Skip to content

Commit

Permalink
Limit container start time to system boot
Browse files Browse the repository at this point in the history 
On some systems, root cgroup might report the time when creating the
folder /sys/fs/cgroup/subsys, so limit to boot time.
  • Loading branch information
@odinuge
odinuge committed Feb 22, 2021
1 parent 6ecac4f commit be44a6b
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions container/common/helpers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
"github.com/karrick/godirwalk"
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/pkg/errors"
"golang.org/x/sys/unix"

"k8s.io/klog/v2"
)
Expand Down Expand Up @@ -97,6 +98,14 @@ func GetSpec(cgroupPaths map[string]string, machineInfoFactory info.MachineInfoF
lowestTime = fi.ModTime()
}
}
var info unix.Sysinfo_t
if err := unix.Sysinfo(&info); err == nil {
sinceBoot := time.Duration(info.Uptime) * time.Second
// If time is before boot, use boot time instead
if now.Sub(lowestTime) > sinceBoot {
lowestTime = now.Add(-1 * sinceBoot)
}
}

if lowestTime != now {
spec.CreationTime = lowestTime
Expand Down

0 comments on commit be44a6b

Please sign in to comment.