Putting the plugin in the same cgroup as the user process
This commit is contained in:
Diptanu Choudhury
parent
ff714703e6
commit
08932e5bbc
|
|
@ -81,19 +81,24 @@ func (e *UniversalExecutor) LaunchCmd(command *ExecCommand, ctx *ExecutorContext
|
||||||
|
|
||||||
e.ctx = ctx
|
e.ctx = ctx
|
||||||
|
|
||||||
|
// configuring the task dir
|
||||||
if err := e.configureTaskDir(); err != nil {
|
if err := e.configureTaskDir(); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// confiuguring the chroot
|
||||||
if err := e.configureIsolation(); err != nil {
|
if err := e.configureIsolation(); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// setting the user of the process
|
||||||
if e.ctx.UnprivilegedUser {
|
if e.ctx.UnprivilegedUser {
|
||||||
if err := e.runAs("nobody"); err != nil {
|
if err := e.runAs("nobody"); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// configuring log rotate
|
||||||
stdoPath := filepath.Join(e.taskDir, allocdir.TaskLocal, fmt.Sprintf("%v.stdout", ctx.TaskName))
|
stdoPath := filepath.Join(e.taskDir, allocdir.TaskLocal, fmt.Sprintf("%v.stdout", ctx.TaskName))
|
||||||
stdo, err := os.OpenFile(stdoPath, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0666)
|
stdo, err := os.OpenFile(stdoPath, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0666)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -108,8 +113,8 @@ func (e *UniversalExecutor) LaunchCmd(command *ExecCommand, ctx *ExecutorContext
|
||||||
}
|
}
|
||||||
e.cmd.Stderr = stde
|
e.cmd.Stderr = stde
|
||||||
|
|
||||||
|
// setting the env, path and args for the command
|
||||||
e.cmd.Env = ctx.TaskEnv.EnvList()
|
e.cmd.Env = ctx.TaskEnv.EnvList()
|
||||||
|
|
||||||
e.cmd.Path = ctx.TaskEnv.ReplaceEnv(command.Cmd)
|
e.cmd.Path = ctx.TaskEnv.ReplaceEnv(command.Cmd)
|
||||||
e.cmd.Args = append([]string{e.cmd.Path}, ctx.TaskEnv.ParseAndReplace(command.Args)...)
|
e.cmd.Args = append([]string{e.cmd.Path}, ctx.TaskEnv.ParseAndReplace(command.Args)...)
|
||||||
if filepath.Base(command.Cmd) == command.Cmd {
|
if filepath.Base(command.Cmd) == command.Cmd {
|
||||||
|
|
@ -119,11 +124,15 @@ func (e *UniversalExecutor) LaunchCmd(command *ExecCommand, ctx *ExecutorContext
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// starting the process
|
||||||
if err := e.cmd.Start(); err != nil {
|
if err := e.cmd.Start(); err != nil {
|
||||||
return nil, fmt.Errorf("error starting command: %v", err)
|
return nil, fmt.Errorf("error starting command: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
e.applyLimits()
|
// entering the user process in the cgroup
|
||||||
|
e.applyLimits(e.cmd.Process.Pid)
|
||||||
|
// entering the plugin process in cgroup
|
||||||
|
e.applyLimits(os.Getpid())
|
||||||
go e.wait()
|
go e.wait()
|
||||||
return &ProcessState{Pid: e.cmd.Process.Pid, ExitCode: -1, Time: time.Now()}, nil
|
return &ProcessState{Pid: e.cmd.Process.Pid, ExitCode: -1, Time: time.Now()}, nil
|
||||||
}
|
}
|
||||||
|
|
@ -167,15 +176,15 @@ func (e *UniversalExecutor) Exit() error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failied to find user process %v: %v", e.cmd.Process.Pid, err)
|
return fmt.Errorf("failied to find user process %v: %v", e.cmd.Process.Pid, err)
|
||||||
}
|
}
|
||||||
|
if err = proc.Kill(); err != nil {
|
||||||
|
e.logger.Printf("[DEBUG] executor.exit error: %v", err)
|
||||||
|
}
|
||||||
if e.ctx.FSIsolation {
|
if e.ctx.FSIsolation {
|
||||||
e.removeChrootMounts()
|
e.removeChrootMounts()
|
||||||
}
|
}
|
||||||
if e.ctx.ResourceLimits {
|
if e.ctx.ResourceLimits {
|
||||||
e.destroyCgroup()
|
e.destroyCgroup()
|
||||||
}
|
}
|
||||||
if err = proc.Kill(); err != nil {
|
|
||||||
e.logger.Printf("[DEBUG] executor.exit error: %v", err)
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ func (e *UniversalExecutor) runAs(userid string) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *UniversalExecutor) applyLimits() error {
|
func (e *UniversalExecutor) applyLimits(pid int) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -50,18 +50,21 @@ func (e *UniversalExecutor) configureIsolation() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// applyLimits puts a process in a pre-configured cgroup
|
// applyLimits puts a process in a pre-configured cgroup
|
||||||
func (e *UniversalExecutor) applyLimits() error {
|
func (e *UniversalExecutor) applyLimits(pid int) error {
|
||||||
if !e.ctx.ResourceLimits {
|
if !e.ctx.ResourceLimits {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Entering the process in the cgroup
|
||||||
manager := e.getCgroupManager(e.groups)
|
manager := e.getCgroupManager(e.groups)
|
||||||
if err := manager.Apply(e.cmd.Process.Pid); err != nil {
|
if err := manager.Apply(pid); err != nil {
|
||||||
e.logger.Printf("[ERROR] unable to join cgroup: %v", err)
|
e.logger.Printf("[ERROR] unable to join cgroup: %v", err)
|
||||||
if err := e.Exit(); err != nil {
|
if err := e.Exit(); err != nil {
|
||||||
e.logger.Printf("[ERROR] unable to kill process: %v", err)
|
e.logger.Printf("[ERROR] unable to kill process: %v", err)
|
||||||
}
|
}
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue