Le 22/05/2019 à 17:57, Burakov, Anatoly a écrit : > On 22-May-19 4:41 PM, Nicolas Dichtel wrote: >> move_pages() is only used to get the numa node id, but this function >> is not allowed by default in docker (it needs CAP_SYS_NICE and an update of >> the seccomp profile). >> get_mempolicy() also requires CAP_SYS_NICE but doesn't need any change in >> the default seccomp profile. >> >> Note that the returned value of move_pages() was not checked, thus some >> errors could be hidden (if the requested id was 0). >> >> Signed-off-by: Nicolas Dichtel <nicolas.dich...@6wind.com> >> Reviewed-by: Olivier Matz <olivier.m...@6wind.com> >> Reviewed-by: Didier Pallard <didier.pall...@6wind.com> >> --- > > I can see the check for move_pages and it's a good fix, but what is the > relation > to docker init here? The patch by itself only enables handling of move_pages() > failure and adds nothing else. The commit message doesn't match the patch in > question IMO. I'm not sure to understand your comment. The call to move_pages() is replaced by a call to get_mempolicy(). What am I missing?
Regards, Nicolas
