diff --git a/src/docker/cgroup.rs b/src/docker/cgroup.rs index 4ac5691..d8db72c 100644 --- a/src/docker/cgroup.rs +++ b/src/docker/cgroup.rs @@ -1,4 +1,4 @@ -use anyhow::{ensure, Context, Result}; +use anyhow::{bail, ensure, Context, Result}; use aya::maps::{HashMap, MapData}; use aya::programs::{CgroupDevice, Link}; use std::fs::File; @@ -196,3 +196,21 @@ impl DeviceAccessController for DeviceAccessControllerV2 { Ok(()) } } + +pub struct DeviceAccessControllerDummy; + +impl DeviceAccessController for DeviceAccessControllerDummy { + fn set_permission( + &mut self, + _ty: DeviceType, + _major: u32, + _minor: u32, + _access: Access, + ) -> Result<()> { + bail!("neither cgroup v1 and cgroup v2 works"); + } + + fn stop(self: Box) -> Result<()> { + Ok(()) + } +} diff --git a/src/docker/container.rs b/src/docker/container.rs index 7821c95..b2b28d3 100644 --- a/src/docker/container.rs +++ b/src/docker/container.rs @@ -10,7 +10,10 @@ use tokio::signal::unix::{signal, SignalKind}; use tokio::task::{spawn, JoinHandle}; use tokio_stream::StreamExt; -use super::cgroup::{Access, DeviceAccessController, DeviceAccessControllerV1, DeviceAccessControllerV2, DeviceType}; +use super::cgroup::{ + Access, DeviceAccessController, DeviceAccessControllerDummy, DeviceAccessControllerV1, + DeviceAccessControllerV2, DeviceType, +}; use super::{IoStream, IoStreamSource}; #[derive(Clone)] @@ -42,9 +45,14 @@ impl Container { let cgroup_device_filter: Box = match DeviceAccessControllerV2::new(id) { Ok(v) => Box::new(v), - Err(err) => match DeviceAccessControllerV1::new(id) { + Err(err2) => match DeviceAccessControllerV1::new(id) { Ok(v) => Box::new(v), - Err(_) => Err(err).context("neither cgroup v1 and cgroup v2 works")?, + Err(err1) => { + log::error!("neither cgroup v1 and cgroup v2 works"); + log::error!("cgroup v2: {err2}"); + log::error!("cgroup v1: {err1}"); + Box::new(DeviceAccessControllerDummy) + } }, };