type CPU Uses

type CPU struct {
    Weight *uint64
    Max    CPUMax
    Cpus   string
    Mems   string
}

func (*CPU) Values Uses

func (r *CPU) Values() (o []Value)

type CPUMax Uses

type CPUMax string

func NewCPUMax Uses

func NewCPUMax(quota *int64, period *uint64) CPUMax

type ControllerToggle Uses

type ControllerToggle int
const (
    Enable ControllerToggle = iota + 1
    Disable
)

type Entry Uses

type Entry struct {
    Type  IOType
    Major int64
    Minor int64
    Rate  uint64
}

func (Entry) String Uses

func (e Entry) String() string

type ErrorHandler Uses

type ErrorHandler func(err error) error

ErrorHandler is a function that handles and acts on errors

type Event Uses

type Event struct {
    Low     uint64
    High    uint64
    Max     uint64
    OOM     uint64
    OOMKill uint64
}

type HugeTlb Uses

type HugeTlb []HugeTlbEntry

func (*HugeTlb) Values Uses

func (r *HugeTlb) Values() (o []Value)

type HugeTlbEntry Uses

type HugeTlbEntry struct {
    HugePageSize string
    Limit        uint64
}

type IO Uses

type IO struct {
    BFQ BFQ
    Max []Entry
}

func (*IO) Values Uses

func (i *IO) Values() (o []Value)

type IOType Uses

type IOType string
const (
    ReadBPS   IOType = "rbps"
    WriteBPS  IOType = "wbps"
    ReadIOPS  IOType = "riops"
    WriteIOPS IOType = "wiops"
)

type Manager Uses

type Manager struct {
    // contains filtered or unexported fields
}

func LoadManager Uses

func LoadManager(mountpoint string, group string) (*Manager, error)

func LoadSystemd Uses

func LoadSystemd(slice, group string) (*Manager, error)

func NewManager Uses

func NewManager(mountpoint string, group string, resources *Resources) (*Manager, error)

func NewSystemd Uses

func NewSystemd(slice, group string, pid int, resources *Resources) (*Manager, error)

func (*Manager) AddProc Uses

func (c *Manager) AddProc(pid uint64) error

func (*Manager) Controllers Uses

func (c *Manager) Controllers() ([]string, error)

func (*Manager) Delete Uses

func (c *Manager) Delete() error

func (*Manager) DeleteSystemd Uses

func (c *Manager) DeleteSystemd() error

func (*Manager) EventChan Uses

func (c *Manager) EventChan() (<-chan Event, <-chan error)

func (*Manager) Freeze Uses

func (c *Manager) Freeze() error

func (*Manager) MemoryEventFD Uses

func (c *Manager) MemoryEventFD() (int, uint32, error)

MemoryEventFD returns inotify file descriptor and 'memory.events' inotify watch descriptor

func (*Manager) NewChild Uses

func (c *Manager) NewChild(name string, resources *Resources) (*Manager, error)

func (*Manager) Procs Uses

func (c *Manager) Procs(recursive bool) ([]uint64, error)

func (*Manager) RootControllers Uses

func (c *Manager) RootControllers() ([]string, error)

func (*Manager) Stat Uses

func (c *Manager) Stat() (*stats.Metrics, error)

func (*Manager) Thaw Uses

func (c *Manager) Thaw() error

func (*Manager) ToggleControllers Uses

func (c *Manager) ToggleControllers(controllers []string, t ControllerToggle) error

type Memory Uses

type Memory struct {
    Swap *int64
    Max  *int64
    Low  *int64
    High *int64
}

func (*Memory) Values Uses

func (r *Memory) Values() (o []Value)

type Pids Uses

type Pids struct {
    Max int64
}

func (*Pids) Values Uses

func (r *Pids) Values() (o []Value)

type RDMA Uses

type RDMA struct {
    Limit []RDMAEntry
}

func (*RDMA) Values Uses

func (r *RDMA) Values() (o []Value)

type RDMAEntry Uses

type RDMAEntry struct {
    Device     string
    HcaHandles uint32
    HcaObjects uint32
}

func (RDMAEntry) String Uses

func (r RDMAEntry) String() string

type Resources Uses

type Resources struct {
    CPU     *CPU
    Memory  *Memory
    Pids    *Pids
    IO      *IO
    RDMA    *RDMA
    HugeTlb *HugeTlb
    // When len(Devices) is zero, devices are not controlled
    Devices []specs.LinuxDeviceCgroup
}

Resources for a cgroups v2 unified hierarchy

func ToResources Uses

func ToResources(spec *specs.LinuxResources) *Resources

ToResources converts the oci LinuxResources struct into a v2 Resources type for use with this package.

converting cgroups configuration from v1 to v2 ref: https://github.com/containers/crun/blob/master/crun.1.md#cgroup-v2

func (*Resources) EnabledControllers Uses

func (r *Resources) EnabledControllers() (c []string)

EnabledControllers returns the list of all not nil resource controllers

func (*Resources) Values Uses

func (r *Resources) Values() (o []Value)

Values returns the raw filenames and values that can be written to the unified hierarchy

type State Uses

type State string

State is a type that represents the state of the current cgroup

const (
    Unknown State = ""
    Thawed  State = "thawed"
    Frozen  State = "frozen"
    Deleted State = "deleted"
)

func (State) Values Uses

func (s State) Values() []Value

type Value Uses

type Value struct {
    // contains filtered or unexported fields
}

Value of a cgroup setting

Directories

PathSynopsis
stats

Package v2 imports 21 packages (graph) and is imported by 28 packages. Updated 2020-07-12. Refresh now. Tools for package owners.