cgroups: always create device cgroup on systemd

This is the same behavior as fs does.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
This commit is contained in:
Qiang Huang 2015-01-22 09:53:30 +08:00
parent 3fbf185602
commit c4821b6f3e
1 changed files with 10 additions and 10 deletions

View File

@ -128,10 +128,8 @@ func Apply(c *cgroups.Cgroup, pid int) (map[string]string, error) {
return nil, err
}
if !c.AllowAllDevices {
if err := joinDevices(c, pid); err != nil {
return nil, err
}
if err := joinDevices(c, pid); err != nil {
return nil, err
}
// -1 disables memorySwap
@ -272,14 +270,16 @@ func joinDevices(c *cgroups.Cgroup, pid int) error {
return err
}
if err := writeFile(path, "devices.deny", "a"); err != nil {
return err
}
for _, dev := range c.AllowedDevices {
if err := writeFile(path, "devices.allow", dev.GetCgroupAllowString()); err != nil {
if !c.AllowAllDevices {
if err := writeFile(path, "devices.deny", "a"); err != nil {
return err
}
for _, dev := range c.AllowedDevices {
if err := writeFile(path, "devices.allow", dev.GetCgroupAllowString()); err != nil {
return err
}
}
}
return nil