]>
Commit | Line | Data |
---|---|---|
576f946d | 1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * (C) Copyright IBM Corp. 2007, 2008 | |
5 | * | |
6 | * Authors: | |
9afe19d6 | 7 | * Daniel Lezcano <daniel.lezcano at free.fr> |
576f946d | 8 | * |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
21 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
22 | */ | |
23 | #define _GNU_SOURCE | |
24 | #include <stdio.h> | |
25 | #undef _GNU_SOURCE | |
26 | #include <stdlib.h> | |
27 | #include <errno.h> | |
576f946d | 28 | #include <unistd.h> |
29 | #include <string.h> | |
341a9bd8 | 30 | #include <dirent.h> |
576f946d | 31 | #include <fcntl.h> |
b98f7d6e | 32 | #include <ctype.h> |
576f946d | 33 | #include <sys/types.h> |
34 | #include <sys/stat.h> | |
35 | #include <sys/param.h> | |
36 | #include <sys/inotify.h> | |
37 | #include <netinet/in.h> | |
38 | #include <net/if.h> | |
39 | ||
e2bcd7db | 40 | #include "error.h" |
881450bb | 41 | #include "config.h" |
ae5c8b8e | 42 | #include "commands.h" |
b98f7d6e SH |
43 | #include "list.h" |
44 | #include "conf.h" | |
36eb9bde | 45 | |
36eb9bde | 46 | #include <lxc/log.h> |
00b3c2e2 CLG |
47 | #include <lxc/cgroup.h> |
48 | #include <lxc/start.h> | |
36eb9bde | 49 | |
edaf8b1b SG |
50 | #if IS_BIONIC |
51 | #include <../include/lxcmntent.h> | |
52 | #else | |
53 | #include <mntent.h> | |
54 | #endif | |
55 | ||
120ce443 SG |
56 | #ifndef HAVE_GETLINE |
57 | #ifdef HAVE_FGETLN | |
58 | #include <../include/getline.h> | |
59 | #endif | |
60 | #endif | |
61 | ||
36eb9bde | 62 | lxc_log_define(lxc_cgroup, lxc); |
576f946d | 63 | |
5193cc3d | 64 | #define MTAB "/proc/mounts" |
576f946d | 65 | |
fd37327f ÇO |
66 | /* In the case of a bind mount, there could be two long pathnames in the |
67 | * mntent plus options so use large enough buffer size | |
68 | */ | |
69 | #define LARGE_MAXPATHLEN 4 * MAXPATHLEN | |
70 | ||
1d39a065 DW |
71 | /* Check if a mount is a cgroup hierarchy for any subsystem. |
72 | * Return the first subsystem found (or NULL if none). | |
73 | */ | |
74 | static char *mount_has_subsystem(const struct mntent *mntent) | |
75 | { | |
76 | FILE *f; | |
5270bf4b | 77 | char *c, *ret = NULL; |
1d39a065 DW |
78 | char line[MAXPATHLEN]; |
79 | ||
80 | /* read the list of subsystems from the kernel */ | |
81 | f = fopen("/proc/cgroups", "r"); | |
82 | if (!f) | |
83 | return 0; | |
84 | ||
85 | /* skip the first line, which contains column headings */ | |
00b6be44 SH |
86 | if (!fgets(line, MAXPATHLEN, f)) { |
87 | fclose(f); | |
1d39a065 | 88 | return 0; |
00b6be44 | 89 | } |
1d39a065 DW |
90 | |
91 | while (fgets(line, MAXPATHLEN, f)) { | |
92 | c = strchr(line, '\t'); | |
93 | if (!c) | |
94 | continue; | |
95 | *c = '\0'; | |
96 | ||
97 | ret = hasmntopt(mntent, line); | |
98 | if (ret) | |
99 | break; | |
100 | } | |
101 | ||
102 | fclose(f); | |
103 | return ret; | |
104 | } | |
105 | ||
d08ba6ec | 106 | /* |
23622a2a | 107 | * Determine mountpoint for a cgroup subsystem. |
b98f7d6e | 108 | * @dest: a passed-in buffer of at least size MAXPATHLEN into which the path |
ae5c8b8e | 109 | * is copied. |
b98f7d6e | 110 | * @subsystem: cgroup subsystem (i.e. freezer) |
ae5c8b8e | 111 | * |
b98f7d6e | 112 | * Returns true on success, false on error. |
ae5c8b8e | 113 | */ |
b98f7d6e | 114 | bool get_subsys_mount(char *dest, const char *subsystem) |
576f946d | 115 | { |
93d564ed | 116 | struct mntent mntent_r; |
bcbd102c | 117 | FILE *file = NULL; |
b98f7d6e SH |
118 | int ret; |
119 | bool retv = false; | |
fd37327f ÇO |
120 | char buf[LARGE_MAXPATHLEN] = {0}; |
121 | ||
bcbd102c SH |
122 | file = setmntent(MTAB, "r"); |
123 | if (!file) { | |
124 | SYSERROR("failed to open %s", MTAB); | |
5193cc3d | 125 | return -1; |
bcbd102c | 126 | } |
0d9f8e18 | 127 | |
93d564ed | 128 | while ((getmntent_r(file, &mntent_r, buf, sizeof(buf)))) { |
b98f7d6e | 129 | if (strcmp(mntent_r.mnt_type, "cgroup")) |
bcbd102c | 130 | continue; |
ef6e34ee | 131 | |
1d39a065 | 132 | if (subsystem) { |
fd37327f | 133 | if (!hasmntopt(&mntent_r, subsystem)) |
1d39a065 | 134 | continue; |
ae5c8b8e | 135 | } else { |
fd37327f | 136 | if (!mount_has_subsystem(&mntent_r)) |
1d39a065 DW |
137 | continue; |
138 | } | |
ad08bbb7 | 139 | |
b98f7d6e | 140 | ret = snprintf(dest, MAXPATHLEN, "%s", mntent_r.mnt_dir); |
ad08bbb7 DW |
141 | if (ret < 0 || ret >= MAXPATHLEN) |
142 | goto fail; | |
143 | ||
b98f7d6e | 144 | retv = true; |
ad08bbb7 | 145 | goto out; |
bcbd102c | 146 | }; |
576f946d | 147 | |
d08ba6ec SH |
148 | fail: |
149 | DEBUG("Failed to find cgroup for %s\n", | |
150 | subsystem ? subsystem : "(NULL)"); | |
ad08bbb7 DW |
151 | out: |
152 | endmntent(file); | |
b98f7d6e | 153 | return retv; |
5193cc3d DL |
154 | } |
155 | ||
ae5c8b8e | 156 | /* |
b98f7d6e SH |
157 | * is_in_cgroup: check whether pid is found in the passed-in cgroup tasks |
158 | * file. | |
159 | * @path: in full path to a cgroup tasks file | |
160 | * Note that in most cases the file will simply not exist, which is ok - it | |
161 | * just means that's not our cgroup. | |
ae5c8b8e | 162 | */ |
b98f7d6e | 163 | static bool is_in_cgroup(pid_t pid, char *path) |
0b9c21ab | 164 | { |
b98f7d6e SH |
165 | int cmppid; |
166 | FILE *f = fopen(path, "r"); | |
167 | char *line = NULL; | |
168 | size_t sz = 0; | |
fd37327f | 169 | |
b98f7d6e SH |
170 | if (!f) |
171 | return false; | |
172 | while (getline(&line, &sz, f) != -1) { | |
173 | if (sscanf(line, "%d", &cmppid) == 1 && cmppid == pid) { | |
174 | fclose(f); | |
175 | free(line); | |
176 | return true; | |
ae5c8b8e | 177 | } |
ae5c8b8e | 178 | } |
b98f7d6e SH |
179 | fclose(f); |
180 | if (line) | |
181 | free(line); | |
182 | return false; | |
0b9c21ab SH |
183 | } |
184 | ||
ae5c8b8e | 185 | /* |
2acf7795 DE |
186 | * lxc_cgroup_path_get: Get the absolute pathname for a cgroup |
187 | * file for a running container. | |
188 | * | |
189 | * @subsystem : subsystem of interest (e.g. "freezer"). If NULL, then | |
190 | * the first cgroup entry in mtab will be used. | |
191 | * @name : name of container to connect to | |
192 | * @lxcpath : the lxcpath in which the container is running | |
ae5c8b8e SH |
193 | * |
194 | * This is the exported function, which determines cgpath from the | |
2acf7795 | 195 | * lxc-start of the @name container running in @lxcpath. |
ae5c8b8e | 196 | * |
2acf7795 DE |
197 | * Returns path on success, NULL on error. The caller must free() |
198 | * the returned path. | |
ae5c8b8e | 199 | */ |
2acf7795 DE |
200 | char *lxc_cgroup_path_get(const char *subsystem, const char *name, |
201 | const char *lxcpath) | |
fd4f5a56 | 202 | { |
b98f7d6e SH |
203 | char *cgpath, *cgp, path[MAXPATHLEN], *pathp, *p; |
204 | pid_t initpid = lxc_cmd_get_init_pid(name, lxcpath); | |
205 | int ret; | |
206 | ||
6fe93aa1 | 207 | if (initpid < 0) |
b98f7d6e | 208 | return NULL; |
fd4f5a56 | 209 | |
b98f7d6e SH |
210 | cgpath = lxc_cmd_get_cgroup_path(name, lxcpath, subsystem); |
211 | if (!cgpath) | |
2acf7795 | 212 | return NULL; |
fd4f5a56 | 213 | |
b98f7d6e SH |
214 | if (!get_subsys_mount(path, subsystem)) |
215 | return NULL; | |
216 | ||
217 | pathp = path + strlen(path); | |
218 | /* | |
219 | * find a mntpt where i have the subsystem mounted, then find | |
220 | * a subset cgpath under that which has pid in it. | |
221 | * | |
222 | * If d->mntpt is '/a/b/c/d', and the mountpoint is /x/y/z, | |
223 | * then look for ourselves in: | |
224 | * /x/y/z/a/b/c/d/tasks | |
225 | * /x/y/z/b/c/d/tasks | |
226 | * /x/y/z/c/d/tasks | |
227 | * /x/y/z/d/tasks | |
228 | * /x/y/z/tasks | |
229 | */ | |
230 | cgp = cgpath; | |
231 | while (cgp[0]) { | |
232 | ret = snprintf(pathp, MAXPATHLEN - (pathp - path), "%s/tasks", cgp); | |
233 | if (ret < 0 || ret >= MAXPATHLEN) | |
234 | return NULL; | |
235 | if (!is_in_cgroup(initpid, path)) { | |
236 | // does not exist, try the next one | |
237 | cgp = index(cgp+1, '/'); | |
238 | if (!cgp) | |
239 | break; | |
240 | continue; | |
241 | } | |
242 | break; | |
243 | } | |
244 | if (!cgp || !*cgp) { | |
245 | // try just the path | |
246 | ret = snprintf(pathp, MAXPATHLEN - (pathp - path), "/tasks"); | |
247 | if (ret < 0 || ret >= MAXPATHLEN) | |
248 | return NULL; | |
249 | if (!is_in_cgroup(initpid, path)) { | |
250 | return NULL; | |
251 | } | |
252 | return strdup("/"); | |
253 | } | |
254 | // path still has 'tasks' on the end, drop it | |
c32981c3 | 255 | if ((p = strrchr(path, '/')) != NULL) |
b98f7d6e SH |
256 | *p = '\0'; |
257 | return strdup(path); | |
ae5c8b8e SH |
258 | } |
259 | ||
260 | /* | |
2acf7795 DE |
261 | * do_cgroup_set: Write a value into a cgroup file |
262 | * | |
263 | * @path : absolute path to cgroup file | |
264 | * @value : value to write into file | |
265 | * | |
266 | * Returns 0 on success, < 0 on error. | |
ae5c8b8e SH |
267 | */ |
268 | static int do_cgroup_set(const char *path, const char *value) | |
269 | { | |
270 | int fd, ret; | |
271 | ||
272 | if ((fd = open(path, O_WRONLY)) < 0) { | |
273 | SYSERROR("open %s : %s", path, strerror(errno)); | |
274 | return -1; | |
fd4f5a56 DL |
275 | } |
276 | ||
ae5c8b8e SH |
277 | if ((ret = write(fd, value, strlen(value))) < 0) { |
278 | close(fd); | |
279 | SYSERROR("write %s : %s", path, strerror(errno)); | |
280 | return ret; | |
281 | } | |
fd4f5a56 | 282 | |
ae5c8b8e SH |
283 | if ((ret = close(fd)) < 0) { |
284 | SYSERROR("close %s : %s", path, strerror(errno)); | |
285 | return ret; | |
286 | } | |
287 | return 0; | |
fd4f5a56 DL |
288 | } |
289 | ||
b98f7d6e SH |
290 | static bool cgroup_devices_has_deny(struct lxc_handler *h, char *v) |
291 | { | |
292 | char *cgabspath, path[MAXPATHLEN]; | |
293 | FILE *f; | |
294 | char *line = NULL; | |
295 | size_t len = 0; | |
296 | bool ret = true; | |
297 | ||
298 | // XXX FIXME if users could use something other than 'lxc.devices.deny = a'. | |
299 | // not sure they ever do, but they *could* | |
300 | // right now, I'm assuming they do NOT | |
301 | if (strcmp(v, "a") && strcmp(v, "a *:* rwm")) | |
302 | return false; | |
303 | cgabspath = cgroup_get_subsys_path(h, "devices"); | |
304 | if (!cgabspath) | |
305 | return -1; | |
306 | ||
307 | ret = snprintf(path, MAXPATHLEN, "%s/devices.list", cgabspath); | |
308 | if (ret < 0 || ret >= MAXPATHLEN) { | |
309 | ERROR("pathname too long for devices.list"); | |
310 | return -1; | |
311 | } | |
312 | ||
6fe93aa1 | 313 | if (!(f = fopen(path, "r"))) |
b98f7d6e | 314 | return -1; |
b98f7d6e SH |
315 | |
316 | while (getline(&line, &len, f) != -1) { | |
317 | size_t len = strlen(line); | |
318 | if (len > 0 && line[len-1] == '\n') | |
319 | line[len-1] = '\0'; | |
320 | if (strcmp(line, "a *:* rwm") == 0) { | |
321 | ret = false; | |
322 | goto out; | |
323 | } | |
324 | } | |
325 | ||
326 | out: | |
327 | fclose(f); | |
328 | if (line) | |
329 | free(line); | |
330 | return ret; | |
331 | } | |
332 | ||
333 | static bool cgroup_devices_has_allow(struct lxc_handler *h, char *v) | |
334 | { | |
335 | char *cgabspath, path[MAXPATHLEN]; | |
336 | bool ret = false; | |
337 | FILE *f; | |
338 | char *line = NULL; | |
339 | size_t len = 0; | |
340 | ||
341 | cgabspath = cgroup_get_subsys_path(h, "devices"); | |
342 | if (!cgabspath) | |
343 | return -1; | |
344 | ||
345 | ret = snprintf(path, MAXPATHLEN, "%s/devices.list", cgabspath); | |
346 | if (ret < 0 || ret >= MAXPATHLEN) { | |
347 | ERROR("pathname too long to for devices.list"); | |
348 | return -1; | |
349 | } | |
350 | ||
6fe93aa1 | 351 | if (!(f = fopen(path, "r"))) |
b98f7d6e | 352 | return -1; |
b98f7d6e SH |
353 | |
354 | while (getline(&line, &len, f) != -1) { | |
355 | size_t len = strlen(line); | |
356 | if (len > 0 && line[len-1] == '\n') | |
357 | line[len-1] = '\0'; | |
358 | if (strcmp(line, v) == 0) { | |
359 | ret = true; | |
360 | goto out; | |
361 | } | |
362 | } | |
363 | ||
364 | out: | |
365 | if (line) | |
366 | free(line); | |
367 | fclose(f); | |
368 | return ret; | |
369 | } | |
370 | ||
ae5c8b8e | 371 | /* |
2acf7795 DE |
372 | * lxc_cgroup_set_bypath: Write a value into a cgroup file |
373 | * | |
374 | * @cgrelpath : a container's relative cgroup path (e.g. "lxc/c1") | |
375 | * @filename : the cgroup file to write (e.g. "freezer.state") | |
376 | * @value : value to write into file | |
ae5c8b8e SH |
377 | * |
378 | * Returns 0 on success, < 0 on error. | |
379 | */ | |
b98f7d6e SH |
380 | int lxc_cgroup_set_value(struct lxc_handler *handler, const char *filename, |
381 | const char *value) | |
fd4f5a56 | 382 | { |
b98f7d6e | 383 | char *cgabspath, path[MAXPATHLEN], *p; |
ae5c8b8e | 384 | int ret; |
c8f7c563 | 385 | |
b98f7d6e SH |
386 | ret = snprintf(path, MAXPATHLEN, "%s", filename); |
387 | if (ret < 0 || ret >= MAXPATHLEN) | |
388 | return -1; | |
389 | if ((p = index(path, '.')) != NULL) | |
390 | *p = '\0'; | |
391 | cgabspath = cgroup_get_subsys_path(handler, path); | |
2acf7795 DE |
392 | if (!cgabspath) |
393 | return -1; | |
c8f7c563 | 394 | |
2acf7795 | 395 | ret = snprintf(path, MAXPATHLEN, "%s/%s", cgabspath, filename); |
ae5c8b8e | 396 | if (ret < 0 || ret >= MAXPATHLEN) { |
b98f7d6e SH |
397 | ERROR("pathname too long to set cgroup value %s to %s", |
398 | filename, value); | |
399 | return -1; | |
ae5c8b8e | 400 | } |
c8f7c563 | 401 | |
b98f7d6e | 402 | return do_cgroup_set(path, value); |
c8f7c563 CS |
403 | } |
404 | ||
ae5c8b8e | 405 | /* |
2acf7795 | 406 | * lxc_cgroup_set: Write a value into a cgroup file |
ae5c8b8e | 407 | * |
2acf7795 DE |
408 | * @name : name of container to connect to |
409 | * @filename : the cgroup file to write (e.g. "freezer.state") | |
410 | * @value : value to write into file | |
411 | * @lxcpath : the lxcpath in which the container is running | |
ae5c8b8e SH |
412 | * |
413 | * Returns 0 on success, < 0 on error. | |
414 | */ | |
ae5c8b8e SH |
415 | int lxc_cgroup_set(const char *name, const char *filename, const char *value, |
416 | const char *lxcpath) | |
c8f7c563 | 417 | { |
ae5c8b8e | 418 | int ret; |
2acf7795 | 419 | char *cgabspath; |
ae5c8b8e | 420 | char path[MAXPATHLEN]; |
b98f7d6e SH |
421 | char *subsystem = alloca(strlen(filename)+1), *p; |
422 | strcpy(subsystem, filename); | |
423 | ||
424 | if ((p = index(subsystem, '.')) != NULL) | |
425 | *p = '\0'; | |
ae5c8b8e | 426 | |
b98f7d6e | 427 | cgabspath = lxc_cgroup_path_get(subsystem, name, lxcpath); |
2acf7795 DE |
428 | if (!cgabspath) |
429 | return -1; | |
ae5c8b8e | 430 | |
2acf7795 | 431 | ret = snprintf(path, MAXPATHLEN, "%s/%s", cgabspath, filename); |
ae5c8b8e SH |
432 | if (ret < 0 || ret >= MAXPATHLEN) { |
433 | ERROR("pathname too long"); | |
2acf7795 DE |
434 | ret = -1; |
435 | goto out; | |
ae5c8b8e SH |
436 | } |
437 | ||
2acf7795 | 438 | ret = do_cgroup_set(path, value); |
fd37327f | 439 | |
2acf7795 DE |
440 | out: |
441 | free(cgabspath); | |
442 | return ret; | |
c8f7c563 CS |
443 | } |
444 | ||
ae5c8b8e | 445 | /* |
2acf7795 | 446 | * lxc_cgroup_get: Read value from a cgroup file |
ae5c8b8e | 447 | * |
2acf7795 DE |
448 | * @name : name of container to connect to |
449 | * @filename : the cgroup file to read (e.g. "freezer.state") | |
450 | * @value : a pre-allocated buffer to copy the answer into | |
451 | * @len : the length of pre-allocated @value | |
452 | * @lxcpath : the lxcpath in which the container is running | |
ae5c8b8e | 453 | * |
2acf7795 | 454 | * Returns the number of bytes read on success, < 0 on error |
ae5c8b8e | 455 | * |
2acf7795 DE |
456 | * If you pass in NULL value or 0 len, the return value will be the size of |
457 | * the file, and @value will not contain the contents. | |
ae5c8b8e SH |
458 | * |
459 | * Note that we can't get the file size quickly through stat or lseek. | |
460 | * Therefore if you pass in len > 0 but less than the file size, your only | |
461 | * indication will be that the return value will be equal to the passed-in ret. | |
462 | * We will not return the actual full file size. | |
463 | */ | |
464 | int lxc_cgroup_get(const char *name, const char *filename, char *value, | |
465 | size_t len, const char *lxcpath) | |
c8f7c563 | 466 | { |
2acf7795 DE |
467 | int fd, ret; |
468 | char *cgabspath; | |
ae5c8b8e | 469 | char path[MAXPATHLEN]; |
b98f7d6e | 470 | char *subsystem = alloca(strlen(filename)+1), *p; |
460a1cf0 | 471 | |
b98f7d6e SH |
472 | strcpy(subsystem, filename); |
473 | ||
474 | if ((p = index(subsystem, '.')) != NULL) | |
475 | *p = '\0'; | |
476 | ||
477 | cgabspath = lxc_cgroup_path_get(subsystem, name, lxcpath); | |
2acf7795 DE |
478 | if (!cgabspath) |
479 | return -1; | |
fd4f5a56 | 480 | |
2acf7795 DE |
481 | ret = snprintf(path, MAXPATHLEN, "%s/%s", cgabspath, filename); |
482 | if (ret < 0 || ret >= MAXPATHLEN) { | |
9ba8130c | 483 | ERROR("pathname too long"); |
2acf7795 DE |
484 | ret = -1; |
485 | goto out; | |
9ba8130c | 486 | } |
fd4f5a56 | 487 | |
ae5c8b8e | 488 | fd = open(path, O_RDONLY); |
c8f7c563 | 489 | if (fd < 0) { |
ae5c8b8e | 490 | ERROR("open %s : %s", path, strerror(errno)); |
2acf7795 DE |
491 | ret = -1; |
492 | goto out; | |
fd4f5a56 DL |
493 | } |
494 | ||
ae5c8b8e SH |
495 | if (!len || !value) { |
496 | char buf[100]; | |
497 | int count = 0; | |
498 | while ((ret = read(fd, buf, 100)) > 0) | |
499 | count += ret; | |
500 | if (ret >= 0) | |
501 | ret = count; | |
502 | } else { | |
503 | memset(value, 0, len); | |
504 | ret = read(fd, value, len); | |
fd4f5a56 DL |
505 | } |
506 | ||
ae5c8b8e SH |
507 | if (ret < 0) |
508 | ERROR("read %s : %s", path, strerror(errno)); | |
509 | ||
510 | close(fd); | |
2acf7795 DE |
511 | out: |
512 | free(cgabspath); | |
ae5c8b8e | 513 | return ret; |
c8f7c563 CS |
514 | } |
515 | ||
b98f7d6e | 516 | int lxc_cgroup_nrtasks(struct lxc_handler *handler) |
c8f7c563 | 517 | { |
ae5c8b8e | 518 | char path[MAXPATHLEN]; |
2acf7795 | 519 | int pid, ret; |
ae5c8b8e | 520 | FILE *file; |
c8f7c563 | 521 | |
b98f7d6e | 522 | if (!handler->cgroup) |
2acf7795 | 523 | return -1; |
c8f7c563 | 524 | |
b98f7d6e SH |
525 | /* XXX Should we use a specific subsystem rather than the first one we |
526 | * found (handler->cgroup->curcgroup)? */ | |
527 | ret = snprintf(path, MAXPATHLEN, "%s/tasks", handler->cgroup->curcgroup); | |
2acf7795 | 528 | if (ret < 0 || ret >= MAXPATHLEN) { |
ae5c8b8e | 529 | ERROR("pathname too long"); |
b98f7d6e | 530 | return -1; |
ae5c8b8e | 531 | } |
c8f7c563 | 532 | |
ae5c8b8e SH |
533 | file = fopen(path, "r"); |
534 | if (!file) { | |
535 | SYSERROR("fopen '%s' failed", path); | |
b98f7d6e | 536 | return -1; |
c8f7c563 CS |
537 | } |
538 | ||
2acf7795 | 539 | ret = 0; |
ae5c8b8e | 540 | while (fscanf(file, "%d", &pid) != EOF) |
2acf7795 | 541 | ret++; |
fd4f5a56 | 542 | |
ae5c8b8e | 543 | fclose(file); |
2acf7795 | 544 | return ret; |
fd4f5a56 DL |
545 | } |
546 | ||
b98f7d6e SH |
547 | static int in_subsys_list(const char *s, const char *list) |
548 | { | |
549 | char *token, *str, *saveptr = NULL; | |
550 | ||
551 | if (!list || !s) | |
552 | return 0; | |
553 | ||
554 | str = alloca(strlen(list)+1); | |
555 | strcpy(str, list); | |
556 | for (; (token = strtok_r(str, ",", &saveptr)); str = NULL) { | |
557 | if (strcmp(s, token) == 0) | |
558 | return 1; | |
559 | } | |
560 | ||
561 | return 0; | |
562 | } | |
563 | ||
564 | static void set_clone_children(struct mntent *m) | |
fc7de561 SH |
565 | { |
566 | char path[MAXPATHLEN]; | |
567 | FILE *fout; | |
568 | int ret; | |
569 | ||
b98f7d6e SH |
570 | if (!in_subsys_list("cpuset", m->mnt_opts)) |
571 | return; | |
572 | ret = snprintf(path, MAXPATHLEN, "%s/cgroup.clone_children", m->mnt_dir); | |
fc7de561 SH |
573 | if (ret < 0 || ret > MAXPATHLEN) |
574 | return; | |
575 | fout = fopen(path, "w"); | |
576 | if (!fout) | |
577 | return; | |
578 | fprintf(fout, "1\n"); | |
579 | fclose(fout); | |
580 | } | |
581 | ||
b98f7d6e SH |
582 | static bool have_visited(char *opts, char *visited, char *all_subsystems) |
583 | { | |
584 | char *str, *s = NULL, *token; | |
585 | ||
586 | str = alloca(strlen(opts)+1); | |
587 | strcpy(str, opts); | |
588 | for (; (token = strtok_r(str, ",", &s)); str = NULL) { | |
589 | if (!in_subsys_list(token, all_subsystems)) | |
590 | continue; | |
591 | if (visited && in_subsys_list(token, visited)) | |
592 | return true; | |
593 | } | |
594 | ||
595 | return false; | |
596 | } | |
597 | ||
598 | static bool is_in_desclist(struct cgroup_desc *d, char *opts, char *all_subsystems) | |
599 | { | |
600 | while (d) { | |
601 | if (have_visited(opts, d->subsystems, all_subsystems)) | |
602 | return true; | |
603 | d = d->next; | |
604 | } | |
605 | return false; | |
606 | } | |
607 | ||
608 | static char *record_visited(char *opts, char *all_subsystems) | |
609 | { | |
610 | char *s = NULL, *token, *str; | |
611 | int oldlen = 0, newlen, toklen; | |
612 | char *visited = NULL; | |
613 | ||
614 | str = alloca(strlen(opts)+1); | |
615 | strcpy(str, opts); | |
616 | for (; (token = strtok_r(str, ",", &s)); str = NULL) { | |
617 | if (!in_subsys_list(token, all_subsystems)) | |
618 | continue; | |
619 | toklen = strlen(token); | |
620 | newlen = oldlen + toklen + 1; // ',' + token or token + '\0' | |
621 | visited = realloc(visited, newlen); | |
622 | if (!visited) | |
623 | return (char *)-ENOMEM; | |
624 | if (oldlen) | |
625 | strcat(visited, ","); | |
626 | else | |
627 | *visited = '\0'; | |
628 | strcat(visited, token); | |
629 | } | |
630 | ||
631 | return visited; | |
632 | } | |
633 | ||
634 | static char *get_all_subsystems(void) | |
9a93d992 SH |
635 | { |
636 | FILE *f; | |
637 | char *line = NULL, *ret = NULL; | |
638 | size_t len; | |
639 | int first = 1; | |
640 | ||
641 | /* read the list of subsystems from the kernel */ | |
642 | f = fopen("/proc/cgroups", "r"); | |
643 | if (!f) | |
644 | return NULL; | |
645 | ||
646 | while (getline(&line, &len, f) != -1) { | |
647 | char *c; | |
648 | int oldlen, newlen, inc; | |
649 | ||
650 | /* skip the first line */ | |
651 | if (first) { | |
652 | first=0; | |
653 | continue; | |
654 | } | |
655 | ||
656 | c = strchr(line, '\t'); | |
657 | if (!c) | |
658 | continue; | |
659 | *c = '\0'; | |
660 | ||
661 | oldlen = ret ? strlen(ret) : 0; | |
662 | newlen = oldlen + strlen(line) + 2; | |
663 | ret = realloc(ret, newlen); | |
664 | if (!ret) | |
665 | goto out; | |
666 | inc = snprintf(ret + oldlen, newlen, ",%s", line); | |
667 | if (inc < 0 || inc >= newlen) { | |
668 | free(ret); | |
669 | ret = NULL; | |
670 | goto out; | |
671 | } | |
672 | } | |
673 | ||
674 | out: | |
fa9ac567 SH |
675 | if (line) |
676 | free(line); | |
9a93d992 SH |
677 | fclose(f); |
678 | return ret; | |
679 | } | |
680 | ||
b98f7d6e SH |
681 | /* |
682 | * /etc/lxc/lxc.conf can contain lxc.cgroup.use = entries. | |
683 | * If any of those are present, then lxc will ONLY consider | |
684 | * cgroup filesystems mounted at one of the listed entries. | |
685 | */ | |
686 | static char *get_cgroup_uselist() | |
9a93d992 | 687 | { |
b98f7d6e SH |
688 | FILE *f; |
689 | char *line = NULL, *ret = NULL; | |
690 | size_t sz = 0, retsz = 0, newsz; | |
9a93d992 | 691 | |
b98f7d6e SH |
692 | if ((f = fopen(LXC_GLOBAL_CONF, "r")) == NULL) |
693 | return NULL; | |
694 | while (getline(&line, &sz, f) != -1) { | |
695 | char *p = line; | |
696 | while (*p && isblank(*p)) | |
697 | p++; | |
698 | if (strncmp(p, "lxc.cgroup.use", 14) != 0) | |
699 | continue; | |
700 | p = index(p, '='); | |
701 | if (!p) | |
702 | continue; | |
703 | p++; | |
704 | while (*p && isblank(*p)) | |
705 | p++; | |
706 | if (strlen(p) < 1) | |
707 | continue; | |
708 | newsz = retsz + strlen(p); | |
709 | if (retsz == 0) | |
710 | newsz += 1; // for trailing \0 | |
711 | // the last line in the file could lack \n | |
712 | if (p[strlen(p)-1] != '\n') | |
713 | newsz += 1; | |
714 | ret = realloc(ret, newsz); | |
715 | if (!ret) { | |
716 | ERROR("Out of memory reading cgroup uselist"); | |
717 | fclose(f); | |
718 | free(line); | |
719 | return (char *)-ENOMEM; | |
720 | } | |
721 | if (retsz == 0) | |
722 | strcpy(ret, p); | |
723 | else | |
724 | strcat(ret, p); | |
725 | if (p[strlen(p)-1] != '\n') | |
726 | ret[newsz-2] = '\0'; | |
727 | ret[newsz-1] = '\0'; | |
728 | retsz = newsz; | |
9a93d992 SH |
729 | } |
730 | ||
b98f7d6e SH |
731 | if (line) |
732 | free(line); | |
733 | return ret; | |
9a93d992 SH |
734 | } |
735 | ||
b98f7d6e | 736 | static bool is_in_uselist(char *uselist, struct mntent *m) |
9a93d992 | 737 | { |
b98f7d6e SH |
738 | char *p; |
739 | if (!uselist) | |
740 | return true; | |
741 | if (!*uselist) | |
742 | return false; | |
743 | while (*uselist) { | |
744 | p = index(uselist, '\n'); | |
745 | if (strncmp(m->mnt_dir, uselist, p - uselist) == 0) | |
746 | return true; | |
747 | uselist = p+1; | |
9a93d992 | 748 | } |
b98f7d6e | 749 | return false; |
9a93d992 SH |
750 | } |
751 | ||
b98f7d6e | 752 | static bool find_real_cgroup(struct cgroup_desc *d, char *path) |
9a93d992 | 753 | { |
b98f7d6e SH |
754 | FILE *f; |
755 | char *line = NULL, *p, *p2; | |
756 | int ret = 0; | |
757 | size_t len; | |
9a93d992 | 758 | |
b98f7d6e SH |
759 | if ((f = fopen("/proc/self/cgroup", "r")) == NULL) { |
760 | SYSERROR("Error opening /proc/self/cgroups"); | |
761 | return false; | |
762 | } | |
763 | ||
764 | // If there is no subsystem, ignore the mount. Note we may want | |
765 | // to change this, so that unprivileged users can use a unbound | |
766 | // cgroup mount to arrange their container tasks. | |
767 | if (!d->subsystems) { | |
768 | fclose(f); | |
769 | return false; | |
770 | } | |
771 | while (getline(&line, &len, f) != -1) { | |
772 | if (!(p = index(line, ':'))) | |
9a93d992 | 773 | continue; |
b98f7d6e | 774 | if (!(p2 = index(++p, ':'))) |
9a93d992 | 775 | continue; |
b98f7d6e SH |
776 | *p2 = '\0'; |
777 | // in case of multiple mounts it may be more correct to | |
778 | // insist all subsystems be the same | |
779 | if (in_subsys_list(p, d->subsystems)) | |
780 | goto found; | |
781 | } | |
9a93d992 | 782 | |
b98f7d6e SH |
783 | if (line) |
784 | free(line); | |
785 | fclose(f); | |
786 | return false;; | |
787 | ||
788 | found: | |
789 | fclose(f); | |
790 | ret = snprintf(path, MAXPATHLEN, "%s", p2+1); | |
791 | if (ret < 0 || ret >= MAXPATHLEN) { | |
792 | free(line); | |
793 | return false; | |
794 | } | |
795 | free(line); | |
796 | return true; | |
9a93d992 SH |
797 | } |
798 | ||
b98f7d6e | 799 | |
ae5c8b8e | 800 | /* |
b98f7d6e SH |
801 | * for a given cgroup mount entry, and a to-be-created container, |
802 | * 1. Figure out full path of the cgroup we are currently in, | |
803 | * 2. Find a new free cgroup which is $path / $lxc_name with an | |
804 | * optional '-$n' where n is an ever-increasing integer. | |
ae5c8b8e | 805 | */ |
b98f7d6e | 806 | static char *find_free_cgroup(struct cgroup_desc *d, const char *lxc_name) |
460a1cf0 | 807 | { |
b98f7d6e SH |
808 | char tail[20], cgpath[MAXPATHLEN], *cgp, path[MAXPATHLEN]; |
809 | int i = 0, ret; | |
810 | size_t l; | |
fd37327f | 811 | |
b98f7d6e SH |
812 | if (!find_real_cgroup(d, cgpath)) { |
813 | ERROR("Failed to find current cgroup"); | |
814 | return NULL; | |
460a1cf0 DW |
815 | } |
816 | ||
b98f7d6e SH |
817 | /* |
818 | * If d->mntpt is '/a/b/c/d', and the mountpoint is /x/y/z, | |
819 | * then look for ourselves in: | |
820 | * /x/y/z/a/b/c/d/tasks | |
821 | * /x/y/z/b/c/d/tasks | |
822 | * /x/y/z/c/d/tasks | |
823 | * /x/y/z/d/tasks | |
824 | * /x/y/z/tasks | |
825 | */ | |
826 | cgp = cgpath; | |
827 | while (cgp[0]) { | |
828 | ret = snprintf(path, MAXPATHLEN, "%s%s/tasks", d->mntpt, cgp); | |
ae5c8b8e | 829 | if (ret < 0 || ret >= MAXPATHLEN) |
b98f7d6e SH |
830 | return NULL; |
831 | if (!is_in_cgroup(getpid(), path)) { | |
832 | // does not exist, try the next one | |
833 | cgp = index(cgp+1, '/'); | |
834 | if (!cgp) | |
835 | break; | |
836 | continue; | |
c8f7c563 | 837 | } |
b98f7d6e SH |
838 | break; |
839 | } | |
840 | if (!cgp || !*cgp) { | |
841 | // try just the path | |
842 | ret = snprintf(path, MAXPATHLEN, "%s/tasks", d->mntpt); | |
843 | if (ret < 0 || ret >= MAXPATHLEN) | |
844 | return NULL; | |
845 | if (!is_in_cgroup(getpid(), path)) | |
846 | return NULL; | |
847 | } | |
848 | // found it | |
849 | // path has '/tasks' at end, drop that | |
c32981c3 | 850 | if (!(cgp = strrchr(path, '/'))) { |
b98f7d6e SH |
851 | ERROR("Got nonsensical path name %s\n", path); |
852 | return NULL; | |
853 | } | |
854 | *cgp = '\0'; | |
c8f7c563 | 855 | |
b98f7d6e SH |
856 | if (strlen(path) + strlen(lxc_name) + 20 > MAXPATHLEN) { |
857 | ERROR("Error: cgroup path too long"); | |
858 | return NULL; | |
859 | } | |
860 | tail[0] = '\0'; | |
861 | while (1) { | |
862 | struct stat sb; | |
863 | int freebytes = MAXPATHLEN - (cgp - path); | |
864 | ||
865 | if (i) { | |
866 | ret = snprintf(tail, 20, "-%d", i); | |
867 | if (ret < 0 || ret >= 20) | |
868 | return NULL; | |
869 | } | |
870 | ret = snprintf(cgp, freebytes, "/%s%s", lxc_name, tail); | |
871 | if (ret < 0 || ret >= freebytes) | |
872 | return NULL; | |
873 | if (stat(path, &sb) == -1) | |
874 | break; | |
875 | i++; | |
c8f7c563 CS |
876 | } |
877 | ||
b98f7d6e SH |
878 | l = strlen(cgpath); |
879 | ret = snprintf(cgpath + l, MAXPATHLEN - l, "/%s%s", lxc_name, tail); | |
880 | if (ret < 0 || ret >= (MAXPATHLEN - l)) { | |
881 | ERROR("Out of memory"); | |
882 | return NULL; | |
883 | } | |
884 | if ((d->realcgroup = strdup(cgpath)) == NULL) { | |
885 | ERROR("Out of memory"); | |
886 | return NULL; | |
887 | } | |
888 | l = strlen(d->realcgroup); | |
889 | if (l > 0 && d->realcgroup[l-1] == '\n') | |
890 | d->realcgroup[l-1] = '\0'; | |
891 | return strdup(path); | |
c8f7c563 CS |
892 | } |
893 | ||
d08ba6ec | 894 | /* |
ae5c8b8e SH |
895 | * For a new container, find a cgroup path which is unique in all cgroup mounts. |
896 | * I.e. if r1 is already running, then /lxc/r1-1 may be used. | |
897 | * | |
898 | * @lxcgroup: the cgroup 'group' the contaienr should run in. By default, this | |
899 | * is just 'lxc'. Admins may wish to group some containers into other groups, | |
900 | * i.e. 'build', to take advantage of cgroup hierarchy to simplify group | |
901 | * administration. Also, unprivileged users who are placed into a cgroup by | |
902 | * libcgroup_pam will be using that cgroup rather than the system-wide 'lxc' | |
903 | * group. | |
904 | * @name: the name of the container | |
905 | * | |
906 | * The chosen cgpath is returned as a strdup'd string. The caller will have to | |
907 | * free that eventually, however the lxc monitor will keep that string so as to | |
908 | * return it in response to a LXC_COMMAND_CGROUP query. | |
909 | * | |
23622a2a SH |
910 | * Note the path is relative to cgroup mounts. I.e. if the freezer subsystem |
911 | * is at /sys/fs/cgroup/freezer, and this fn returns '/lxc/r1', then the | |
912 | * freezer cgroup's full path will be /sys/fs/cgroup/freezer/lxc/r1/. | |
ae5c8b8e | 913 | * |
ae5c8b8e | 914 | * Races won't be determintal, you'll just end up with leftover unused cgroups |
d08ba6ec | 915 | */ |
b98f7d6e | 916 | struct cgroup_desc *lxc_cgroup_path_create(const char *name) |
d08ba6ec | 917 | { |
b98f7d6e | 918 | struct cgroup_desc *retdesc = NULL, *newdesc = NULL; |
ae5c8b8e | 919 | FILE *file = NULL; |
93d564ed | 920 | struct mntent mntent_r; |
fd37327f | 921 | char buf[LARGE_MAXPATHLEN] = {0}; |
b98f7d6e SH |
922 | char *all_subsystems = get_all_subsystems(); |
923 | char *cgroup_uselist = get_cgroup_uselist(); | |
d08ba6ec | 924 | |
b98f7d6e SH |
925 | if (cgroup_uselist == (char *)-ENOMEM) { |
926 | if (all_subsystems) | |
927 | free(all_subsystems); | |
928 | return NULL; | |
929 | } | |
930 | if (!all_subsystems) { | |
931 | ERROR("failed to get a list of all cgroup subsystems"); | |
932 | if (cgroup_uselist) | |
933 | free(cgroup_uselist); | |
9a93d992 | 934 | return NULL; |
9a93d992 | 935 | } |
ae5c8b8e SH |
936 | file = setmntent(MTAB, "r"); |
937 | if (!file) { | |
938 | SYSERROR("failed to open %s", MTAB); | |
b98f7d6e SH |
939 | free(all_subsystems); |
940 | if (cgroup_uselist) | |
941 | free(cgroup_uselist); | |
942 | return NULL; | |
d08ba6ec | 943 | } |
1ac470c0 | 944 | |
93d564ed | 945 | while ((getmntent_r(file, &mntent_r, buf, sizeof(buf)))) { |
fd4f5a56 | 946 | |
fd37327f | 947 | if (strcmp(mntent_r.mnt_type, "cgroup")) |
ae5c8b8e | 948 | continue; |
b98f7d6e SH |
949 | |
950 | if (cgroup_uselist && !is_in_uselist(cgroup_uselist, &mntent_r)) | |
ae5c8b8e | 951 | continue; |
e4659536 | 952 | |
9a93d992 | 953 | /* make sure we haven't checked this subsystem already */ |
b98f7d6e | 954 | if (is_in_desclist(retdesc, mntent_r.mnt_opts, all_subsystems)) |
9a93d992 | 955 | continue; |
9a93d992 | 956 | |
b98f7d6e SH |
957 | if (!(newdesc = malloc(sizeof(struct cgroup_desc)))) { |
958 | ERROR("Out of memory reading cgroups"); | |
ae5c8b8e | 959 | goto fail; |
b98f7d6e SH |
960 | } |
961 | newdesc->subsystems = record_visited(mntent_r.mnt_opts, all_subsystems); | |
962 | if (newdesc->subsystems == (char *)-ENOMEM) { | |
963 | ERROR("Out of memory recording cgroup subsystems"); | |
964 | free(newdesc); | |
965 | newdesc = NULL; | |
966 | goto fail; | |
967 | } | |
968 | if (!newdesc->subsystems) { | |
969 | free(newdesc); | |
970 | newdesc = NULL; | |
971 | continue; | |
972 | } | |
973 | newdesc->mntpt = strdup(mntent_r.mnt_dir); | |
974 | newdesc->realcgroup = NULL; | |
975 | newdesc->curcgroup = find_free_cgroup(newdesc, name); | |
976 | if (!newdesc->mntpt || !newdesc->curcgroup) { | |
977 | ERROR("Out of memory reading cgroups"); | |
978 | goto fail; | |
979 | } | |
5193cc3d | 980 | |
b98f7d6e | 981 | set_clone_children(&mntent_r); |
fd4f5a56 | 982 | |
b98f7d6e SH |
983 | if (mkdir(newdesc->curcgroup, 0755)) { |
984 | ERROR("Error creating cgroup %s", newdesc->curcgroup); | |
ae5c8b8e | 985 | goto fail; |
e7f40d8a | 986 | } |
b98f7d6e SH |
987 | newdesc->next = retdesc; |
988 | retdesc = newdesc; | |
d08ba6ec SH |
989 | } |
990 | ||
ae5c8b8e | 991 | endmntent(file); |
b98f7d6e SH |
992 | free(all_subsystems); |
993 | if (cgroup_uselist) | |
994 | free(cgroup_uselist); | |
995 | return retdesc; | |
ae5c8b8e SH |
996 | |
997 | fail: | |
998 | endmntent(file); | |
b98f7d6e SH |
999 | free(all_subsystems); |
1000 | if (cgroup_uselist) | |
1001 | free(cgroup_uselist); | |
1002 | if (newdesc) { | |
1003 | if (newdesc->mntpt) | |
1004 | free(newdesc->mntpt); | |
1005 | if (newdesc->subsystems) | |
1006 | free(newdesc->subsystems); | |
1007 | if (newdesc->curcgroup) | |
1008 | free(newdesc->curcgroup); | |
1009 | if (newdesc->realcgroup) | |
1010 | free(newdesc->realcgroup); | |
1011 | free(newdesc); | |
1012 | } | |
1013 | while (retdesc) { | |
1014 | struct cgroup_desc *t = retdesc; | |
1015 | retdesc = retdesc->next; | |
1016 | if (t->mntpt) | |
1017 | free(t->mntpt); | |
1018 | if (t->subsystems) | |
1019 | free(t->subsystems); | |
1020 | if (t->curcgroup) | |
1021 | free(t->curcgroup); | |
1022 | if (t->realcgroup) | |
1023 | free(t->realcgroup); | |
1024 | free(t); | |
1025 | ||
1026 | } | |
ae5c8b8e | 1027 | return NULL; |
36b86299 DL |
1028 | } |
1029 | ||
b98f7d6e | 1030 | static bool lxc_cgroup_enter_one(const char *dir, int pid) |
36b86299 | 1031 | { |
23622a2a | 1032 | char path[MAXPATHLEN]; |
b98f7d6e SH |
1033 | int ret; |
1034 | FILE *fout; | |
ef342abb | 1035 | |
b98f7d6e SH |
1036 | ret = snprintf(path, MAXPATHLEN, "%s/tasks", dir); |
1037 | if (ret < 0 || ret >= MAXPATHLEN) { | |
1038 | ERROR("Error entering cgroup"); | |
1039 | return false; | |
ef342abb | 1040 | } |
b98f7d6e SH |
1041 | fout = fopen(path, "w"); |
1042 | if (!fout) { | |
1043 | SYSERROR("Error entering cgroup"); | |
1044 | return false; | |
1045 | } | |
1046 | if (fprintf(fout, "%d\n", (int)pid) < 0) { | |
1047 | ERROR("Error writing pid to %s to enter cgroup", path); | |
1048 | fclose(fout); | |
1049 | return false; | |
1050 | } | |
1051 | if (fclose(fout) < 0) { | |
1052 | SYSERROR("Error writing pid to %s to enter cgroup", path); | |
1053 | return false; | |
ae5c8b8e | 1054 | } |
f0e64b8b | 1055 | |
b98f7d6e SH |
1056 | return true; |
1057 | } | |
1058 | ||
1059 | int lxc_cgroup_enter(struct cgroup_desc *cgroups, pid_t pid) | |
1060 | { | |
1061 | while (cgroups) { | |
1062 | if (!cgroups->subsystems) | |
1063 | goto next; | |
1064 | ||
1065 | if (!lxc_cgroup_enter_one(cgroups->curcgroup, pid)) | |
1066 | return -1; | |
1067 | next: | |
1068 | cgroups = cgroups->next; | |
1069 | } | |
1070 | return 0; | |
bcbd102c SH |
1071 | } |
1072 | ||
60bf62d4 | 1073 | static int cgroup_rmdir(char *dirname) |
341a9bd8 SH |
1074 | { |
1075 | struct dirent dirent, *direntp; | |
341a9bd8 SH |
1076 | DIR *dir; |
1077 | int ret; | |
1078 | char pathname[MAXPATHLEN]; | |
1079 | ||
1080 | dir = opendir(dirname); | |
1081 | if (!dir) { | |
1082 | WARN("failed to open directory: %m"); | |
1083 | return -1; | |
1084 | } | |
1085 | ||
341a9bd8 SH |
1086 | while (!readdir_r(dir, &dirent, &direntp)) { |
1087 | struct stat mystat; | |
9ba8130c | 1088 | int rc; |
341a9bd8 SH |
1089 | |
1090 | if (!direntp) | |
1091 | break; | |
1092 | ||
1093 | if (!strcmp(direntp->d_name, ".") || | |
b98f7d6e | 1094 | !strcmp(direntp->d_name, "..")) |
341a9bd8 SH |
1095 | continue; |
1096 | ||
9ba8130c SH |
1097 | rc = snprintf(pathname, MAXPATHLEN, "%s/%s", dirname, direntp->d_name); |
1098 | if (rc < 0 || rc >= MAXPATHLEN) { | |
1099 | ERROR("pathname too long"); | |
1100 | continue; | |
1101 | } | |
341a9bd8 SH |
1102 | ret = stat(pathname, &mystat); |
1103 | if (ret) | |
1104 | continue; | |
1105 | if (S_ISDIR(mystat.st_mode)) | |
60bf62d4 | 1106 | cgroup_rmdir(pathname); |
341a9bd8 SH |
1107 | } |
1108 | ||
1109 | ret = rmdir(dirname); | |
1110 | ||
1111 | if (closedir(dir)) | |
1112 | ERROR("failed to close directory"); | |
1113 | return ret; | |
341a9bd8 | 1114 | } |
bcbd102c | 1115 | |
bcbd102c SH |
1116 | /* |
1117 | * for each mounted cgroup, destroy the cgroup for the container | |
1118 | */ | |
b98f7d6e | 1119 | void lxc_cgroup_destroy_desc(struct cgroup_desc *cgroups) |
a6ddef61 | 1120 | { |
b98f7d6e SH |
1121 | while (cgroups) { |
1122 | struct cgroup_desc *next = cgroups->next; | |
1123 | if (cgroup_rmdir(cgroups->curcgroup) < 0) | |
1124 | SYSERROR("Error removing cgroup directory %s", cgroups->curcgroup); | |
1125 | free(cgroups->mntpt); | |
1126 | free(cgroups->subsystems); | |
1127 | free(cgroups->curcgroup); | |
1128 | free(cgroups->realcgroup); | |
1129 | free(cgroups); | |
1130 | cgroups = next; | |
bcbd102c | 1131 | } |
a6ddef61 MN |
1132 | } |
1133 | ||
ae5c8b8e | 1134 | int lxc_cgroup_attach(pid_t pid, const char *name, const char *lxcpath) |
576f946d | 1135 | { |
b98f7d6e SH |
1136 | FILE *f; |
1137 | char *line = NULL, ret = -1; | |
1138 | size_t len = 0; | |
1139 | int first = 1; | |
ef6e34ee | 1140 | char *dirpath; |
576f946d | 1141 | |
b98f7d6e SH |
1142 | /* read the list of subsystems from the kernel */ |
1143 | f = fopen("/proc/cgroups", "r"); | |
1144 | if (!f) | |
1145 | return ret; | |
1146 | ||
1147 | while (getline(&line, &len, f) != -1) { | |
1148 | char *c; | |
1149 | ||
1150 | /* skip the first line */ | |
1151 | if (first) { | |
1152 | first=0; | |
1153 | continue; | |
1154 | } | |
1155 | ||
1156 | c = strchr(line, '\t'); | |
1157 | if (!c) | |
1158 | continue; | |
1159 | *c = '\0'; | |
1160 | dirpath = lxc_cgroup_path_get(line, name, lxcpath); | |
1161 | if (!dirpath) | |
1162 | continue; | |
1163 | ||
1164 | INFO("joining pid %d to cgroup %s", pid, dirpath); | |
1165 | if (lxc_cgroup_enter_one(dirpath, pid)) { | |
1166 | ERROR("Failed joining %d to %s\n", pid, dirpath); | |
1167 | continue; | |
1168 | } | |
8b92dc3a | 1169 | } |
576f946d | 1170 | |
b98f7d6e SH |
1171 | if (line) |
1172 | free(line); | |
1173 | fclose(f); | |
ef6e34ee | 1174 | return ret; |
e0f888d9 | 1175 | } |
283678ed | 1176 | |
b98f7d6e | 1177 | bool is_in_subcgroup(int pid, const char *subsystem, struct cgroup_desc *d) |
283678ed SH |
1178 | { |
1179 | char filepath[MAXPATHLEN], *line = NULL, v1[MAXPATHLEN], v2[MAXPATHLEN]; | |
1180 | FILE *f; | |
1181 | int ret, junk; | |
b98f7d6e | 1182 | size_t sz = 0, l1, l2; |
283678ed SH |
1183 | char *end = index(subsystem, '.'); |
1184 | int len = end ? (end - subsystem) : strlen(subsystem); | |
b98f7d6e SH |
1185 | const char *cgpath = NULL; |
1186 | ||
1187 | while (d) { | |
1188 | if (in_subsys_list("devices", d->subsystems)) { | |
1189 | cgpath = d->realcgroup; | |
1190 | l1 = strlen(cgpath); | |
1191 | break; | |
1192 | } | |
1193 | d = d->next; | |
1194 | } | |
1195 | if (!d) | |
1196 | return false; | |
283678ed SH |
1197 | |
1198 | ret = snprintf(filepath, MAXPATHLEN, "/proc/%d/cgroup", pid); | |
1199 | if (ret < 0 || ret >= MAXPATHLEN) | |
1200 | return false; | |
1201 | if ((f = fopen(filepath, "r")) == NULL) | |
1202 | return false; | |
1203 | while (getline(&line, &sz, f) != -1) { | |
1204 | // nr:subsystem:path | |
1205 | v2[0] = v2[1] = '\0'; | |
1206 | ret = sscanf(line, "%d:%[^:]:%s", &junk, v1, v2); | |
1207 | if (ret != 3) { | |
1208 | fclose(f); | |
b98f7d6e | 1209 | free(line); |
283678ed SH |
1210 | return false; |
1211 | } | |
1212 | len = end ? end - subsystem : strlen(subsystem); | |
1213 | if (strncmp(v1, subsystem, len) != 0) | |
1214 | continue; | |
1215 | // v2 will start with '/', skip it by using v2+1 | |
1216 | // we must be in SUBcgroup, so make sure l2 > l1 | |
1217 | l2 = strlen(v2+1); | |
1218 | if (l2 > l1 && strncmp(v2+1, cgpath, l1) == 0) { | |
1219 | fclose(f); | |
b98f7d6e | 1220 | free(line); |
283678ed SH |
1221 | return true; |
1222 | } | |
1223 | } | |
1224 | fclose(f); | |
b98f7d6e SH |
1225 | if (line) |
1226 | free(line); | |
283678ed SH |
1227 | return false; |
1228 | } | |
b113383b | 1229 | |
b98f7d6e | 1230 | char *cgroup_get_subsys_path(struct lxc_handler *handler, const char *subsys) |
b113383b | 1231 | { |
b98f7d6e | 1232 | struct cgroup_desc *d; |
b113383b | 1233 | |
b98f7d6e SH |
1234 | for (d = handler->cgroup; d; d = d->next) { |
1235 | if (in_subsys_list(subsys, d->subsystems)) | |
1236 | return d->realcgroup; | |
1237 | } | |
b113383b | 1238 | |
b98f7d6e SH |
1239 | return NULL; |
1240 | } | |
1241 | ||
1242 | static int _setup_cgroup(struct lxc_handler *h, struct lxc_list *cgroups, | |
1243 | int devices) | |
1244 | { | |
1245 | struct lxc_list *iterator; | |
1246 | struct lxc_cgroup *cg; | |
1247 | int ret = -1; | |
1248 | ||
1249 | if (lxc_list_empty(cgroups)) | |
1250 | return 0; | |
1251 | ||
1252 | lxc_list_for_each(iterator, cgroups) { | |
1253 | cg = iterator->elem; | |
1254 | ||
1255 | if (devices == !strncmp("devices", cg->subsystem, 7)) { | |
1256 | if (strcmp(cg->subsystem, "devices.deny") == 0 && | |
1257 | cgroup_devices_has_deny(h, cg->value)) | |
1258 | continue; | |
1259 | if (strcmp(cg->subsystem, "devices.allow") == 0 && | |
1260 | cgroup_devices_has_allow(h, cg->value)) | |
1261 | continue; | |
1262 | if (lxc_cgroup_set_value(h, cg->subsystem, cg->value)) { | |
1263 | ERROR("Error setting %s to %s for %s\n", | |
1264 | cg->subsystem, cg->value, h->name); | |
1265 | goto out; | |
1266 | } | |
b113383b | 1267 | } |
b98f7d6e SH |
1268 | |
1269 | DEBUG("cgroup '%s' set to '%s'", cg->subsystem, cg->value); | |
b113383b SH |
1270 | } |
1271 | ||
b98f7d6e SH |
1272 | ret = 0; |
1273 | INFO("cgroup has been setup"); | |
1274 | out: | |
b113383b SH |
1275 | return ret; |
1276 | } | |
b98f7d6e SH |
1277 | |
1278 | int setup_cgroup_devices(struct lxc_handler *h, struct lxc_list *cgroups) | |
1279 | { | |
1280 | return _setup_cgroup(h, cgroups, 1); | |
1281 | } | |
1282 | ||
1283 | int setup_cgroup(struct lxc_handler *h, struct lxc_list *cgroups) | |
1284 | { | |
1285 | return _setup_cgroup(h, cgroups, 0); | |
1286 | } |