From d49a03d6c631d1470739058b83edce47fcf2968a Mon Sep 17 00:00:00 2001
From: Shishir Mahajan <smahajan@roblox.com>
Date: Fri, 25 Sep 2020 16:41:30 -0700
Subject: [PATCH] Apply memory cgroups to the container.

---
 containerd/containerd.go | 5 ++++-
 containerd/driver.go     | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/containerd/containerd.go b/containerd/containerd.go
index d87cd30..85aa9eb 100644
--- a/containerd/containerd.go
+++ b/containerd/containerd.go
@@ -41,7 +41,7 @@ func (d *Driver) pullImage(imageName string) (containerd.Image, error) {
 	return d.client.Pull(d.ctxContainerd, imageName, containerd.WithPullUnpack)
 }
 
-func (d *Driver) createContainer(image containerd.Image, containerName, containerSnapshotName, containerdRuntime, netnsPath, secretsDir, taskDir, allocDir string, env []string, config *TaskConfig) (containerd.Container, error) {
+func (d *Driver) createContainer(image containerd.Image, containerName, containerSnapshotName, containerdRuntime, netnsPath, secretsDir, taskDir, allocDir string, env []string, memoryLimit int64, config *TaskConfig) (containerd.Container, error) {
 	if config.Command == "" && len(config.Args) > 0 {
 		return nil, fmt.Errorf("Command is empty. Cannot set --args without --command.")
 	}
@@ -105,6 +105,9 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
 	// Set environment variables.
 	opts = append(opts, oci.WithEnv(env))
 
+	// Set cgroups memory limit.
+	opts = append(opts, oci.WithMemoryLimit(uint64(memoryLimit)))
+
 	// Add linux devices into the container.
 	for _, device := range config.Devices {
 		opts = append(opts, oci.WithLinuxDevice(device, "rwm"))
diff --git a/containerd/driver.go b/containerd/driver.go
index 26d76f2..1489693 100644
--- a/containerd/driver.go
+++ b/containerd/driver.go
@@ -380,7 +380,7 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
 		netnsPath = cfg.NetworkIsolation.Path
 	}
 
-	container, err := d.createContainer(image, containerName, containerSnapshotName, d.config.ContainerdRuntime, netnsPath, secretsDir, taskDir, allocDir, env, &driverConfig)
+	container, err := d.createContainer(image, containerName, containerSnapshotName, d.config.ContainerdRuntime, netnsPath, secretsDir, taskDir, allocDir, env, cfg.Resources.LinuxResources.MemoryLimitBytes, &driverConfig)
 	if err != nil {
 		return nil, nil, fmt.Errorf("Error in creating container: %v", err)
 	}