高版本docker mount cgroup失败研究

发布时间:2024年01月15日

cgroup1


[root@901c18ae8c00 cgroup]# uname -r
5.8.0-050800rc1-generic
[root@901c18ae8c00 cgroup]# ll
total 0
drwxr-xr-x 2 root root  0 Jan 15 03:28 blkio
lrwxrwxrwx 1 root root 11 Jan 15 03:28 cpu -> cpu,cpuacct
drwxr-xr-x 2 root root  0 Jan 15 03:28 cpu,cpuacct
lrwxrwxrwx 1 root root 11 Jan 15 03:28 cpuacct -> cpu,cpuacct
drwxr-xr-x 2 root root  0 Jan 15 03:28 cpuset
drwxr-xr-x 2 root root  0 Jan 15 03:28 devices
drwxr-xr-x 2 root root  0 Jan 15 03:28 freezer
drwxr-xr-x 2 root root  0 Jan 15 03:28 hugetlb
drwxr-xr-x 2 root root  0 Jan 15 03:28 memory
lrwxrwxrwx 1 root root 16 Jan 15 03:28 net_cls -> net_cls,net_prio
drwxr-xr-x 2 root root  0 Jan 15 03:28 net_cls,net_prio
lrwxrwxrwx 1 root root 16 Jan 15 03:28 net_prio -> net_cls,net_prio
drwxr-xr-x 2 root root  0 Jan 15 03:28 perf_event
drwxr-xr-x 2 root root  0 Jan 15 03:28 pids
dr-xr-xr-x 2 root root  0 Aug  8 06:36 rdma
drwxr-xr-x 2 root root  0 Jan 15 03:28 systemd
[root@8e03aaeed1b2 /]# mount | grep cgroup
tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)

cgroup2

root@node2:/tmp# mount | grep cgroup
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)

参考

Container security fundamentals part 4: Cgroups | Datadog Security Labs

文章来源:https://blog.csdn.net/SHELLCODE_8BIT/article/details/135596475
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。
最新文章