summaryrefslogtreecommitdiff
path: root/vendor/github.com/containerd/cgroups/devices.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/containerd/cgroups/devices.go')
-rw-r--r--vendor/github.com/containerd/cgroups/devices.go74
1 files changed, 74 insertions, 0 deletions
diff --git a/vendor/github.com/containerd/cgroups/devices.go b/vendor/github.com/containerd/cgroups/devices.go
new file mode 100644
index 000000000..f0dca5c54
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/devices.go
@@ -0,0 +1,74 @@
+package cgroups
+
+import (
+ "fmt"
+ "io/ioutil"
+ "os"
+ "path/filepath"
+
+ specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+const (
+ allowDeviceFile = "devices.allow"
+ denyDeviceFile = "devices.deny"
+ wildcard = -1
+)
+
+func NewDevices(root string) *devicesController {
+ return &devicesController{
+ root: filepath.Join(root, string(Devices)),
+ }
+}
+
+type devicesController struct {
+ root string
+}
+
+func (d *devicesController) Name() Name {
+ return Devices
+}
+
+func (d *devicesController) Path(path string) string {
+ return filepath.Join(d.root, path)
+}
+
+func (d *devicesController) Create(path string, resources *specs.LinuxResources) error {
+ if err := os.MkdirAll(d.Path(path), defaultDirPerm); err != nil {
+ return err
+ }
+ for _, device := range resources.Devices {
+ file := denyDeviceFile
+ if device.Allow {
+ file = allowDeviceFile
+ }
+ if err := ioutil.WriteFile(
+ filepath.Join(d.Path(path), file),
+ []byte(deviceString(device)),
+ defaultFilePerm,
+ ); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func (d *devicesController) Update(path string, resources *specs.LinuxResources) error {
+ return d.Create(path, resources)
+}
+
+func deviceString(device specs.LinuxDeviceCgroup) string {
+ return fmt.Sprintf("%c %s:%s %s",
+ &device.Type,
+ deviceNumber(device.Major),
+ deviceNumber(device.Minor),
+ &device.Access,
+ )
+}
+
+func deviceNumber(number *int64) string {
+ if number == nil || *number == wildcard {
+ return "*"
+ }
+ return fmt.Sprint(*number)
+}