From 02917b34af813eae53b458a9b44f20b7b285baef Mon Sep 17 00:00:00 2001 From: June Rhodes Date: Thu, 8 Feb 2024 17:35:18 +1100 Subject: [PATCH] Allow silo/bindflt to be turned off via an annotation This should fix regression #1699 Signed-off-by: June Rhodes --- cmd/containerd-shim-runhcs-v1/pod.go | 1 + internal/jobcontainers/jobcontainer.go | 7 +++++++ pkg/annotations/annotations.go | 3 +++ 3 files changed, 11 insertions(+) diff --git a/cmd/containerd-shim-runhcs-v1/pod.go b/cmd/containerd-shim-runhcs-v1/pod.go index 57aedcfc93..a10453cdc1 100644 --- a/cmd/containerd-shim-runhcs-v1/pod.go +++ b/cmd/containerd-shim-runhcs-v1/pod.go @@ -332,6 +332,7 @@ func (p *pod) CreateTask(ctx context.Context, req *task.CreateTaskRequest, s *sp s.Annotations, annotations.HostProcessInheritUser, annotations.HostProcessRootfsLocation, + annotations.HostProcessDisableSilo, ) } diff --git a/internal/jobcontainers/jobcontainer.go b/internal/jobcontainers/jobcontainer.go index 05b66703f2..3774e835a7 100644 --- a/internal/jobcontainers/jobcontainer.go +++ b/internal/jobcontainers/jobcontainer.go @@ -25,6 +25,7 @@ import ( "github.com/Microsoft/hcsshim/internal/queue" "github.com/Microsoft/hcsshim/internal/resources" "github.com/Microsoft/hcsshim/internal/winapi" + "github.com/Microsoft/hcsshim/pkg/annotations" specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "golang.org/x/sys/windows" @@ -188,6 +189,12 @@ func Create(ctx context.Context, id string, s *specs.Spec) (_ cow.Container, _ * } }) + if forceNoSilo, ok := s.Annotations[annotations.HostProcessDisableSilo]; ok { + if forceNoSilo == "true" { + fileBindingSupport = false + } + } + var closer resources.ResourceCloser if fileBindingSupport { closer, err = container.bindSetup(ctx, s) diff --git a/pkg/annotations/annotations.go b/pkg/annotations/annotations.go index ac0823cdf3..30f195a473 100644 --- a/pkg/annotations/annotations.go +++ b/pkg/annotations/annotations.go @@ -102,6 +102,9 @@ const ( // supplied was C:\rootfs and the container's ID is 12345678 the rootfs will be located at C:\rootfs\12345678. HostProcessRootfsLocation = "microsoft.com/hostprocess-rootfs-location" + // HostProcessDisableSilo indicates to turn off silo/bindflt features, even if the host supports it. + HostProcessDisableSilo = "microsoft.com/hostprocess-no-silo" + // AllowOvercommit indicates if we should allow over commit memory for UVM. // Defaults to true. For physical backed memory, set to false. AllowOvercommit = "io.microsoft.virtualmachine.computetopology.memory.allowovercommit"