From 504f70ef81a4f5bfb337e5a694c9552e22bf9935 Mon Sep 17 00:00:00 2001 From: utam0k Date: Thu, 23 Mar 2023 08:02:04 +0000 Subject: [PATCH] Add I/O Priority Configuration for Process Group in Linux Containers Signed-off-by: utam0k --- config.md | 14 ++++++++++++++ schema/config-schema.json | 9 +++++++++ specs-go/config.go | 18 ++++++++++++++++++ 3 files changed, 41 insertions(+) diff --git a/config.md b/config.md index e2a9dda66..5503fe50a 100644 --- a/config.md +++ b/config.md @@ -293,6 +293,12 @@ For Linux-based systems, the `process` object supports the following process-spe For more information on how these two settings work together, see [the memory cgroup documentation section 10. OOM Contol][cgroup-v1-memory_2]. * **`selinuxLabel`** (string, OPTIONAL) specifies the SELinux label for the process. For more information about SELinux, see [SELinux documentation][selinux]. +* **`ioPriority`** (object, OPTIONAL) configures the I/O priority settings for the container's processes within the process group. + The I/O priority settings will be automatically applied to the entire process group, affecting all processes within the container. + The following properties are available: + + * **`class`** (string, REQUIRED) specifies the I/O scheduling class. Possible values are `IOPRIO_CLASS_RT`, `IOPRIO_CLASS_BE`, and `IOPRIO_CLASS_IDLE`. + * **`priority`** (int, REQUIRED) specifies the priority level within the class. The value should be an integer ranging from 0 (highest) to 7 (lowest). ### User @@ -334,6 +340,10 @@ _Note: symbolic name for uid and gid, such as uname and gname respectively, are ], "apparmorProfile": "acme_secure_profile", "selinuxLabel": "system_u:system_r:svirt_lxc_net_t:s0:c124,c675", + "ioPriority": { + "class": "IOPRIO_CLASS_IDLE", + "priority": 4 + }, "noNewPrivileges": true, "capabilities": { "bounding": [ @@ -734,6 +744,10 @@ Here is a full example `config.json` for reference. "apparmorProfile": "acme_secure_profile", "oomScoreAdj": 100, "selinuxLabel": "system_u:system_r:svirt_lxc_net_t:s0:c124,c675", + "ioPriority": { + "class": "IOPRIO_CLASS_IDLE", + "priority": 4 + }, "noNewPrivileges": true }, "root": { diff --git a/schema/config-schema.json b/schema/config-schema.json index cf66c6524..e85af322d 100644 --- a/schema/config-schema.json +++ b/schema/config-schema.json @@ -144,6 +144,15 @@ "selinuxLabel": { "type": "string" }, + "ioPriority": { + "class": "string", + "enum": [ + "IOPRIO_CLASS_RT", + "IOPRIO_CLASS_BE", + "IOPRIO_CLASS_IDLE" + ], + "priority": "integer" + }, "noNewPrivileges": { "type": "boolean" }, diff --git a/specs-go/config.go b/specs-go/config.go index 25f4e6e82..c43ded11b 100644 --- a/specs-go/config.go +++ b/specs-go/config.go @@ -62,6 +62,8 @@ type Process struct { OOMScoreAdj *int `json:"oomScoreAdj,omitempty" platform:"linux"` // SelinuxLabel specifies the selinux context that the container process is run as. SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` + // IOPriority contains the I/O priority settings for the cgroup. + IOPriority *LinuxIOPriority `json:"ioPriority,omitempty" platform:"linux"` } // LinuxCapabilities specifies the list of allowed capabilities that are kept for a process. @@ -79,6 +81,22 @@ type LinuxCapabilities struct { Ambient []string `json:"ambient,omitempty" platform:"linux"` } +// IOPriority represents I/O priority settings for the container's processes within the process group. +type LinuxIOPriority struct { + Class IOPriorityClass `json:"class"` + Priority int `json:"priority"` +} + +// IOPriorityClass represents an I/O scheduling class. +type IOPriorityClass string + +// Possible values for IOPriorityClass. +const ( + IOPRIO_CLASS_RT IOPriorityClass = "IOPRIO_CLASS_RT" + IOPRIO_CLASS_BE IOPriorityClass = "IOPRIO_CLASS_BE" + IOPRIO_CLASS_IDLE IOPriorityClass = "IOPRIO_CLASS_IDLE" +) + // Box specifies dimensions of a rectangle. Used for specifying the size of a console. type Box struct { // Height is the vertical dimension of a box.