MCPcopy
hub / github.com/opencontainers/runc / start

Method start

libcontainer/process_linux.go:458–592  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

456}
457
458func (p *setnsProcess) start() (retErr error) {
459 defer p.comm.closeParent()
460
461 // Get the "before" value of oom kill count.
462 oom, _ := p.manager.OOMKillCount()
463
464 if err := p.startWithCgroupFD(); err != nil {
465 return fmt.Errorf("error starting setns process: %w", err)
466 }
467
468 defer func() {
469 if retErr != nil {
470 if newOom, err := p.manager.OOMKillCount(); err == nil && newOom != oom {
471 // Someone in this cgroup was killed, this _might_ be us.
472 retErr = fmt.Errorf("%w (possibly OOM-killed)", retErr)
473 }
474 err := ignoreTerminateErrors(p.terminate())
475 if err != nil {
476 logrus.WithError(err).Warn("unable to terminate setnsProcess")
477 }
478 }
479 }()
480
481 if p.bootstrapData != nil {
482 if _, err := io.Copy(p.comm.initSockParent, p.bootstrapData); err != nil {
483 return fmt.Errorf("error copying bootstrap data to pipe: %w", err)
484 }
485 }
486 if err := p.execSetns(); err != nil {
487 return fmt.Errorf("error executing setns process: %w", err)
488 }
489 if err := p.addIntoCgroup(); err != nil {
490 return err
491 }
492 // Set final CPU affinity right after the process is moved into container's cgroup.
493 if err := p.setFinalCPUAffinity(); err != nil {
494 return err
495 }
496 if p.intelRdtPath != "" {
497 // if Intel RDT "resource control" filesystem path exists
498 _, err := os.Stat(p.intelRdtPath)
499 if err == nil {
500 if err := intelrdt.WriteIntelRdtTasks(p.intelRdtPath, p.pid()); err != nil {
501 return fmt.Errorf("error adding pid %d to Intel RDT: %w", p.pid(), err)
502 }
503 }
504 }
505
506 if err := utils.WriteJSON(p.comm.initSockParent, p.config); err != nil {
507 return fmt.Errorf("error writing config to pipe: %w", err)
508 }
509
510 var seenProcReady bool
511 ierr := parseSync(p.comm.syncSockParent, func(sync *syncT) error {
512 switch sync.Type {
513 case procReady:
514 seenProcReady = true
515 // Set rlimits, this has to be done here because we lose permissions

Callers

nothing calls this directly

Calls 15

startWithCgroupFDMethod · 0.95
execSetnsMethod · 0.95
addIntoCgroupMethod · 0.95
setFinalCPUAffinityMethod · 0.95
WriteIntelRdtTasksFunction · 0.92
WriteJSONFunction · 0.92
AnnotationsFunction · 0.92
ignoreTerminateErrorsFunction · 0.85
parseSyncFunction · 0.85
setupRlimitsFunction · 0.85
writeSyncFunction · 0.85
pidGetFdFunction · 0.85

Tested by

no test coverage detected