()
| 456 | } |
| 457 | |
| 458 | func (p *setnsProcess) start() (retErr error) { |
| 459 | defer p.comm.closeParent() |
| 460 | |
| 461 | // Get the "before" value of oom kill count. |
| 462 | oom, _ := p.manager.OOMKillCount() |
| 463 | |
| 464 | if err := p.startWithCgroupFD(); err != nil { |
| 465 | return fmt.Errorf("error starting setns process: %w", err) |
| 466 | } |
| 467 | |
| 468 | defer func() { |
| 469 | if retErr != nil { |
| 470 | if newOom, err := p.manager.OOMKillCount(); err == nil && newOom != oom { |
| 471 | // Someone in this cgroup was killed, this _might_ be us. |
| 472 | retErr = fmt.Errorf("%w (possibly OOM-killed)", retErr) |
| 473 | } |
| 474 | err := ignoreTerminateErrors(p.terminate()) |
| 475 | if err != nil { |
| 476 | logrus.WithError(err).Warn("unable to terminate setnsProcess") |
| 477 | } |
| 478 | } |
| 479 | }() |
| 480 | |
| 481 | if p.bootstrapData != nil { |
| 482 | if _, err := io.Copy(p.comm.initSockParent, p.bootstrapData); err != nil { |
| 483 | return fmt.Errorf("error copying bootstrap data to pipe: %w", err) |
| 484 | } |
| 485 | } |
| 486 | if err := p.execSetns(); err != nil { |
| 487 | return fmt.Errorf("error executing setns process: %w", err) |
| 488 | } |
| 489 | if err := p.addIntoCgroup(); err != nil { |
| 490 | return err |
| 491 | } |
| 492 | // Set final CPU affinity right after the process is moved into container's cgroup. |
| 493 | if err := p.setFinalCPUAffinity(); err != nil { |
| 494 | return err |
| 495 | } |
| 496 | if p.intelRdtPath != "" { |
| 497 | // if Intel RDT "resource control" filesystem path exists |
| 498 | _, err := os.Stat(p.intelRdtPath) |
| 499 | if err == nil { |
| 500 | if err := intelrdt.WriteIntelRdtTasks(p.intelRdtPath, p.pid()); err != nil { |
| 501 | return fmt.Errorf("error adding pid %d to Intel RDT: %w", p.pid(), err) |
| 502 | } |
| 503 | } |
| 504 | } |
| 505 | |
| 506 | if err := utils.WriteJSON(p.comm.initSockParent, p.config); err != nil { |
| 507 | return fmt.Errorf("error writing config to pipe: %w", err) |
| 508 | } |
| 509 | |
| 510 | var seenProcReady bool |
| 511 | ierr := parseSync(p.comm.syncSockParent, func(sync *syncT) error { |
| 512 | switch sync.Type { |
| 513 | case procReady: |
| 514 | seenProcReady = true |
| 515 | // Set rlimits, this has to be done here because we lose permissions |
nothing calls this directly
no test coverage detected