Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] cgroups v2: PoC of devices controller #208

Merged
merged 9 commits into from
Aug 29, 2021
Merged

Conversation

MoZhonghua
Copy link

This a PoC of cgroup v2 BPF devices controller, based on the implementation of runc.

It works but with many FIXMEs and TODOs:

  1. build BPF bytecode instruction by instruction using ebpf
  2. attach/detach using libbpf-sys, always attach new program and detach old programs, no BF_F_REPLACE
  3. use naive algorithm to check rules, runc's device emulator is not implemented
  4. there is a simple binary in cgroups/examples/bpf.rs, used to query/attach/detach BPF program, should help testing
  5. toggled on by feature "cgroupsv2_devices", which is enabled by default in Cargo.toml

@Furisto
Copy link
Collaborator

Furisto commented Aug 29, 2021

lgtm

@Furisto Furisto merged commit 9396982 into youki-dev:main Aug 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants