merges latest spec with runc #534
Conversation
| @@ -38,7 +38,13 @@ type Device struct { | |||
| } | |||
|
|
|||
| func (d *Device) CgroupString() string { | |||
| return fmt.Sprintf("%c %s:%s %s", d.Type, deviceNumberString(d.Major), deviceNumberString(d.Minor), d.Permissions) | |||
| var p string | |||
There was a problem hiding this comment.
I not sure we need to change this method's logic. Isn't no perms and invalid config?
There was a problem hiding this comment.
The spec moved permissions out... Now these need to come from some new whitelist... IOW need to talk to mrunal and figure out how permissions are to be setup for cgroups now that explict permissions are not stored in the devices[] list. See new access field in new DeviceCgroup, there are an array of these in resources. Somehow these will have to scope the permissions for the devices.
There was a problem hiding this comment.
you have to merge the permission when creating the deivces. Think of the spec as the View and libcontainer config is the model. You have to populate it correctly no matter how it is represented in the spec.
mikebrow
force-pushed
the
merge-spec-files
branch
from
2416330
to
6409875
Compare
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
mikebrow
force-pushed
the
merge-spec-files
branch
from
6409875
to
d44efdd
Compare
|
Had to rebase for #525 |
Closes #528
Signed-off-by: Mike Brown brownwm@us.ibm.com