github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/libcontainer/cgroups/fs/devices.go

github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/libcontainer/cgroups/fs/devices.go (about)

     1  package fs
     2  
     3  import (
     4  	"github.com/opencontainers/runc/libcontainer/cgroups"
     5  	"github.com/opencontainers/runc/libcontainer/configs"
     6  )
     7  
     8  type DevicesGroup struct{}
     9  
    10  func (s *DevicesGroup) Name() string {
    11  	return "devices"
    12  }
    13  
    14  func (s *DevicesGroup) Apply(path string, r *configs.Resources, pid int) error {
    15  	if r.SkipDevices {
    16  		return nil
    17  	}
    18  	if path == "" {
    19  		// Return error here, since devices cgroup
    20  		// is a hard requirement for container's security.
    21  		return errSubsystemDoesNotExist
    22  	}
    23  
    24  	return apply(path, pid)
    25  }
    26  
    27  func (s *DevicesGroup) Set(path string, r *configs.Resources) error {
    28  	if cgroups.DevicesSetV1 == nil {
    29  		if len(r.Devices) == 0 {
    30  			return nil
    31  		}
    32  		return cgroups.ErrDevicesUnsupported
    33  	}
    34  	return cgroups.DevicesSetV1(path, r)
    35  }
    36  
    37  func (s *DevicesGroup) GetStats(path string, stats *cgroups.Stats) error {
    38  	return nil
    39  }