]>
Commit | Line | Data |
---|---|---|
576f946d | 1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * (C) Copyright IBM Corp. 2007, 2008 | |
5 | * | |
6 | * Authors: | |
9afe19d6 | 7 | * Daniel Lezcano <daniel.lezcano at free.fr> |
576f946d | 8 | * |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
250b1eec | 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
576f946d | 22 | */ |
d06245b8 NC |
23 | #include "config.h" |
24 | ||
576f946d | 25 | #include <stdio.h> |
576f946d | 26 | #include <stdlib.h> |
27 | #include <errno.h> | |
576f946d | 28 | #include <unistd.h> |
29 | #include <string.h> | |
341a9bd8 | 30 | #include <dirent.h> |
576f946d | 31 | #include <fcntl.h> |
b98f7d6e | 32 | #include <ctype.h> |
576f946d | 33 | #include <sys/types.h> |
34 | #include <sys/stat.h> | |
35 | #include <sys/param.h> | |
36 | #include <sys/inotify.h> | |
aae1f3c4 | 37 | #include <sys/mount.h> |
576f946d | 38 | #include <netinet/in.h> |
39 | #include <net/if.h> | |
40 | ||
e2bcd7db | 41 | #include "error.h" |
ae5c8b8e | 42 | #include "commands.h" |
b98f7d6e SH |
43 | #include "list.h" |
44 | #include "conf.h" | |
33ad9f1a | 45 | #include "utils.h" |
740d1928 | 46 | #include "bdev.h" |
f2363e38 ÇO |
47 | #include "log.h" |
48 | #include "cgroup.h" | |
49 | #include "start.h" | |
484ed030 | 50 | #include "state.h" |
36eb9bde | 51 | |
edaf8b1b SG |
52 | #if IS_BIONIC |
53 | #include <../include/lxcmntent.h> | |
54 | #else | |
55 | #include <mntent.h> | |
56 | #endif | |
57 | ||
36eb9bde | 58 | lxc_log_define(lxc_cgroup, lxc); |
576f946d | 59 | |
33ad9f1a CS |
60 | static struct cgroup_process_info *lxc_cgroup_process_info_getx(const char *proc_pid_cgroup_str, struct cgroup_meta_data *meta); |
61 | static char **subsystems_from_mount_options(const char *mount_options, char **kernel_list); | |
62 | static void lxc_cgroup_mount_point_free(struct cgroup_mount_point *mp); | |
63 | static void lxc_cgroup_hierarchy_free(struct cgroup_hierarchy *h); | |
64 | static bool is_valid_cgroup(const char *name); | |
33ad9f1a | 65 | static int create_cgroup(struct cgroup_mount_point *mp, const char *path); |
603c64c2 | 66 | static int remove_cgroup(struct cgroup_mount_point *mp, const char *path, bool recurse); |
33ad9f1a CS |
67 | static char *cgroup_to_absolute_path(struct cgroup_mount_point *mp, const char *path, const char *suffix); |
68 | static struct cgroup_process_info *find_info_for_subsystem(struct cgroup_process_info *info, const char *subsystem); | |
69 | static int do_cgroup_get(const char *cgroup_path, const char *sub_filename, char *value, size_t len); | |
70 | static int do_cgroup_set(const char *cgroup_path, const char *sub_filename, const char *value); | |
71 | static bool cgroup_devices_has_allow_or_deny(struct lxc_handler *h, char *v, bool for_allow); | |
9daf6f5d | 72 | static int do_setup_cgroup_limits(struct lxc_handler *h, struct lxc_list *cgroup_settings, bool do_devices); |
33ad9f1a CS |
73 | static int cgroup_recursive_task_count(const char *cgroup_path); |
74 | static int count_lines(const char *fn); | |
1ea59ad2 | 75 | static int handle_cgroup_settings(struct cgroup_mount_point *mp, char *cgroup_path); |
d703c2b1 | 76 | static bool init_cpuset_if_needed(struct cgroup_mount_point *mp, const char *path); |
33ad9f1a | 77 | |
d4ef7c50 SH |
78 | static struct cgroup_ops cgfs_ops; |
79 | struct cgroup_ops *active_cg_ops = &cgfs_ops; | |
80 | static void init_cg_ops(void); | |
81 | ||
82 | #ifdef HAVE_CGMANAGER | |
83 | /* this needs to be mutexed for api use */ | |
84 | extern bool cgmanager_initialized; | |
85 | extern bool use_cgmanager; | |
86 | extern bool lxc_init_cgmanager(void); | |
87 | #else | |
88 | static bool cgmanager_initialized = false; | |
89 | static bool use_cgmanager = false; | |
90 | static bool lxc_init_cgmanager(void) { return false; } | |
91 | #endif | |
92 | ||
603c64c2 SH |
93 | static int cgroup_rmdir(char *dirname) |
94 | { | |
95 | struct dirent dirent, *direntp; | |
96 | int saved_errno = 0; | |
97 | DIR *dir; | |
98 | int ret, failed=0; | |
99 | char pathname[MAXPATHLEN]; | |
100 | ||
101 | dir = opendir(dirname); | |
102 | if (!dir) { | |
103 | ERROR("%s: failed to open %s", __func__, dirname); | |
104 | return -1; | |
105 | } | |
106 | ||
107 | while (!readdir_r(dir, &dirent, &direntp)) { | |
108 | struct stat mystat; | |
109 | int rc; | |
110 | ||
111 | if (!direntp) | |
112 | break; | |
113 | ||
114 | if (!strcmp(direntp->d_name, ".") || | |
115 | !strcmp(direntp->d_name, "..")) | |
116 | continue; | |
117 | ||
118 | rc = snprintf(pathname, MAXPATHLEN, "%s/%s", dirname, direntp->d_name); | |
119 | if (rc < 0 || rc >= MAXPATHLEN) { | |
120 | ERROR("pathname too long"); | |
121 | failed=1; | |
122 | if (!saved_errno) | |
123 | saved_errno = -ENOMEM; | |
124 | continue; | |
125 | } | |
126 | ret = lstat(pathname, &mystat); | |
127 | if (ret) { | |
128 | SYSERROR("%s: failed to stat %s", __func__, pathname); | |
129 | failed=1; | |
130 | if (!saved_errno) | |
131 | saved_errno = errno; | |
132 | continue; | |
133 | } | |
134 | if (S_ISDIR(mystat.st_mode)) { | |
135 | if (cgroup_rmdir(pathname) < 0) { | |
136 | if (!saved_errno) | |
137 | saved_errno = errno; | |
138 | failed=1; | |
139 | } | |
140 | } | |
141 | } | |
142 | ||
143 | if (rmdir(dirname) < 0) { | |
144 | SYSERROR("%s: failed to delete %s", __func__, dirname); | |
145 | if (!saved_errno) | |
146 | saved_errno = errno; | |
147 | failed=1; | |
148 | } | |
149 | ||
150 | ret = closedir(dir); | |
151 | if (ret) { | |
152 | SYSERROR("%s: failed to close directory %s", __func__, dirname); | |
153 | if (!saved_errno) | |
154 | saved_errno = errno; | |
155 | failed=1; | |
156 | } | |
157 | ||
158 | errno = saved_errno; | |
159 | return failed ? -1 : 0; | |
160 | } | |
161 | ||
33ad9f1a CS |
162 | struct cgroup_meta_data *lxc_cgroup_load_meta() |
163 | { | |
164 | const char *cgroup_use = NULL; | |
165 | char **cgroup_use_list = NULL; | |
166 | struct cgroup_meta_data *md = NULL; | |
167 | int saved_errno; | |
168 | ||
169 | errno = 0; | |
593e8478 | 170 | cgroup_use = lxc_global_config_value("lxc.cgroup.use"); |
33ad9f1a CS |
171 | if (!cgroup_use && errno != 0) |
172 | return NULL; | |
173 | if (cgroup_use) { | |
174 | cgroup_use_list = lxc_string_split_and_trim(cgroup_use, ','); | |
175 | if (!cgroup_use_list) | |
176 | return NULL; | |
177 | } | |
576f946d | 178 | |
33ad9f1a CS |
179 | md = lxc_cgroup_load_meta2((const char **)cgroup_use_list); |
180 | saved_errno = errno; | |
181 | lxc_free_array((void **)cgroup_use_list, free); | |
182 | errno = saved_errno; | |
183 | return md; | |
184 | } | |
fd37327f | 185 | |
b653309a | 186 | /* Step 1: determine all kernel subsystems */ |
d4ef7c50 | 187 | bool find_cgroup_subsystems(char ***kernel_subsystems) |
1d39a065 | 188 | { |
b653309a SH |
189 | FILE *proc_cgroups; |
190 | bool bret = false; | |
33ad9f1a CS |
191 | char *line = NULL; |
192 | size_t sz = 0; | |
b653309a SH |
193 | size_t kernel_subsystems_count = 0; |
194 | size_t kernel_subsystems_capacity = 0; | |
195 | int r; | |
1d39a065 | 196 | |
33ad9f1a CS |
197 | proc_cgroups = fopen_cloexec("/proc/cgroups", "r"); |
198 | if (!proc_cgroups) | |
b653309a | 199 | return false; |
1d39a065 | 200 | |
33ad9f1a CS |
201 | while (getline(&line, &sz, proc_cgroups) != -1) { |
202 | char *tab1; | |
203 | char *tab2; | |
204 | int hierarchy_number; | |
1d39a065 | 205 | |
33ad9f1a CS |
206 | if (line[0] == '#') |
207 | continue; | |
208 | if (!line[0]) | |
209 | continue; | |
1d39a065 | 210 | |
33ad9f1a CS |
211 | tab1 = strchr(line, '\t'); |
212 | if (!tab1) | |
8900b9eb | 213 | continue; |
33ad9f1a CS |
214 | *tab1++ = '\0'; |
215 | tab2 = strchr(tab1, '\t'); | |
216 | if (!tab2) | |
217 | continue; | |
218 | *tab2 = '\0'; | |
fd37327f | 219 | |
33ad9f1a CS |
220 | tab2 = NULL; |
221 | hierarchy_number = strtoul(tab1, &tab2, 10); | |
222 | if (!tab2 || *tab2) | |
223 | continue; | |
224 | (void)hierarchy_number; | |
225 | ||
b653309a | 226 | r = lxc_grow_array((void ***)kernel_subsystems, &kernel_subsystems_capacity, kernel_subsystems_count + 1, 12); |
33ad9f1a | 227 | if (r < 0) |
b653309a SH |
228 | goto out; |
229 | (*kernel_subsystems)[kernel_subsystems_count] = strdup(line); | |
230 | if (!(*kernel_subsystems)[kernel_subsystems_count]) | |
231 | goto out; | |
33ad9f1a | 232 | kernel_subsystems_count++; |
bcbd102c | 233 | } |
b653309a | 234 | bret = true; |
0d9f8e18 | 235 | |
b653309a | 236 | out: |
33ad9f1a | 237 | fclose(proc_cgroups); |
0ccf7c2a | 238 | free(line); |
b653309a SH |
239 | return bret; |
240 | } | |
241 | ||
242 | /* Step 2: determine all hierarchies (by reading /proc/self/cgroup), | |
243 | * since mount points don't specify hierarchy number and | |
244 | * /proc/cgroups does not contain named hierarchies | |
245 | */ | |
246 | static bool find_cgroup_hierarchies(struct cgroup_meta_data *meta_data, | |
247 | bool all_kernel_subsystems, bool all_named_subsystems, | |
248 | const char **subsystem_whitelist) | |
249 | { | |
250 | FILE *proc_self_cgroup; | |
251 | char *line = NULL; | |
252 | size_t sz = 0; | |
253 | int r; | |
254 | bool bret = false; | |
255 | size_t hierarchy_capacity = 0; | |
ef6e34ee | 256 | |
33ad9f1a CS |
257 | proc_self_cgroup = fopen_cloexec("/proc/self/cgroup", "r"); |
258 | /* if for some reason (because of setns() and pid namespace for example), | |
259 | * /proc/self is not valid, we try /proc/1/cgroup... */ | |
260 | if (!proc_self_cgroup) | |
261 | proc_self_cgroup = fopen_cloexec("/proc/1/cgroup", "r"); | |
262 | if (!proc_self_cgroup) | |
b653309a | 263 | return false; |
33ad9f1a CS |
264 | |
265 | while (getline(&line, &sz, proc_self_cgroup) != -1) { | |
266 | /* file format: hierarchy:subsystems:group, | |
267 | * we only extract hierarchy and subsystems | |
268 | * here */ | |
269 | char *colon1; | |
270 | char *colon2; | |
271 | int hierarchy_number; | |
272 | struct cgroup_hierarchy *h = NULL; | |
273 | char **p; | |
274 | ||
275 | if (!line[0]) | |
276 | continue; | |
ad08bbb7 | 277 | |
33ad9f1a CS |
278 | colon1 = strchr(line, ':'); |
279 | if (!colon1) | |
8900b9eb | 280 | continue; |
33ad9f1a CS |
281 | *colon1++ = '\0'; |
282 | colon2 = strchr(colon1, ':'); | |
283 | if (!colon2) | |
284 | continue; | |
285 | *colon2 = '\0'; | |
ad08bbb7 | 286 | |
33ad9f1a CS |
287 | colon2 = NULL; |
288 | hierarchy_number = strtoul(line, &colon2, 10); | |
289 | if (!colon2 || *colon2) | |
290 | continue; | |
576f946d | 291 | |
33ad9f1a CS |
292 | if (hierarchy_number > meta_data->maximum_hierarchy) { |
293 | /* lxc_grow_array will never shrink, so even if we find a lower | |
294 | * hierarchy number here, the array will never be smaller | |
295 | */ | |
296 | r = lxc_grow_array((void ***)&meta_data->hierarchies, &hierarchy_capacity, hierarchy_number + 1, 12); | |
297 | if (r < 0) | |
b653309a | 298 | goto out; |
5193cc3d | 299 | |
33ad9f1a CS |
300 | meta_data->maximum_hierarchy = hierarchy_number; |
301 | } | |
fd37327f | 302 | |
33ad9f1a CS |
303 | /* this shouldn't happen, we had this already */ |
304 | if (meta_data->hierarchies[hierarchy_number]) | |
b653309a | 305 | goto out; |
33ad9f1a CS |
306 | |
307 | h = calloc(1, sizeof(struct cgroup_hierarchy)); | |
308 | if (!h) | |
b653309a | 309 | goto out; |
33ad9f1a CS |
310 | |
311 | meta_data->hierarchies[hierarchy_number] = h; | |
312 | ||
313 | h->index = hierarchy_number; | |
314 | h->subsystems = lxc_string_split_and_trim(colon1, ','); | |
315 | if (!h->subsystems) | |
b653309a | 316 | goto out; |
33ad9f1a CS |
317 | /* see if this hierarchy should be considered */ |
318 | if (!all_kernel_subsystems || !all_named_subsystems) { | |
319 | for (p = h->subsystems; *p; p++) { | |
320 | if (!strncmp(*p, "name=", 5)) { | |
321 | if (all_named_subsystems || (subsystem_whitelist && lxc_string_in_array(*p, subsystem_whitelist))) { | |
322 | h->used = true; | |
323 | break; | |
324 | } | |
325 | } else { | |
326 | if (all_kernel_subsystems || (subsystem_whitelist && lxc_string_in_array(*p, subsystem_whitelist))) { | |
327 | h->used = true; | |
328 | break; | |
329 | } | |
330 | } | |
331 | } | |
332 | } else { | |
333 | /* we want all hierarchy anyway */ | |
334 | h->used = true; | |
ae5c8b8e | 335 | } |
ae5c8b8e | 336 | } |
b653309a | 337 | bret = true; |
0b9c21ab | 338 | |
b653309a | 339 | out: |
33ad9f1a | 340 | fclose(proc_self_cgroup); |
0ccf7c2a | 341 | free(line); |
b653309a SH |
342 | return bret; |
343 | } | |
344 | ||
345 | /* Step 3: determine all mount points of each hierarchy */ | |
346 | static bool find_hierarchy_mountpts( struct cgroup_meta_data *meta_data, char **kernel_subsystems) | |
347 | { | |
348 | bool bret = false; | |
349 | FILE *proc_self_mountinfo; | |
350 | char *line = NULL; | |
351 | size_t sz = 0; | |
352 | char **tokens = NULL; | |
353 | size_t mount_point_count = 0; | |
354 | size_t mount_point_capacity = 0; | |
355 | size_t token_capacity = 0; | |
356 | int r; | |
357 | ||
33ad9f1a CS |
358 | proc_self_mountinfo = fopen_cloexec("/proc/self/mountinfo", "r"); |
359 | /* if for some reason (because of setns() and pid namespace for example), | |
360 | * /proc/self is not valid, we try /proc/1/cgroup... */ | |
361 | if (!proc_self_mountinfo) | |
362 | proc_self_mountinfo = fopen_cloexec("/proc/1/mountinfo", "r"); | |
363 | if (!proc_self_mountinfo) | |
b653309a | 364 | return false; |
33ad9f1a CS |
365 | |
366 | while (getline(&line, &sz, proc_self_mountinfo) != -1) { | |
178938fe | 367 | char *token, *line_tok, *saveptr = NULL; |
33ad9f1a CS |
368 | size_t i, j, k; |
369 | struct cgroup_mount_point *mount_point; | |
370 | struct cgroup_hierarchy *h; | |
371 | char **subsystems; | |
372 | ||
373 | if (line[0] && line[strlen(line) - 1] == '\n') | |
374 | line[strlen(line) - 1] = '\0'; | |
375 | ||
178938fe | 376 | for (i = 0, line_tok = line; (token = strtok_r(line_tok, " ", &saveptr)); line_tok = NULL) { |
33ad9f1a CS |
377 | r = lxc_grow_array((void ***)&tokens, &token_capacity, i + 1, 64); |
378 | if (r < 0) | |
b653309a | 379 | goto out; |
33ad9f1a CS |
380 | tokens[i++] = token; |
381 | } | |
b98f7d6e | 382 | |
33ad9f1a CS |
383 | /* layout of /proc/self/mountinfo: |
384 | * 0: id | |
385 | * 1: parent id | |
386 | * 2: device major:minor | |
387 | * 3: mount prefix | |
8900b9eb | 388 | * 4: mount point |
33ad9f1a CS |
389 | * 5: per-mount options |
390 | * [optional X]: additional data | |
391 | * X+7: "-" | |
392 | * X+8: type | |
393 | * X+9: source | |
394 | * X+10: per-superblock options | |
395 | */ | |
396 | for (j = 6; j < i && tokens[j]; j++) | |
397 | if (!strcmp(tokens[j], "-")) | |
398 | break; | |
fd4f5a56 | 399 | |
33ad9f1a CS |
400 | /* could not find separator */ |
401 | if (j >= i || !tokens[j]) | |
402 | continue; | |
403 | /* there should be exactly three fields after | |
404 | * the separator | |
405 | */ | |
406 | if (i != j + 4) | |
407 | continue; | |
fd4f5a56 | 408 | |
33ad9f1a CS |
409 | /* not a cgroup filesystem */ |
410 | if (strcmp(tokens[j + 1], "cgroup") != 0) | |
411 | continue; | |
b98f7d6e | 412 | |
33ad9f1a CS |
413 | subsystems = subsystems_from_mount_options(tokens[j + 3], kernel_subsystems); |
414 | if (!subsystems) | |
b653309a | 415 | goto out; |
33ad9f1a CS |
416 | |
417 | h = NULL; | |
418 | for (k = 1; k <= meta_data->maximum_hierarchy; k++) { | |
419 | if (meta_data->hierarchies[k] && | |
420 | meta_data->hierarchies[k]->subsystems[0] && | |
421 | lxc_string_in_array(meta_data->hierarchies[k]->subsystems[0], (const char **)subsystems)) { | |
422 | /* TODO: we could also check if the lists really match completely, | |
423 | * just to have an additional sanity check */ | |
424 | h = meta_data->hierarchies[k]; | |
b98f7d6e | 425 | break; |
33ad9f1a | 426 | } |
b98f7d6e | 427 | } |
33ad9f1a CS |
428 | lxc_free_array((void **)subsystems, free); |
429 | ||
430 | r = lxc_grow_array((void ***)&meta_data->mount_points, &mount_point_capacity, mount_point_count + 1, 12); | |
431 | if (r < 0) | |
b653309a | 432 | goto out; |
33ad9f1a CS |
433 | |
434 | /* create mount point object */ | |
435 | mount_point = calloc(1, sizeof(*mount_point)); | |
436 | if (!mount_point) | |
b653309a | 437 | goto out; |
33ad9f1a CS |
438 | |
439 | meta_data->mount_points[mount_point_count++] = mount_point; | |
440 | ||
441 | mount_point->hierarchy = h; | |
442 | mount_point->mount_point = strdup(tokens[4]); | |
443 | mount_point->mount_prefix = strdup(tokens[3]); | |
444 | if (!mount_point->mount_point || !mount_point->mount_prefix) | |
b653309a | 445 | goto out; |
33ad9f1a CS |
446 | mount_point->read_only = !lxc_string_in_list("rw", tokens[5], ','); |
447 | ||
448 | if (!strcmp(mount_point->mount_prefix, "/")) { | |
449 | if (mount_point->read_only) { | |
450 | if (!h->ro_absolute_mount_point) | |
451 | h->ro_absolute_mount_point = mount_point; | |
452 | } else { | |
453 | if (!h->rw_absolute_mount_point) | |
454 | h->rw_absolute_mount_point = mount_point; | |
455 | } | |
b98f7d6e | 456 | } |
ae5c8b8e | 457 | |
33ad9f1a CS |
458 | k = lxc_array_len((void **)h->all_mount_points); |
459 | r = lxc_grow_array((void ***)&h->all_mount_points, &h->all_mount_point_capacity, k + 1, 4); | |
460 | if (r < 0) | |
b653309a | 461 | goto out; |
33ad9f1a | 462 | h->all_mount_points[k] = mount_point; |
fd4f5a56 | 463 | } |
b653309a SH |
464 | bret = true; |
465 | ||
466 | out: | |
b653309a | 467 | fclose(proc_self_mountinfo); |
b653309a | 468 | free(tokens); |
2cdafc54 | 469 | free(line); |
b653309a SH |
470 | return bret; |
471 | } | |
472 | ||
473 | struct cgroup_meta_data *lxc_cgroup_load_meta2(const char **subsystem_whitelist) | |
474 | { | |
475 | bool all_kernel_subsystems = true; | |
476 | bool all_named_subsystems = false; | |
477 | struct cgroup_meta_data *meta_data = NULL; | |
478 | char **kernel_subsystems = NULL; | |
479 | int saved_errno = 0; | |
480 | ||
481 | /* if the subsystem whitelist is not specified, include all | |
482 | * hierarchies that contain kernel subsystems by default but | |
483 | * no hierarchies that only contain named subsystems | |
484 | * | |
485 | * if it is specified, the specifier @all will select all | |
486 | * hierarchies, @kernel will select all hierarchies with | |
487 | * kernel subsystems and @named will select all named | |
488 | * hierarchies | |
489 | */ | |
490 | all_kernel_subsystems = subsystem_whitelist ? | |
491 | (lxc_string_in_array("@kernel", subsystem_whitelist) || lxc_string_in_array("@all", subsystem_whitelist)) : | |
492 | true; | |
493 | all_named_subsystems = subsystem_whitelist ? | |
494 | (lxc_string_in_array("@named", subsystem_whitelist) || lxc_string_in_array("@all", subsystem_whitelist)) : | |
495 | false; | |
496 | ||
497 | meta_data = calloc(1, sizeof(struct cgroup_meta_data)); | |
498 | if (!meta_data) | |
499 | return NULL; | |
500 | meta_data->ref = 1; | |
501 | ||
502 | if (!find_cgroup_subsystems(&kernel_subsystems)) | |
503 | goto out_error; | |
504 | ||
505 | if (!find_cgroup_hierarchies(meta_data, all_kernel_subsystems, | |
506 | all_named_subsystems, subsystem_whitelist)) | |
507 | goto out_error; | |
508 | ||
509 | if (!find_hierarchy_mountpts(meta_data, kernel_subsystems)) | |
510 | goto out_error; | |
fd4f5a56 | 511 | |
33ad9f1a CS |
512 | /* oops, we couldn't find anything */ |
513 | if (!meta_data->hierarchies || !meta_data->mount_points) { | |
514 | errno = EINVAL; | |
515 | goto out_error; | |
ae5c8b8e | 516 | } |
fd4f5a56 | 517 | |
3a0abb3a | 518 | lxc_free_array((void **)kernel_subsystems, free); |
33ad9f1a CS |
519 | return meta_data; |
520 | ||
521 | out_error: | |
522 | saved_errno = errno; | |
33ad9f1a CS |
523 | lxc_free_array((void **)kernel_subsystems, free); |
524 | lxc_cgroup_put_meta(meta_data); | |
525 | errno = saved_errno; | |
526 | return NULL; | |
fd4f5a56 DL |
527 | } |
528 | ||
33ad9f1a | 529 | struct cgroup_meta_data *lxc_cgroup_get_meta(struct cgroup_meta_data *meta_data) |
e14f67a7 | 530 | { |
33ad9f1a CS |
531 | meta_data->ref++; |
532 | return meta_data; | |
533 | } | |
e14f67a7 | 534 | |
33ad9f1a CS |
535 | struct cgroup_meta_data *lxc_cgroup_put_meta(struct cgroup_meta_data *meta_data) |
536 | { | |
537 | size_t i; | |
538 | if (!meta_data) | |
539 | return NULL; | |
540 | if (--meta_data->ref > 0) | |
541 | return meta_data; | |
542 | lxc_free_array((void **)meta_data->mount_points, (lxc_free_fn)lxc_cgroup_mount_point_free); | |
543 | if (meta_data->hierarchies) { | |
544 | for (i = 0; i <= meta_data->maximum_hierarchy; i++) | |
545 | lxc_cgroup_hierarchy_free(meta_data->hierarchies[i]); | |
e14f67a7 | 546 | } |
33ad9f1a | 547 | free(meta_data->hierarchies); |
178938fe | 548 | free(meta_data); |
33ad9f1a | 549 | return NULL; |
e14f67a7 U |
550 | } |
551 | ||
33ad9f1a | 552 | struct cgroup_hierarchy *lxc_cgroup_find_hierarchy(struct cgroup_meta_data *meta_data, const char *subsystem) |
e14f67a7 | 553 | { |
33ad9f1a CS |
554 | size_t i; |
555 | for (i = 0; i <= meta_data->maximum_hierarchy; i++) { | |
556 | struct cgroup_hierarchy *h = meta_data->hierarchies[i]; | |
557 | if (h && lxc_string_in_array(subsystem, (const char **)h->subsystems)) | |
558 | return h; | |
e14f67a7 | 559 | } |
e14f67a7 U |
560 | return NULL; |
561 | } | |
562 | ||
33ad9f1a | 563 | struct cgroup_mount_point *lxc_cgroup_find_mount_point(struct cgroup_hierarchy *hierarchy, const char *group, bool should_be_writable) |
b98f7d6e | 564 | { |
33ad9f1a CS |
565 | struct cgroup_mount_point **mps; |
566 | struct cgroup_mount_point *current_result = NULL; | |
567 | ssize_t quality = -1; | |
b98f7d6e | 568 | |
33ad9f1a CS |
569 | /* trivial case */ |
570 | if (hierarchy->rw_absolute_mount_point) | |
571 | return hierarchy->rw_absolute_mount_point; | |
572 | if (!should_be_writable && hierarchy->ro_absolute_mount_point) | |
573 | return hierarchy->ro_absolute_mount_point; | |
b98f7d6e | 574 | |
33ad9f1a CS |
575 | for (mps = hierarchy->all_mount_points; mps && *mps; mps++) { |
576 | struct cgroup_mount_point *mp = *mps; | |
577 | size_t prefix_len = mp->mount_prefix ? strlen(mp->mount_prefix) : 0; | |
b98f7d6e | 578 | |
33ad9f1a CS |
579 | if (prefix_len == 1 && mp->mount_prefix[0] == '/') |
580 | prefix_len = 0; | |
b98f7d6e | 581 | |
33ad9f1a CS |
582 | if (should_be_writable && mp->read_only) |
583 | continue; | |
584 | ||
585 | if (!prefix_len || | |
586 | (strncmp(group, mp->mount_prefix, prefix_len) == 0 && | |
587 | (group[prefix_len] == '\0' || group[prefix_len] == '/'))) { | |
588 | /* search for the best quality match, i.e. the match with the | |
589 | * shortest prefix where this group is still contained | |
590 | */ | |
591 | if (quality == -1 || prefix_len < quality) { | |
592 | current_result = mp; | |
593 | quality = prefix_len; | |
594 | } | |
b98f7d6e SH |
595 | } |
596 | } | |
597 | ||
33ad9f1a CS |
598 | if (!current_result) |
599 | errno = ENOENT; | |
600 | return current_result; | |
b98f7d6e SH |
601 | } |
602 | ||
33ad9f1a | 603 | char *lxc_cgroup_find_abs_path(const char *subsystem, const char *group, bool should_be_writable, const char *suffix) |
b98f7d6e | 604 | { |
33ad9f1a CS |
605 | struct cgroup_meta_data *meta_data; |
606 | struct cgroup_hierarchy *h; | |
607 | struct cgroup_mount_point *mp; | |
608 | char *result; | |
609 | int saved_errno; | |
610 | ||
611 | meta_data = lxc_cgroup_load_meta(); | |
612 | if (!meta_data) | |
613 | return NULL; | |
b98f7d6e | 614 | |
33ad9f1a CS |
615 | h = lxc_cgroup_find_hierarchy(meta_data, subsystem); |
616 | if (!h) | |
617 | goto out_error; | |
b98f7d6e | 618 | |
33ad9f1a CS |
619 | mp = lxc_cgroup_find_mount_point(h, group, should_be_writable); |
620 | if (!mp) | |
621 | goto out_error; | |
b98f7d6e | 622 | |
33ad9f1a CS |
623 | result = cgroup_to_absolute_path(mp, group, suffix); |
624 | if (!result) | |
625 | goto out_error; | |
b98f7d6e | 626 | |
33ad9f1a CS |
627 | lxc_cgroup_put_meta(meta_data); |
628 | return result; | |
b98f7d6e | 629 | |
33ad9f1a CS |
630 | out_error: |
631 | saved_errno = errno; | |
632 | lxc_cgroup_put_meta(meta_data); | |
633 | errno = saved_errno; | |
634 | return NULL; | |
b98f7d6e SH |
635 | } |
636 | ||
33ad9f1a | 637 | struct cgroup_process_info *lxc_cgroup_process_info_get(pid_t pid, struct cgroup_meta_data *meta) |
fd4f5a56 | 638 | { |
33ad9f1a CS |
639 | char pid_buf[32]; |
640 | snprintf(pid_buf, 32, "/proc/%lu/cgroup", (unsigned long)pid); | |
641 | return lxc_cgroup_process_info_getx(pid_buf, meta); | |
c8f7c563 CS |
642 | } |
643 | ||
33ad9f1a | 644 | struct cgroup_process_info *lxc_cgroup_process_info_get_init(struct cgroup_meta_data *meta) |
c8f7c563 | 645 | { |
33ad9f1a CS |
646 | return lxc_cgroup_process_info_get(1, meta); |
647 | } | |
b98f7d6e | 648 | |
33ad9f1a CS |
649 | struct cgroup_process_info *lxc_cgroup_process_info_get_self(struct cgroup_meta_data *meta) |
650 | { | |
651 | struct cgroup_process_info *i; | |
652 | i = lxc_cgroup_process_info_getx("/proc/self/cgroup", meta); | |
653 | if (!i) | |
654 | i = lxc_cgroup_process_info_get(getpid(), meta); | |
655 | return i; | |
656 | } | |
ae5c8b8e | 657 | |
692ba18f SH |
658 | /* |
659 | * If a controller has ns cgroup mounted, then in that cgroup the handler->pid | |
660 | * is already in a new cgroup named after the pid. 'mnt' is passed in as | |
661 | * the full current cgroup. Say that is /sys/fs/cgroup/lxc/2975 and the container | |
662 | * name is c1. . We want to rename the cgroup directory to /sys/fs/cgroup/lxc/c1, | |
663 | * and return the string /sys/fs/cgroup/lxc/c1. | |
664 | */ | |
cea0552e | 665 | static char *cgroup_rename_nsgroup(const char *mountpath, const char *oldname, pid_t pid, const char *name) |
692ba18f SH |
666 | { |
667 | char *dir, *fulloldpath; | |
668 | char *newname, *fullnewpath; | |
cea0552e | 669 | int len, newlen, ret; |
692ba18f SH |
670 | |
671 | /* | |
672 | * if cgroup is mounted at /cgroup and task is in cgroup /ab/, pid 2375 and | |
673 | * name is c1, | |
674 | * dir: /ab | |
675 | * fulloldpath = /cgroup/ab/2375 | |
676 | * fullnewpath = /cgroup/ab/c1 | |
677 | * newname = /ab/c1 | |
678 | */ | |
679 | dir = alloca(strlen(oldname) + 1); | |
680 | strcpy(dir, oldname); | |
681 | ||
cea0552e SH |
682 | len = strlen(oldname) + strlen(mountpath) + 22; |
683 | fulloldpath = alloca(len); | |
684 | ret = snprintf(fulloldpath, len, "%s/%s/%ld", mountpath, oldname, (unsigned long)pid); | |
685 | if (ret < 0 || ret >= len) | |
686 | return NULL; | |
692ba18f SH |
687 | |
688 | len = strlen(dir) + strlen(name) + 2; | |
689 | newname = malloc(len); | |
690 | if (!newname) { | |
691 | SYSERROR("Out of memory"); | |
692 | return NULL; | |
693 | } | |
cea0552e SH |
694 | ret = snprintf(newname, len, "%s/%s", dir, name); |
695 | if (ret < 0 || ret >= len) { | |
696 | free(newname); | |
697 | return NULL; | |
698 | } | |
692ba18f | 699 | |
cea0552e SH |
700 | newlen = strlen(mountpath) + len + 2; |
701 | fullnewpath = alloca(newlen); | |
702 | ret = snprintf(fullnewpath, newlen, "%s/%s", mountpath, newname); | |
703 | if (ret < 0 || ret >= newlen) { | |
704 | free(newname); | |
705 | return NULL; | |
706 | } | |
692ba18f SH |
707 | |
708 | if (access(fullnewpath, F_OK) == 0) { | |
709 | if (rmdir(fullnewpath) != 0) { | |
710 | SYSERROR("container cgroup %s already exists.", fullnewpath); | |
711 | free(newname); | |
712 | return NULL; | |
713 | } | |
714 | } | |
715 | if (rename(fulloldpath, fullnewpath)) { | |
716 | SYSERROR("failed to rename cgroup %s->%s", fulloldpath, fullnewpath); | |
717 | free(newname); | |
718 | return NULL; | |
719 | } | |
720 | ||
721 | DEBUG("'%s' renamed to '%s'", oldname, newname); | |
722 | ||
723 | return newname; | |
724 | } | |
725 | ||
33ad9f1a | 726 | /* create a new cgroup */ |
d4ef7c50 | 727 | struct cgroup_process_info *lxc_cgroupfs_create(const char *name, const char *path_pattern, struct cgroup_meta_data *meta_data, const char *sub_pattern) |
33ad9f1a | 728 | { |
001b026e | 729 | char **cgroup_path_components = NULL; |
33ad9f1a CS |
730 | char **p = NULL; |
731 | char *path_so_far = NULL; | |
732 | char **new_cgroup_paths = NULL; | |
733 | char **new_cgroup_paths_sub = NULL; | |
734 | struct cgroup_mount_point *mp; | |
735 | struct cgroup_hierarchy *h; | |
736 | struct cgroup_process_info *base_info = NULL; | |
737 | struct cgroup_process_info *info_ptr; | |
738 | int saved_errno; | |
739 | int r; | |
740 | unsigned suffix = 0; | |
741 | bool had_sub_pattern = false; | |
742 | size_t i; | |
ae5c8b8e | 743 | |
33ad9f1a CS |
744 | if (!is_valid_cgroup(name)) { |
745 | ERROR("Invalid cgroup name: '%s'", name); | |
746 | errno = EINVAL; | |
747 | return NULL; | |
ae5c8b8e SH |
748 | } |
749 | ||
33ad9f1a CS |
750 | if (!strstr(path_pattern, "%n")) { |
751 | ERROR("Invalid cgroup path pattern: '%s'; contains no %%n for specifying container name", path_pattern); | |
752 | errno = EINVAL; | |
753 | return NULL; | |
754 | } | |
fd37327f | 755 | |
33ad9f1a CS |
756 | /* we will modify the result of this operation directly, |
757 | * so we don't have to copy the data structure | |
758 | */ | |
759 | base_info = (path_pattern[0] == '/') ? | |
760 | lxc_cgroup_process_info_get_init(meta_data) : | |
761 | lxc_cgroup_process_info_get_self(meta_data); | |
762 | if (!base_info) | |
763 | return NULL; | |
c8f7c563 | 764 | |
33ad9f1a CS |
765 | new_cgroup_paths = calloc(meta_data->maximum_hierarchy + 1, sizeof(char *)); |
766 | if (!new_cgroup_paths) | |
767 | goto out_initial_error; | |
768 | ||
769 | new_cgroup_paths_sub = calloc(meta_data->maximum_hierarchy + 1, sizeof(char *)); | |
770 | if (!new_cgroup_paths_sub) | |
771 | goto out_initial_error; | |
772 | ||
773 | /* find mount points we can use */ | |
774 | for (info_ptr = base_info; info_ptr; info_ptr = info_ptr->next) { | |
775 | h = info_ptr->hierarchy; | |
776 | mp = lxc_cgroup_find_mount_point(h, info_ptr->cgroup_path, true); | |
777 | if (!mp) { | |
778 | ERROR("Could not find writable mount point for cgroup hierarchy %d while trying to create cgroup.", h->index); | |
779 | goto out_initial_error; | |
780 | } | |
781 | info_ptr->designated_mount_point = mp; | |
460a1cf0 | 782 | |
692ba18f SH |
783 | if (lxc_string_in_array("ns", (const char **)h->subsystems)) |
784 | continue; | |
2edb53c7 SH |
785 | if (handle_cgroup_settings(mp, info_ptr->cgroup_path) < 0) { |
786 | ERROR("Could not set clone_children to 1 for cpuset hierarchy in parent cgroup."); | |
33ad9f1a | 787 | goto out_initial_error; |
2edb53c7 | 788 | } |
33ad9f1a | 789 | } |
b98f7d6e | 790 | |
33ad9f1a CS |
791 | /* normalize the path */ |
792 | cgroup_path_components = lxc_normalize_path(path_pattern); | |
793 | if (!cgroup_path_components) | |
794 | goto out_initial_error; | |
795 | ||
796 | /* go through the path components to see if we can create them */ | |
797 | for (p = cgroup_path_components; *p || (sub_pattern && !had_sub_pattern); p++) { | |
798 | /* we only want to create the same component with -1, -2, etc. | |
799 | * if the component contains the container name itself, otherwise | |
800 | * it's not an error if it already exists | |
801 | */ | |
802 | char *p_eff = *p ? *p : (char *)sub_pattern; | |
803 | bool contains_name = strstr(p_eff, "%n"); | |
804 | char *current_component = NULL; | |
805 | char *current_subpath = NULL; | |
806 | char *current_entire_path = NULL; | |
807 | char *parts[3]; | |
808 | size_t j = 0; | |
809 | i = 0; | |
810 | ||
811 | /* if we are processing the subpattern, we want to make sure | |
812 | * loop is ended the next time around | |
813 | */ | |
814 | if (!*p) { | |
815 | had_sub_pattern = true; | |
816 | p--; | |
817 | } | |
b98f7d6e | 818 | |
33ad9f1a CS |
819 | goto find_name_on_this_level; |
820 | ||
821 | cleanup_name_on_this_level: | |
822 | /* This is reached if we found a name clash. | |
823 | * In that case, remove the cgroup from all previous hierarchies | |
824 | */ | |
825 | for (j = 0, info_ptr = base_info; j < i && info_ptr; info_ptr = info_ptr->next, j++) { | |
603c64c2 | 826 | r = remove_cgroup(info_ptr->designated_mount_point, info_ptr->created_paths[info_ptr->created_paths_count - 1], false); |
33ad9f1a CS |
827 | if (r < 0) |
828 | WARN("could not clean up cgroup we created when trying to create container"); | |
829 | free(info_ptr->created_paths[info_ptr->created_paths_count - 1]); | |
830 | info_ptr->created_paths[--info_ptr->created_paths_count] = NULL; | |
831 | } | |
832 | if (current_component != current_subpath) | |
833 | free(current_subpath); | |
834 | if (current_component != p_eff) | |
835 | free(current_component); | |
836 | current_component = current_subpath = NULL; | |
837 | /* try again with another suffix */ | |
838 | ++suffix; | |
839 | ||
840 | find_name_on_this_level: | |
841 | /* determine name of the path component we should create */ | |
842 | if (contains_name && suffix > 0) { | |
843 | char *buf = calloc(strlen(name) + 32, 1); | |
844 | if (!buf) | |
845 | goto out_initial_error; | |
846 | snprintf(buf, strlen(name) + 32, "%s-%u", name, suffix); | |
847 | current_component = lxc_string_replace("%n", buf, p_eff); | |
848 | free(buf); | |
849 | } else { | |
850 | current_component = contains_name ? lxc_string_replace("%n", name, p_eff) : p_eff; | |
851 | } | |
852 | parts[0] = path_so_far; | |
853 | parts[1] = current_component; | |
854 | parts[2] = NULL; | |
855 | current_subpath = path_so_far ? lxc_string_join("/", (const char **)parts, false) : current_component; | |
856 | ||
857 | /* Now go through each hierarchy and try to create the | |
858 | * corresponding cgroup | |
859 | */ | |
860 | for (i = 0, info_ptr = base_info; info_ptr; info_ptr = info_ptr->next, i++) { | |
861 | char *parts2[3]; | |
692ba18f SH |
862 | |
863 | if (lxc_string_in_array("ns", (const char **)info_ptr->hierarchy->subsystems)) | |
864 | continue; | |
33ad9f1a CS |
865 | current_entire_path = NULL; |
866 | ||
867 | parts2[0] = !strcmp(info_ptr->cgroup_path, "/") ? "" : info_ptr->cgroup_path; | |
868 | parts2[1] = current_subpath; | |
869 | parts2[2] = NULL; | |
870 | current_entire_path = lxc_string_join("/", (const char **)parts2, false); | |
871 | ||
872 | if (!*p) { | |
873 | /* we are processing the subpath, so only update that one */ | |
874 | free(new_cgroup_paths_sub[i]); | |
875 | new_cgroup_paths_sub[i] = strdup(current_entire_path); | |
876 | if (!new_cgroup_paths_sub[i]) | |
877 | goto cleanup_from_error; | |
878 | } else { | |
879 | /* remember which path was used on this controller */ | |
880 | free(new_cgroup_paths[i]); | |
881 | new_cgroup_paths[i] = strdup(current_entire_path); | |
882 | if (!new_cgroup_paths[i]) | |
883 | goto cleanup_from_error; | |
884 | } | |
fd4f5a56 | 885 | |
33ad9f1a CS |
886 | r = create_cgroup(info_ptr->designated_mount_point, current_entire_path); |
887 | if (r < 0 && errno == EEXIST && contains_name) { | |
888 | /* name clash => try new name with new suffix */ | |
889 | free(current_entire_path); | |
890 | current_entire_path = NULL; | |
891 | goto cleanup_name_on_this_level; | |
892 | } else if (r < 0 && errno != EEXIST) { | |
893 | SYSERROR("Could not create cgroup %s", current_entire_path); | |
894 | goto cleanup_from_error; | |
895 | } else if (r == 0) { | |
896 | /* successfully created */ | |
897 | r = lxc_grow_array((void ***)&info_ptr->created_paths, &info_ptr->created_paths_capacity, info_ptr->created_paths_count + 1, 8); | |
898 | if (r < 0) | |
899 | goto cleanup_from_error; | |
d703c2b1 RV |
900 | if (!init_cpuset_if_needed(info_ptr->designated_mount_point, current_entire_path)) { |
901 | ERROR("Failed to initialize cpuset in new '%s'.", current_entire_path); | |
902 | goto cleanup_from_error; | |
903 | } | |
33ad9f1a CS |
904 | info_ptr->created_paths[info_ptr->created_paths_count++] = current_entire_path; |
905 | } else { | |
906 | /* if we didn't create the cgroup, then we have to make sure that | |
907 | * further cgroups will be created properly | |
908 | */ | |
d703c2b1 | 909 | if (handle_cgroup_settings(info_ptr->designated_mount_point, info_ptr->cgroup_path) < 0) { |
f6ac3b9e | 910 | ERROR("Could not set clone_children to 1 for cpuset hierarchy in pre-existing cgroup."); |
33ad9f1a | 911 | goto cleanup_from_error; |
f6ac3b9e | 912 | } |
d703c2b1 RV |
913 | if (!init_cpuset_if_needed(info_ptr->designated_mount_point, info_ptr->cgroup_path)) { |
914 | ERROR("Failed to initialize cpuset in pre-existing '%s'.", info_ptr->cgroup_path); | |
915 | goto cleanup_from_error; | |
916 | } | |
33ad9f1a CS |
917 | |
918 | /* already existed but path component of pattern didn't contain '%n', | |
919 | * so this is not an error; but then we don't need current_entire_path | |
920 | * anymore... | |
921 | */ | |
922 | free(current_entire_path); | |
923 | current_entire_path = NULL; | |
924 | } | |
925 | } | |
fd4f5a56 | 926 | |
33ad9f1a CS |
927 | /* save path so far */ |
928 | free(path_so_far); | |
929 | path_so_far = strdup(current_subpath); | |
930 | if (!path_so_far) | |
931 | goto cleanup_from_error; | |
932 | ||
933 | /* cleanup */ | |
934 | if (current_component != current_subpath) | |
935 | free(current_subpath); | |
936 | if (current_component != p_eff) | |
937 | free(current_component); | |
938 | current_component = current_subpath = NULL; | |
939 | continue; | |
940 | ||
941 | cleanup_from_error: | |
942 | /* called if an error occured in the loop, so we | |
943 | * do some additional cleanup here | |
944 | */ | |
945 | saved_errno = errno; | |
946 | if (current_component != current_subpath) | |
947 | free(current_subpath); | |
948 | if (current_component != p_eff) | |
949 | free(current_component); | |
950 | free(current_entire_path); | |
951 | errno = saved_errno; | |
952 | goto out_initial_error; | |
fd4f5a56 DL |
953 | } |
954 | ||
33ad9f1a CS |
955 | /* we're done, now update the paths */ |
956 | for (i = 0, info_ptr = base_info; info_ptr; info_ptr = info_ptr->next, i++) { | |
47d8fb3b CS |
957 | /* ignore legacy 'ns' subsystem here, lxc_cgroup_create_legacy |
958 | * will take care of it | |
959 | * Since we do a continue in above loop, new_cgroup_paths[i] is | |
960 | * unset anyway, as is new_cgroup_paths_sub[i] | |
692ba18f | 961 | */ |
47d8fb3b CS |
962 | if (lxc_string_in_array("ns", (const char **)info_ptr->hierarchy->subsystems)) |
963 | continue; | |
964 | free(info_ptr->cgroup_path); | |
965 | info_ptr->cgroup_path = new_cgroup_paths[i]; | |
966 | info_ptr->cgroup_path_sub = new_cgroup_paths_sub[i]; | |
fd4f5a56 | 967 | } |
33ad9f1a CS |
968 | /* don't use lxc_free_array since we used the array members |
969 | * to store them in our result... | |
970 | */ | |
971 | free(new_cgroup_paths); | |
972 | free(new_cgroup_paths_sub); | |
973 | free(path_so_far); | |
974 | lxc_free_array((void **)cgroup_path_components, free); | |
975 | return base_info; | |
976 | ||
977 | out_initial_error: | |
978 | saved_errno = errno; | |
979 | free(path_so_far); | |
980 | lxc_cgroup_process_info_free_and_remove(base_info); | |
981 | lxc_free_array((void **)new_cgroup_paths, free); | |
982 | lxc_free_array((void **)new_cgroup_paths_sub, free); | |
983 | lxc_free_array((void **)cgroup_path_components, free); | |
984 | errno = saved_errno; | |
985 | return NULL; | |
c8f7c563 CS |
986 | } |
987 | ||
47d8fb3b CS |
988 | int lxc_cgroup_create_legacy(struct cgroup_process_info *base_info, const char *name, pid_t pid) |
989 | { | |
990 | struct cgroup_process_info *info_ptr; | |
991 | int r; | |
992 | ||
993 | for (info_ptr = base_info; info_ptr; info_ptr = info_ptr->next) { | |
994 | if (!lxc_string_in_array("ns", (const char **)info_ptr->hierarchy->subsystems)) | |
995 | continue; | |
996 | /* | |
997 | * For any path which has ns cgroup mounted, handler->pid is already | |
998 | * moved into a container called '%d % (handler->pid)'. Rename it to | |
999 | * the cgroup name and record that. | |
1000 | */ | |
1001 | char *tmp = cgroup_rename_nsgroup((const char *)info_ptr->designated_mount_point->mount_point, | |
1002 | info_ptr->cgroup_path, pid, name); | |
1003 | if (!tmp) | |
1004 | return -1; | |
1005 | free(info_ptr->cgroup_path); | |
1006 | info_ptr->cgroup_path = tmp; | |
1007 | r = lxc_grow_array((void ***)&info_ptr->created_paths, &info_ptr->created_paths_capacity, info_ptr->created_paths_count + 1, 8); | |
1008 | if (r < 0) | |
1009 | return -1; | |
1010 | tmp = strdup(tmp); | |
1011 | if (!tmp) | |
1012 | return -1; | |
1013 | info_ptr->created_paths[info_ptr->created_paths_count++] = tmp; | |
1014 | } | |
1015 | return 0; | |
1016 | } | |
1017 | ||
33ad9f1a CS |
1018 | /* get the cgroup membership of a given container */ |
1019 | struct cgroup_process_info *lxc_cgroup_get_container_info(const char *name, const char *lxcpath, struct cgroup_meta_data *meta_data) | |
c8f7c563 | 1020 | { |
33ad9f1a CS |
1021 | struct cgroup_process_info *result = NULL; |
1022 | int saved_errno = 0; | |
1023 | size_t i; | |
1024 | struct cgroup_process_info **cptr = &result; | |
1025 | struct cgroup_process_info *entry = NULL; | |
1026 | char *path = NULL; | |
1027 | ||
1028 | for (i = 0; i <= meta_data->maximum_hierarchy; i++) { | |
1029 | struct cgroup_hierarchy *h = meta_data->hierarchies[i]; | |
1030 | if (!h || !h->used) | |
1031 | continue; | |
c8f7c563 | 1032 | |
33ad9f1a CS |
1033 | /* use the command interface to look for the cgroup */ |
1034 | path = lxc_cmd_get_cgroup_path(name, lxcpath, h->subsystems[0]); | |
1035 | if (!path) | |
1036 | goto out_error; | |
1037 | ||
1038 | entry = calloc(1, sizeof(struct cgroup_process_info)); | |
1039 | if (!entry) | |
1040 | goto out_error; | |
1041 | entry->meta_ref = lxc_cgroup_get_meta(meta_data); | |
1042 | entry->hierarchy = h; | |
1043 | entry->cgroup_path = path; | |
1044 | path = NULL; | |
1045 | ||
1046 | /* it is not an error if we don't find anything here, | |
1047 | * it is up to the caller to decide what to do in that | |
1048 | * case */ | |
1049 | entry->designated_mount_point = lxc_cgroup_find_mount_point(h, entry->cgroup_path, true); | |
1050 | ||
1051 | *cptr = entry; | |
1052 | cptr = &entry->next; | |
1053 | entry = NULL; | |
c8f7c563 CS |
1054 | } |
1055 | ||
33ad9f1a CS |
1056 | return result; |
1057 | out_error: | |
1058 | saved_errno = errno; | |
1059 | free(path); | |
1060 | lxc_cgroup_process_info_free(result); | |
1061 | lxc_cgroup_process_info_free(entry); | |
1062 | errno = saved_errno; | |
1063 | return NULL; | |
fd4f5a56 DL |
1064 | } |
1065 | ||
33ad9f1a | 1066 | /* move a processs to the cgroups specified by the membership */ |
d4ef7c50 | 1067 | int lxc_cgroupfs_enter(struct cgroup_process_info *info, pid_t pid, bool enter_sub) |
4f17323e | 1068 | { |
33ad9f1a CS |
1069 | char pid_buf[32]; |
1070 | char *cgroup_tasks_fn; | |
1071 | int r; | |
1072 | struct cgroup_process_info *info_ptr; | |
1073 | ||
1074 | snprintf(pid_buf, 32, "%lu", (unsigned long)pid); | |
1075 | for (info_ptr = info; info_ptr; info_ptr = info_ptr->next) { | |
1076 | char *cgroup_path = (enter_sub && info_ptr->cgroup_path_sub) ? | |
1077 | info_ptr->cgroup_path_sub : | |
1078 | info_ptr->cgroup_path; | |
1079 | ||
1080 | if (!info_ptr->designated_mount_point) { | |
1081 | info_ptr->designated_mount_point = lxc_cgroup_find_mount_point(info_ptr->hierarchy, cgroup_path, true); | |
1082 | if (!info_ptr->designated_mount_point) { | |
1083 | SYSERROR("Could not add pid %lu to cgroup %s: internal error (couldn't find any writable mountpoint to cgroup filesystem)", (unsigned long)pid, cgroup_path); | |
1084 | return -1; | |
1085 | } | |
1086 | } | |
4f17323e | 1087 | |
33ad9f1a CS |
1088 | cgroup_tasks_fn = cgroup_to_absolute_path(info_ptr->designated_mount_point, cgroup_path, "/tasks"); |
1089 | if (!cgroup_tasks_fn) { | |
1090 | SYSERROR("Could not add pid %lu to cgroup %s: internal error", (unsigned long)pid, cgroup_path); | |
1091 | return -1; | |
1092 | } | |
4f17323e | 1093 | |
33ad9f1a | 1094 | r = lxc_write_to_file(cgroup_tasks_fn, pid_buf, strlen(pid_buf), false); |
5903da82 | 1095 | free(cgroup_tasks_fn); |
33ad9f1a CS |
1096 | if (r < 0) { |
1097 | SYSERROR("Could not add pid %lu to cgroup %s: internal error", (unsigned long)pid, cgroup_path); | |
1098 | return -1; | |
1099 | } | |
4f17323e CS |
1100 | } |
1101 | ||
33ad9f1a | 1102 | return 0; |
4f17323e CS |
1103 | } |
1104 | ||
33ad9f1a CS |
1105 | /* free process membership information */ |
1106 | void lxc_cgroup_process_info_free(struct cgroup_process_info *info) | |
fc7de561 | 1107 | { |
33ad9f1a CS |
1108 | struct cgroup_process_info *next; |
1109 | if (!info) | |
b98f7d6e | 1110 | return; |
33ad9f1a CS |
1111 | next = info->next; |
1112 | lxc_cgroup_put_meta(info->meta_ref); | |
1113 | free(info->cgroup_path); | |
1114 | free(info->cgroup_path_sub); | |
1115 | lxc_free_array((void **)info->created_paths, free); | |
1116 | free(info); | |
1117 | lxc_cgroup_process_info_free(next); | |
fc7de561 SH |
1118 | } |
1119 | ||
33ad9f1a CS |
1120 | /* free process membership information and remove cgroups that were created */ |
1121 | void lxc_cgroup_process_info_free_and_remove(struct cgroup_process_info *info) | |
b98f7d6e | 1122 | { |
33ad9f1a CS |
1123 | struct cgroup_process_info *next; |
1124 | char **pp; | |
1125 | if (!info) | |
1126 | return; | |
1127 | next = info->next; | |
603c64c2 | 1128 | { |
33ad9f1a CS |
1129 | struct cgroup_mount_point *mp = info->designated_mount_point; |
1130 | if (!mp) | |
1131 | mp = lxc_cgroup_find_mount_point(info->hierarchy, info->cgroup_path, true); | |
1132 | if (mp) | |
1133 | /* ignore return value here, perhaps we created the | |
1134 | * '/lxc' cgroup in this container but another container | |
1135 | * is still running (for example) | |
1136 | */ | |
603c64c2 SH |
1137 | (void)remove_cgroup(mp, info->cgroup_path, true); |
1138 | } | |
1139 | for (pp = info->created_paths; pp && *pp; pp++); | |
1140 | for ((void)(pp && --pp); info->created_paths && pp >= info->created_paths; --pp) { | |
33ad9f1a | 1141 | free(*pp); |
b98f7d6e | 1142 | } |
33ad9f1a CS |
1143 | free(info->created_paths); |
1144 | lxc_cgroup_put_meta(info->meta_ref); | |
1145 | free(info->cgroup_path); | |
1146 | free(info->cgroup_path_sub); | |
1147 | free(info); | |
9431aa65 | 1148 | lxc_cgroup_process_info_free_and_remove(next); |
33ad9f1a | 1149 | } |
b98f7d6e | 1150 | |
d4ef7c50 | 1151 | static char *lxc_cgroup_get_hierarchy_path_handler(const char *subsystem, struct lxc_handler *handler) |
33ad9f1a | 1152 | { |
d4ef7c50 SH |
1153 | struct cgfs_data *d = handler->cgroup_info->data; |
1154 | struct cgroup_process_info *info = d->info; | |
1155 | info = find_info_for_subsystem(info, subsystem); | |
33ad9f1a CS |
1156 | if (!info) |
1157 | return NULL; | |
1158 | return info->cgroup_path; | |
b98f7d6e SH |
1159 | } |
1160 | ||
33ad9f1a | 1161 | char *lxc_cgroup_get_hierarchy_path(const char *subsystem, const char *name, const char *lxcpath) |
b98f7d6e | 1162 | { |
33ad9f1a | 1163 | return lxc_cmd_get_cgroup_path(name, lxcpath, subsystem); |
b98f7d6e SH |
1164 | } |
1165 | ||
33ad9f1a | 1166 | char *lxc_cgroup_get_hierarchy_abs_path_handler(const char *subsystem, struct lxc_handler *handler) |
b98f7d6e | 1167 | { |
d4ef7c50 SH |
1168 | struct cgfs_data *d = handler->cgroup_info->data; |
1169 | struct cgroup_process_info *info = d->info; | |
33ad9f1a | 1170 | struct cgroup_mount_point *mp = NULL; |
d4ef7c50 SH |
1171 | |
1172 | info = find_info_for_subsystem(info, subsystem); | |
33ad9f1a CS |
1173 | if (!info) |
1174 | return NULL; | |
1175 | if (info->designated_mount_point) { | |
8900b9eb | 1176 | mp = info->designated_mount_point; |
33ad9f1a CS |
1177 | } else { |
1178 | mp = lxc_cgroup_find_mount_point(info->hierarchy, info->cgroup_path, true); | |
1179 | if (!mp) | |
1180 | return NULL; | |
b98f7d6e | 1181 | } |
33ad9f1a | 1182 | return cgroup_to_absolute_path(mp, info->cgroup_path, NULL); |
b98f7d6e | 1183 | } |
55c76589 | 1184 | |
33ad9f1a | 1185 | char *lxc_cgroup_get_hierarchy_abs_path(const char *subsystem, const char *name, const char *lxcpath) |
9a93d992 | 1186 | { |
33ad9f1a CS |
1187 | struct cgroup_meta_data *meta; |
1188 | struct cgroup_process_info *base_info, *info; | |
1189 | struct cgroup_mount_point *mp; | |
1190 | char *result = NULL; | |
33ad9f1a CS |
1191 | |
1192 | meta = lxc_cgroup_load_meta(); | |
1193 | if (!meta) | |
9a93d992 | 1194 | return NULL; |
33ad9f1a CS |
1195 | base_info = lxc_cgroup_get_container_info(name, lxcpath, meta); |
1196 | if (!base_info) | |
178938fe | 1197 | goto out1; |
33ad9f1a CS |
1198 | info = find_info_for_subsystem(base_info, subsystem); |
1199 | if (!info) | |
178938fe | 1200 | goto out2; |
33ad9f1a | 1201 | if (info->designated_mount_point) { |
8900b9eb | 1202 | mp = info->designated_mount_point; |
33ad9f1a CS |
1203 | } else { |
1204 | mp = lxc_cgroup_find_mount_point(info->hierarchy, info->cgroup_path, true); | |
1205 | if (!mp) | |
178938fe | 1206 | goto out3; |
33ad9f1a CS |
1207 | } |
1208 | result = cgroup_to_absolute_path(mp, info->cgroup_path, NULL); | |
178938fe | 1209 | out3: |
178938fe | 1210 | out2: |
33ad9f1a | 1211 | lxc_cgroup_process_info_free(base_info); |
178938fe | 1212 | out1: |
33ad9f1a | 1213 | lxc_cgroup_put_meta(meta); |
33ad9f1a CS |
1214 | return result; |
1215 | } | |
9a93d992 | 1216 | |
33ad9f1a CS |
1217 | int lxc_cgroup_set_handler(const char *filename, const char *value, struct lxc_handler *handler) |
1218 | { | |
1219 | char *subsystem = NULL, *p, *path; | |
1220 | int ret = -1; | |
9a93d992 | 1221 | |
33ad9f1a CS |
1222 | subsystem = alloca(strlen(filename) + 1); |
1223 | strcpy(subsystem, filename); | |
1224 | if ((p = index(subsystem, '.')) != NULL) | |
1225 | *p = '\0'; | |
9a93d992 | 1226 | |
33ad9f1a CS |
1227 | path = lxc_cgroup_get_hierarchy_abs_path_handler(subsystem, handler); |
1228 | if (path) { | |
1229 | ret = do_cgroup_set(path, filename, value); | |
1230 | free(path); | |
9a93d992 | 1231 | } |
33ad9f1a CS |
1232 | return ret; |
1233 | } | |
9a93d992 | 1234 | |
33ad9f1a CS |
1235 | int lxc_cgroup_get_handler(const char *filename, char *value, size_t len, struct lxc_handler *handler) |
1236 | { | |
1237 | char *subsystem = NULL, *p, *path; | |
1238 | int ret = -1; | |
1239 | ||
1240 | subsystem = alloca(strlen(filename) + 1); | |
1241 | strcpy(subsystem, filename); | |
1242 | if ((p = index(subsystem, '.')) != NULL) | |
1243 | *p = '\0'; | |
1244 | ||
1245 | path = lxc_cgroup_get_hierarchy_abs_path_handler(subsystem, handler); | |
1246 | if (path) { | |
1247 | ret = do_cgroup_get(path, filename, value, len); | |
1248 | free(path); | |
1249 | } | |
9a93d992 SH |
1250 | return ret; |
1251 | } | |
1252 | ||
d4ef7c50 | 1253 | int lxc_cgroupfs_set(const char *filename, const char *value, const char *name, const char *lxcpath) |
9a93d992 | 1254 | { |
33ad9f1a CS |
1255 | char *subsystem = NULL, *p, *path; |
1256 | int ret = -1; | |
9a93d992 | 1257 | |
33ad9f1a CS |
1258 | subsystem = alloca(strlen(filename) + 1); |
1259 | strcpy(subsystem, filename); | |
1260 | if ((p = index(subsystem, '.')) != NULL) | |
1261 | *p = '\0'; | |
9a93d992 | 1262 | |
33ad9f1a CS |
1263 | path = lxc_cgroup_get_hierarchy_abs_path(subsystem, name, lxcpath); |
1264 | if (path) { | |
1265 | ret = do_cgroup_set(path, filename, value); | |
1266 | free(path); | |
1267 | } | |
b98f7d6e | 1268 | return ret; |
9a93d992 SH |
1269 | } |
1270 | ||
d4ef7c50 | 1271 | int lxc_cgroupfs_get(const char *filename, char *value, size_t len, const char *name, const char *lxcpath) |
9a93d992 | 1272 | { |
33ad9f1a CS |
1273 | char *subsystem = NULL, *p, *path; |
1274 | int ret = -1; | |
1275 | ||
1276 | subsystem = alloca(strlen(filename) + 1); | |
1277 | strcpy(subsystem, filename); | |
1278 | if ((p = index(subsystem, '.')) != NULL) | |
1279 | *p = '\0'; | |
1280 | ||
1281 | path = lxc_cgroup_get_hierarchy_abs_path(subsystem, name, lxcpath); | |
1282 | if (path) { | |
1283 | ret = do_cgroup_get(path, filename, value, len); | |
1284 | free(path); | |
9a93d992 | 1285 | } |
33ad9f1a | 1286 | return ret; |
9a93d992 SH |
1287 | } |
1288 | ||
33ad9f1a CS |
1289 | /* |
1290 | * lxc_cgroup_path_get: Get the absolute pathname for a cgroup | |
1291 | * file for a running container. | |
1292 | * | |
1293 | * @filename : the file of interest (e.g. "freezer.state") or | |
1294 | * the subsystem name (e.g. "freezer") in which case | |
1295 | * the directory where the cgroup may be modified | |
1296 | * will be returned | |
1297 | * @name : name of container to connect to | |
1298 | * @lxcpath : the lxcpath in which the container is running | |
8900b9eb | 1299 | * |
33ad9f1a CS |
1300 | * This is the exported function, which determines cgpath from the |
1301 | * lxc-start of the @name container running in @lxcpath. | |
1302 | * | |
1303 | * Returns path on success, NULL on error. The caller must free() | |
1304 | * the returned path. | |
1305 | */ | |
1306 | char *lxc_cgroup_path_get(const char *filename, const char *name, | |
1307 | const char *lxcpath) | |
9a93d992 | 1308 | { |
33ad9f1a | 1309 | char *subsystem = NULL, *longer_file = NULL, *p, *group, *path; |
9a93d992 | 1310 | |
33ad9f1a CS |
1311 | subsystem = alloca(strlen(filename) + 1); |
1312 | strcpy(subsystem, filename); | |
1313 | if ((p = index(subsystem, '.')) != NULL) { | |
1314 | *p = '\0'; | |
1315 | longer_file = alloca(strlen(filename) + 2); | |
1316 | longer_file[0] = '/'; | |
1317 | strcpy(longer_file + 1, filename); | |
b98f7d6e SH |
1318 | } |
1319 | ||
33ad9f1a CS |
1320 | group = lxc_cgroup_get_hierarchy_path(subsystem, name, lxcpath); |
1321 | if (!group) | |
1322 | return NULL; | |
b98f7d6e | 1323 | |
86b3688b | 1324 | path = lxc_cgroup_find_abs_path(subsystem, group, true, p ? longer_file : NULL); |
33ad9f1a CS |
1325 | free(group); |
1326 | return path; | |
9a93d992 SH |
1327 | } |
1328 | ||
c476bdce SH |
1329 | static bool cgroupfs_mount_cgroup(const char *root, |
1330 | struct lxc_cgroup_info *cgroup_info, int type) | |
aae1f3c4 CS |
1331 | { |
1332 | size_t bufsz = strlen(root) + sizeof("/sys/fs/cgroup"); | |
1333 | char *path = NULL; | |
1334 | char **parts = NULL; | |
1335 | char *dirname = NULL; | |
1336 | char *abs_path = NULL; | |
1337 | char *abs_path2 = NULL; | |
d4ef7c50 SH |
1338 | struct cgfs_data *cgfs_d; |
1339 | struct cgroup_process_info *info, *base_info; | |
aae1f3c4 CS |
1340 | int r, saved_errno = 0; |
1341 | ||
d4ef7c50 SH |
1342 | init_cg_ops(); |
1343 | ||
d4ef7c50 SH |
1344 | cgfs_d = cgroup_info->data; |
1345 | base_info = cgfs_d->info; | |
1346 | ||
7997d7da CS |
1347 | if (type < LXC_AUTO_CGROUP_RO || type > LXC_AUTO_CGROUP_FULL_MIXED) { |
1348 | ERROR("could not mount cgroups into container: invalid type specified internally"); | |
1349 | errno = EINVAL; | |
c476bdce | 1350 | return false; |
7997d7da CS |
1351 | } |
1352 | ||
aae1f3c4 CS |
1353 | path = calloc(1, bufsz); |
1354 | if (!path) | |
c476bdce | 1355 | return false; |
aae1f3c4 CS |
1356 | snprintf(path, bufsz, "%s/sys/fs/cgroup", root); |
1357 | r = mount("cgroup_root", path, "tmpfs", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_RELATIME, "size=10240k,mode=755"); | |
1358 | if (r < 0) { | |
1359 | SYSERROR("could not mount tmpfs to /sys/fs/cgroup in the container"); | |
c476bdce | 1360 | return false; |
aae1f3c4 CS |
1361 | } |
1362 | ||
1363 | /* now mount all the hierarchies we care about */ | |
1364 | for (info = base_info; info; info = info->next) { | |
1365 | size_t subsystem_count, i; | |
1366 | struct cgroup_mount_point *mp = info->designated_mount_point; | |
1367 | if (!mp) | |
1368 | mp = lxc_cgroup_find_mount_point(info->hierarchy, info->cgroup_path, true); | |
1369 | if (!mp) { | |
1370 | SYSERROR("could not find original mount point for cgroup hierarchy while trying to mount cgroup filesystem"); | |
1371 | goto out_error; | |
1372 | } | |
1373 | ||
1374 | subsystem_count = lxc_array_len((void **)info->hierarchy->subsystems); | |
1375 | parts = calloc(subsystem_count + 1, sizeof(char *)); | |
1376 | if (!parts) | |
1377 | goto out_error; | |
1378 | ||
1379 | for (i = 0; i < subsystem_count; i++) { | |
1380 | if (!strncmp(info->hierarchy->subsystems[i], "name=", 5)) | |
1381 | parts[i] = info->hierarchy->subsystems[i] + 5; | |
1382 | else | |
1383 | parts[i] = info->hierarchy->subsystems[i]; | |
1384 | } | |
1385 | dirname = lxc_string_join(",", (const char **)parts, false); | |
1386 | if (!dirname) | |
1387 | goto out_error; | |
1388 | ||
1389 | /* create subsystem directory */ | |
1390 | abs_path = lxc_append_paths(path, dirname); | |
1391 | if (!abs_path) | |
1392 | goto out_error; | |
1393 | r = mkdir_p(abs_path, 0755); | |
1394 | if (r < 0 && errno != EEXIST) { | |
1395 | SYSERROR("could not create cgroup subsystem directory /sys/fs/cgroup/%s", dirname); | |
1396 | goto out_error; | |
1397 | } | |
1398 | ||
aae1f3c4 CS |
1399 | abs_path2 = lxc_append_paths(abs_path, info->cgroup_path); |
1400 | if (!abs_path2) | |
1401 | goto out_error; | |
aae1f3c4 | 1402 | |
7997d7da CS |
1403 | if (type == LXC_AUTO_CGROUP_FULL_RO || type == LXC_AUTO_CGROUP_FULL_RW || type == LXC_AUTO_CGROUP_FULL_MIXED) { |
1404 | /* bind-mount the cgroup entire filesystem there */ | |
1405 | if (strcmp(mp->mount_prefix, "/") != 0) { | |
1406 | /* FIXME: maybe we should just try to remount the entire hierarchy | |
1407 | * with a regular mount command? may that works? */ | |
1408 | ERROR("could not automatically mount cgroup-full to /sys/fs/cgroup/%s: host has no mount point for this cgroup filesystem that has access to the root cgroup", dirname); | |
1409 | goto out_error; | |
1410 | } | |
1411 | r = mount(mp->mount_point, abs_path, "none", MS_BIND, 0); | |
1412 | if (r < 0) { | |
1413 | SYSERROR("error bind-mounting %s to %s", mp->mount_point, abs_path); | |
1414 | goto out_error; | |
1415 | } | |
1416 | /* main cgroup path should be read-only */ | |
1417 | if (type == LXC_AUTO_CGROUP_FULL_RO || type == LXC_AUTO_CGROUP_FULL_MIXED) { | |
1418 | r = mount(NULL, abs_path, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL); | |
1419 | if (r < 0) { | |
1420 | SYSERROR("error re-mounting %s readonly", abs_path); | |
1421 | goto out_error; | |
1422 | } | |
1423 | } | |
1424 | /* own cgroup should be read-write */ | |
1425 | if (type == LXC_AUTO_CGROUP_FULL_MIXED) { | |
1426 | r = mount(abs_path2, abs_path2, NULL, MS_BIND, NULL); | |
1427 | if (r < 0) { | |
1428 | SYSERROR("error bind-mounting %s onto itself", abs_path2); | |
1429 | goto out_error; | |
1430 | } | |
1431 | r = mount(NULL, abs_path2, NULL, MS_REMOUNT|MS_BIND, NULL); | |
1432 | if (r < 0) { | |
1433 | SYSERROR("error re-mounting %s readwrite", abs_path2); | |
1434 | goto out_error; | |
1435 | } | |
1436 | } | |
1437 | } else { | |
1438 | /* create path for container's cgroup */ | |
1439 | r = mkdir_p(abs_path2, 0755); | |
1440 | if (r < 0 && errno != EEXIST) { | |
1441 | SYSERROR("could not create cgroup directory /sys/fs/cgroup/%s%s", dirname, info->cgroup_path); | |
1442 | goto out_error; | |
1443 | } | |
aae1f3c4 | 1444 | |
7997d7da CS |
1445 | free(abs_path); |
1446 | abs_path = NULL; | |
1447 | ||
1448 | /* bind-mount container's cgroup to that directory */ | |
1449 | abs_path = cgroup_to_absolute_path(mp, info->cgroup_path, NULL); | |
1450 | if (!abs_path) | |
1451 | goto out_error; | |
1452 | r = mount(abs_path, abs_path2, "none", MS_BIND, 0); | |
1453 | if (r < 0) { | |
1454 | SYSERROR("error bind-mounting %s to %s", abs_path, abs_path2); | |
1455 | goto out_error; | |
1456 | } | |
1457 | if (type == LXC_AUTO_CGROUP_RO) { | |
1458 | r = mount(NULL, abs_path2, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL); | |
1459 | if (r < 0) { | |
1460 | SYSERROR("error re-mounting %s readonly", abs_path2); | |
1461 | goto out_error; | |
1462 | } | |
1463 | } | |
aae1f3c4 CS |
1464 | } |
1465 | ||
1466 | free(abs_path); | |
1467 | free(abs_path2); | |
1468 | abs_path = NULL; | |
1469 | abs_path2 = NULL; | |
1470 | ||
1471 | /* add symlinks for every single subsystem */ | |
1472 | if (subsystem_count > 1) { | |
1473 | for (i = 0; i < subsystem_count; i++) { | |
1474 | abs_path = lxc_append_paths(path, parts[i]); | |
1475 | if (!abs_path) | |
1476 | goto out_error; | |
1477 | r = symlink(dirname, abs_path); | |
1478 | if (r < 0) | |
1479 | WARN("could not create symlink %s -> %s in /sys/fs/cgroup of container", parts[i], dirname); | |
1480 | free(abs_path); | |
1481 | abs_path = NULL; | |
1482 | } | |
1483 | } | |
1484 | free(dirname); | |
1485 | free(parts); | |
1486 | dirname = NULL; | |
1487 | parts = NULL; | |
1488 | } | |
1489 | ||
1490 | /* try to remount the tmpfs readonly, since the container shouldn't | |
1491 | * change anything (this will also make sure that trying to create | |
1492 | * new cgroups outside the allowed area fails with an error instead | |
1493 | * of simply causing this to create directories in the tmpfs itself) | |
1494 | */ | |
7997d7da CS |
1495 | if (type != LXC_AUTO_CGROUP_RW && type != LXC_AUTO_CGROUP_FULL_RW) |
1496 | mount(NULL, path, NULL, MS_REMOUNT|MS_RDONLY, NULL); | |
aae1f3c4 CS |
1497 | |
1498 | free(path); | |
1499 | ||
c476bdce | 1500 | return true; |
aae1f3c4 CS |
1501 | |
1502 | out_error: | |
1503 | saved_errno = errno; | |
1504 | free(path); | |
1505 | free(dirname); | |
1506 | free(parts); | |
1507 | free(abs_path); | |
1508 | free(abs_path2); | |
1509 | errno = saved_errno; | |
c476bdce | 1510 | return false; |
aae1f3c4 CS |
1511 | } |
1512 | ||
33ad9f1a CS |
1513 | int lxc_cgroup_nrtasks_handler(struct lxc_handler *handler) |
1514 | { | |
d4ef7c50 SH |
1515 | struct cgfs_data *d = handler->cgroup_info->data; |
1516 | struct cgroup_process_info *info = d->info; | |
33ad9f1a CS |
1517 | struct cgroup_mount_point *mp = NULL; |
1518 | char *abs_path = NULL; | |
1519 | int ret; | |
460a1cf0 | 1520 | |
33ad9f1a CS |
1521 | if (!info) { |
1522 | errno = ENOENT; | |
1523 | return -1; | |
b98f7d6e | 1524 | } |
c8f7c563 | 1525 | |
33ad9f1a | 1526 | if (info->designated_mount_point) { |
8900b9eb | 1527 | mp = info->designated_mount_point; |
33ad9f1a CS |
1528 | } else { |
1529 | mp = lxc_cgroup_find_mount_point(info->hierarchy, info->cgroup_path, false); | |
1530 | if (!mp) | |
1531 | return -1; | |
c8f7c563 CS |
1532 | } |
1533 | ||
33ad9f1a CS |
1534 | abs_path = cgroup_to_absolute_path(mp, info->cgroup_path, NULL); |
1535 | if (!abs_path) | |
1536 | return -1; | |
1537 | ||
1538 | ret = cgroup_recursive_task_count(abs_path); | |
1539 | free(abs_path); | |
1540 | return ret; | |
c8f7c563 CS |
1541 | } |
1542 | ||
574c4428 QH |
1543 | static struct cgroup_process_info * |
1544 | lxc_cgroup_process_info_getx(const char *proc_pid_cgroup_str, | |
1545 | struct cgroup_meta_data *meta) | |
d08ba6ec | 1546 | { |
33ad9f1a CS |
1547 | struct cgroup_process_info *result = NULL; |
1548 | FILE *proc_pid_cgroup = NULL; | |
1549 | char *line = NULL; | |
1550 | size_t sz = 0; | |
1551 | int saved_errno = 0; | |
1552 | struct cgroup_process_info **cptr = &result; | |
1553 | struct cgroup_process_info *entry = NULL; | |
1554 | ||
1555 | proc_pid_cgroup = fopen_cloexec(proc_pid_cgroup_str, "r"); | |
1556 | if (!proc_pid_cgroup) | |
b98f7d6e | 1557 | return NULL; |
1ac470c0 | 1558 | |
33ad9f1a CS |
1559 | while (getline(&line, &sz, proc_pid_cgroup) != -1) { |
1560 | /* file format: hierarchy:subsystems:group */ | |
1561 | char *colon1; | |
1562 | char *colon2; | |
1563 | char *endptr; | |
1564 | int hierarchy_number; | |
1565 | struct cgroup_hierarchy *h = NULL; | |
fd4f5a56 | 1566 | |
33ad9f1a | 1567 | if (!line[0]) |
ae5c8b8e | 1568 | continue; |
b98f7d6e | 1569 | |
33ad9f1a CS |
1570 | if (line[strlen(line) - 1] == '\n') |
1571 | line[strlen(line) - 1] = '\0'; | |
1572 | ||
1573 | colon1 = strchr(line, ':'); | |
1574 | if (!colon1) | |
8900b9eb | 1575 | continue; |
33ad9f1a CS |
1576 | *colon1++ = '\0'; |
1577 | colon2 = strchr(colon1, ':'); | |
1578 | if (!colon2) | |
ae5c8b8e | 1579 | continue; |
33ad9f1a | 1580 | *colon2++ = '\0'; |
e4659536 | 1581 | |
33ad9f1a CS |
1582 | endptr = NULL; |
1583 | hierarchy_number = strtoul(line, &endptr, 10); | |
1584 | if (!endptr || *endptr) | |
9a93d992 | 1585 | continue; |
9a93d992 | 1586 | |
33ad9f1a CS |
1587 | if (hierarchy_number > meta->maximum_hierarchy) { |
1588 | /* we encountered a hierarchy we didn't have before, | |
1589 | * so probably somebody remounted some stuff in the | |
1590 | * mean time... | |
1591 | */ | |
1592 | errno = EAGAIN; | |
1593 | goto out_error; | |
b98f7d6e | 1594 | } |
33ad9f1a CS |
1595 | |
1596 | h = meta->hierarchies[hierarchy_number]; | |
1597 | if (!h) { | |
1598 | /* we encountered a hierarchy that was thought to be | |
1599 | * dead before, so probably somebody remounted some | |
1600 | * stuff in the mean time... | |
1601 | */ | |
1602 | errno = EAGAIN; | |
1603 | goto out_error; | |
b98f7d6e | 1604 | } |
33ad9f1a CS |
1605 | |
1606 | /* we are told that we should ignore this hierarchy */ | |
1607 | if (!h->used) | |
b98f7d6e | 1608 | continue; |
5193cc3d | 1609 | |
33ad9f1a CS |
1610 | entry = calloc(1, sizeof(struct cgroup_process_info)); |
1611 | if (!entry) | |
1612 | goto out_error; | |
fd4f5a56 | 1613 | |
33ad9f1a CS |
1614 | entry->meta_ref = lxc_cgroup_get_meta(meta); |
1615 | entry->hierarchy = h; | |
1616 | entry->cgroup_path = strdup(colon2); | |
1617 | if (!entry->cgroup_path) | |
1618 | goto out_error; | |
d08ba6ec | 1619 | |
33ad9f1a CS |
1620 | *cptr = entry; |
1621 | cptr = &entry->next; | |
1622 | entry = NULL; | |
b98f7d6e | 1623 | } |
b98f7d6e | 1624 | |
33ad9f1a CS |
1625 | fclose(proc_pid_cgroup); |
1626 | free(line); | |
1627 | return result; | |
1628 | ||
1629 | out_error: | |
1630 | saved_errno = errno; | |
1631 | if (proc_pid_cgroup) | |
1632 | fclose(proc_pid_cgroup); | |
1633 | lxc_cgroup_process_info_free(result); | |
1634 | lxc_cgroup_process_info_free(entry); | |
1635 | free(line); | |
1636 | errno = saved_errno; | |
ae5c8b8e | 1637 | return NULL; |
36b86299 DL |
1638 | } |
1639 | ||
574c4428 QH |
1640 | static char **subsystems_from_mount_options(const char *mount_options, |
1641 | char **kernel_list) | |
36b86299 | 1642 | { |
33ad9f1a CS |
1643 | char *token, *str, *saveptr = NULL; |
1644 | char **result = NULL; | |
1645 | size_t result_capacity = 0; | |
8900b9eb | 1646 | size_t result_count = 0; |
33ad9f1a CS |
1647 | int saved_errno; |
1648 | int r; | |
ef342abb | 1649 | |
33ad9f1a CS |
1650 | str = alloca(strlen(mount_options)+1); |
1651 | strcpy(str, mount_options); | |
1652 | for (; (token = strtok_r(str, ",", &saveptr)); str = NULL) { | |
1653 | /* we have a subsystem if it's either in the list of | |
1654 | * subsystems provided by the kernel OR if it starts | |
1655 | * with name= for named hierarchies | |
1656 | */ | |
1657 | if (!strncmp(token, "name=", 5) || lxc_string_in_array(token, (const char **)kernel_list)) { | |
1658 | r = lxc_grow_array((void ***)&result, &result_capacity, result_count + 1, 12); | |
1659 | if (r < 0) | |
1660 | goto out_free; | |
1661 | result[result_count + 1] = NULL; | |
1662 | result[result_count] = strdup(token); | |
1663 | if (!result[result_count]) | |
1664 | goto out_free; | |
1665 | result_count++; | |
1666 | } | |
ae5c8b8e | 1667 | } |
f0e64b8b | 1668 | |
33ad9f1a CS |
1669 | return result; |
1670 | ||
1671 | out_free: | |
1672 | saved_errno = errno; | |
1673 | lxc_free_array((void**)result, free); | |
1674 | errno = saved_errno; | |
1675 | return NULL; | |
b98f7d6e SH |
1676 | } |
1677 | ||
574c4428 | 1678 | static void lxc_cgroup_mount_point_free(struct cgroup_mount_point *mp) |
b98f7d6e | 1679 | { |
33ad9f1a CS |
1680 | if (!mp) |
1681 | return; | |
1682 | free(mp->mount_point); | |
1683 | free(mp->mount_prefix); | |
1684 | free(mp); | |
bcbd102c SH |
1685 | } |
1686 | ||
574c4428 | 1687 | static void lxc_cgroup_hierarchy_free(struct cgroup_hierarchy *h) |
341a9bd8 | 1688 | { |
33ad9f1a CS |
1689 | if (!h) |
1690 | return; | |
1691 | lxc_free_array((void **)h->subsystems, free); | |
8bfcb981 | 1692 | free(h->all_mount_points); |
33ad9f1a CS |
1693 | free(h); |
1694 | } | |
341a9bd8 | 1695 | |
574c4428 | 1696 | static bool is_valid_cgroup(const char *name) |
33ad9f1a CS |
1697 | { |
1698 | const char *p; | |
1699 | for (p = name; *p; p++) { | |
28bb9321 QH |
1700 | /* Use the ASCII printable characters range(32 - 127) |
1701 | * is reasonable, we kick out 32(SPACE) because it'll | |
1702 | * break legacy lxc-ls | |
1703 | */ | |
1704 | if (*p <= 32 || *p >= 127 || *p == '/') | |
33ad9f1a | 1705 | return false; |
341a9bd8 | 1706 | } |
33ad9f1a CS |
1707 | return strcmp(name, ".") != 0 && strcmp(name, "..") != 0; |
1708 | } | |
341a9bd8 | 1709 | |
574c4428 QH |
1710 | static int create_or_remove_cgroup(bool do_remove, |
1711 | struct cgroup_mount_point *mp, const char *path, int recurse) | |
33ad9f1a CS |
1712 | { |
1713 | int r, saved_errno = 0; | |
1714 | char *buf = cgroup_to_absolute_path(mp, path, NULL); | |
1715 | if (!buf) | |
1716 | return -1; | |
341a9bd8 | 1717 | |
33ad9f1a | 1718 | /* create or remove directory */ |
603c64c2 SH |
1719 | if (do_remove) { |
1720 | if (recurse) | |
1721 | r = cgroup_rmdir(buf); | |
1722 | else | |
1723 | r = rmdir(buf); | |
1724 | } else | |
1725 | r = mkdir(buf, 0777); | |
33ad9f1a CS |
1726 | saved_errno = errno; |
1727 | free(buf); | |
1728 | errno = saved_errno; | |
1729 | return r; | |
341a9bd8 | 1730 | } |
bcbd102c | 1731 | |
574c4428 | 1732 | static int create_cgroup(struct cgroup_mount_point *mp, const char *path) |
a6ddef61 | 1733 | { |
603c64c2 | 1734 | return create_or_remove_cgroup(false, mp, path, false); |
a6ddef61 MN |
1735 | } |
1736 | ||
574c4428 QH |
1737 | static int remove_cgroup(struct cgroup_mount_point *mp, |
1738 | const char *path, bool recurse) | |
576f946d | 1739 | { |
603c64c2 | 1740 | return create_or_remove_cgroup(true, mp, path, recurse); |
33ad9f1a | 1741 | } |
576f946d | 1742 | |
574c4428 QH |
1743 | static char *cgroup_to_absolute_path(struct cgroup_mount_point *mp, |
1744 | const char *path, const char *suffix) | |
33ad9f1a CS |
1745 | { |
1746 | /* first we have to make sure we subtract the mount point's prefix */ | |
1747 | char *prefix = mp->mount_prefix; | |
1748 | char *buf; | |
1749 | ssize_t len, rv; | |
1750 | ||
1751 | /* we want to make sure only absolute paths to cgroups are passed to us */ | |
1752 | if (path[0] != '/') { | |
1753 | errno = EINVAL; | |
1754 | return NULL; | |
1755 | } | |
b98f7d6e | 1756 | |
33ad9f1a CS |
1757 | if (prefix && !strcmp(prefix, "/")) |
1758 | prefix = NULL; | |
b98f7d6e | 1759 | |
33ad9f1a CS |
1760 | /* prefix doesn't match */ |
1761 | if (prefix && strncmp(prefix, path, strlen(prefix)) != 0) { | |
1762 | errno = EINVAL; | |
1763 | return NULL; | |
1764 | } | |
1765 | /* if prefix is /foo and path is /foobar */ | |
1766 | if (prefix && path[strlen(prefix)] != '/' && path[strlen(prefix)] != '\0') { | |
1767 | errno = EINVAL; | |
1768 | return NULL; | |
1769 | } | |
b98f7d6e | 1770 | |
33ad9f1a CS |
1771 | /* remove prefix from path */ |
1772 | path += prefix ? strlen(prefix) : 0; | |
b98f7d6e | 1773 | |
33ad9f1a CS |
1774 | len = strlen(mp->mount_point) + strlen(path) + (suffix ? strlen(suffix) : 0); |
1775 | buf = calloc(len + 1, 1); | |
50266dc6 DE |
1776 | if (!buf) |
1777 | return NULL; | |
33ad9f1a | 1778 | rv = snprintf(buf, len + 1, "%s%s%s", mp->mount_point, path, suffix ? suffix : ""); |
8900b9eb | 1779 | if (rv > len) { |
33ad9f1a CS |
1780 | free(buf); |
1781 | errno = ENOMEM; | |
8900b9eb | 1782 | return NULL; |
8b92dc3a | 1783 | } |
576f946d | 1784 | |
33ad9f1a | 1785 | return buf; |
e0f888d9 | 1786 | } |
283678ed | 1787 | |
574c4428 QH |
1788 | static struct cgroup_process_info * |
1789 | find_info_for_subsystem(struct cgroup_process_info *info, const char *subsystem) | |
283678ed | 1790 | { |
33ad9f1a CS |
1791 | struct cgroup_process_info *info_ptr; |
1792 | for (info_ptr = info; info_ptr; info_ptr = info_ptr->next) { | |
1793 | struct cgroup_hierarchy *h = info_ptr->hierarchy; | |
1794 | if (lxc_string_in_array(subsystem, (const char **)h->subsystems)) | |
1795 | return info_ptr; | |
b98f7d6e | 1796 | } |
33ad9f1a CS |
1797 | errno = ENOENT; |
1798 | return NULL; | |
1799 | } | |
283678ed | 1800 | |
574c4428 QH |
1801 | static int do_cgroup_get(const char *cgroup_path, const char *sub_filename, |
1802 | char *value, size_t len) | |
33ad9f1a CS |
1803 | { |
1804 | const char *parts[3] = { | |
1805 | cgroup_path, | |
1806 | sub_filename, | |
1807 | NULL | |
1808 | }; | |
1809 | char *filename; | |
1810 | int ret, saved_errno; | |
1811 | ||
1812 | filename = lxc_string_join("/", parts, false); | |
1813 | if (!filename) | |
1814 | return -1; | |
1815 | ||
1816 | ret = lxc_read_from_file(filename, value, len); | |
1817 | saved_errno = errno; | |
1818 | free(filename); | |
1819 | errno = saved_errno; | |
1820 | return ret; | |
283678ed | 1821 | } |
b113383b | 1822 | |
574c4428 QH |
1823 | static int do_cgroup_set(const char *cgroup_path, const char *sub_filename, |
1824 | const char *value) | |
b113383b | 1825 | { |
33ad9f1a CS |
1826 | const char *parts[3] = { |
1827 | cgroup_path, | |
1828 | sub_filename, | |
1829 | NULL | |
1830 | }; | |
1831 | char *filename; | |
1832 | int ret, saved_errno; | |
b113383b | 1833 | |
33ad9f1a CS |
1834 | filename = lxc_string_join("/", parts, false); |
1835 | if (!filename) | |
1836 | return -1; | |
b113383b | 1837 | |
33ad9f1a CS |
1838 | ret = lxc_write_to_file(filename, value, strlen(value), false); |
1839 | saved_errno = errno; | |
1840 | free(filename); | |
1841 | errno = saved_errno; | |
1842 | return ret; | |
b98f7d6e SH |
1843 | } |
1844 | ||
9daf6f5d | 1845 | static int do_setup_cgroup_limits(struct lxc_handler *h, |
574c4428 | 1846 | struct lxc_list *cgroup_settings, bool do_devices) |
b98f7d6e SH |
1847 | { |
1848 | struct lxc_list *iterator; | |
1849 | struct lxc_cgroup *cg; | |
1850 | int ret = -1; | |
1851 | ||
33ad9f1a | 1852 | if (lxc_list_empty(cgroup_settings)) |
b98f7d6e SH |
1853 | return 0; |
1854 | ||
33ad9f1a | 1855 | lxc_list_for_each(iterator, cgroup_settings) { |
b98f7d6e SH |
1856 | cg = iterator->elem; |
1857 | ||
33ad9f1a | 1858 | if (do_devices == !strncmp("devices", cg->subsystem, 7)) { |
b98f7d6e | 1859 | if (strcmp(cg->subsystem, "devices.deny") == 0 && |
33ad9f1a | 1860 | cgroup_devices_has_allow_or_deny(h, cg->value, false)) |
b98f7d6e SH |
1861 | continue; |
1862 | if (strcmp(cg->subsystem, "devices.allow") == 0 && | |
33ad9f1a | 1863 | cgroup_devices_has_allow_or_deny(h, cg->value, true)) |
b98f7d6e | 1864 | continue; |
33ad9f1a | 1865 | if (lxc_cgroup_set_handler(cg->subsystem, cg->value, h)) { |
b98f7d6e SH |
1866 | ERROR("Error setting %s to %s for %s\n", |
1867 | cg->subsystem, cg->value, h->name); | |
1868 | goto out; | |
1869 | } | |
b113383b | 1870 | } |
b98f7d6e SH |
1871 | |
1872 | DEBUG("cgroup '%s' set to '%s'", cg->subsystem, cg->value); | |
b113383b SH |
1873 | } |
1874 | ||
b98f7d6e SH |
1875 | ret = 0; |
1876 | INFO("cgroup has been setup"); | |
1877 | out: | |
b113383b SH |
1878 | return ret; |
1879 | } | |
b98f7d6e | 1880 | |
574c4428 QH |
1881 | static bool cgroup_devices_has_allow_or_deny(struct lxc_handler *h, |
1882 | char *v, bool for_allow) | |
33ad9f1a CS |
1883 | { |
1884 | char *path; | |
1885 | FILE *devices_list; | |
8900b9eb | 1886 | char *line = NULL; |
33ad9f1a CS |
1887 | size_t sz = 0; |
1888 | bool ret = !for_allow; | |
1889 | const char *parts[3] = { | |
1890 | NULL, | |
1891 | "devices.list", | |
1892 | NULL | |
1893 | }; | |
1894 | ||
1895 | // XXX FIXME if users could use something other than 'lxc.devices.deny = a'. | |
1896 | // not sure they ever do, but they *could* | |
1897 | // right now, I'm assuming they do NOT | |
1898 | if (!for_allow && strcmp(v, "a") != 0 && strcmp(v, "a *:* rwm") != 0) | |
1899 | return false; | |
1900 | ||
1901 | parts[0] = (const char *)lxc_cgroup_get_hierarchy_abs_path_handler("devices", h); | |
1902 | if (!parts[0]) | |
1903 | return false; | |
1904 | path = lxc_string_join("/", parts, false); | |
1905 | if (!path) { | |
1906 | free((void *)parts[0]); | |
1907 | return false; | |
1908 | } | |
1909 | ||
1910 | devices_list = fopen_cloexec(path, "r"); | |
1911 | if (!devices_list) { | |
1912 | free(path); | |
1913 | return false; | |
1914 | } | |
1915 | ||
1916 | while (getline(&line, &sz, devices_list) != -1) { | |
1917 | size_t len = strlen(line); | |
1918 | if (len > 0 && line[len-1] == '\n') | |
1919 | line[len-1] = '\0'; | |
1920 | if (strcmp(line, "a *:* rwm") == 0) { | |
1921 | ret = for_allow; | |
1922 | goto out; | |
1923 | } else if (for_allow && strcmp(line, v) == 0) { | |
1924 | ret = true; | |
8900b9eb | 1925 | goto out; |
33ad9f1a CS |
1926 | } |
1927 | } | |
1928 | ||
1929 | out: | |
1930 | fclose(devices_list); | |
1931 | free(line); | |
1932 | free(path); | |
1933 | return ret; | |
1934 | } | |
1935 | ||
574c4428 | 1936 | static int cgroup_recursive_task_count(const char *cgroup_path) |
b98f7d6e | 1937 | { |
33ad9f1a CS |
1938 | DIR *d; |
1939 | struct dirent *dent_buf; | |
1940 | struct dirent *dent; | |
8900b9eb | 1941 | ssize_t name_max; |
33ad9f1a CS |
1942 | int n = 0, r; |
1943 | ||
1944 | /* see man readdir_r(3) */ | |
1945 | name_max = pathconf(cgroup_path, _PC_NAME_MAX); | |
1946 | if (name_max <= 0) | |
1947 | name_max = 255; | |
1948 | dent_buf = malloc(offsetof(struct dirent, d_name) + name_max + 1); | |
1949 | if (!dent_buf) | |
1950 | return -1; | |
1951 | ||
1952 | d = opendir(cgroup_path); | |
034ef75d SH |
1953 | if (!d) { |
1954 | free(dent_buf); | |
33ad9f1a | 1955 | return 0; |
034ef75d | 1956 | } |
33ad9f1a CS |
1957 | |
1958 | while (readdir_r(d, dent_buf, &dent) == 0 && dent) { | |
1959 | const char *parts[3] = { | |
1960 | cgroup_path, | |
1961 | dent->d_name, | |
1962 | NULL | |
1963 | }; | |
1964 | char *sub_path; | |
1965 | struct stat st; | |
1966 | ||
1967 | if (!strcmp(dent->d_name, ".") || !strcmp(dent->d_name, "..")) | |
1968 | continue; | |
1969 | sub_path = lxc_string_join("/", parts, false); | |
1970 | if (!sub_path) { | |
1971 | closedir(d); | |
1972 | free(dent_buf); | |
1973 | return -1; | |
1974 | } | |
1975 | r = stat(sub_path, &st); | |
1976 | if (r < 0) { | |
1977 | closedir(d); | |
1978 | free(dent_buf); | |
1979 | free(sub_path); | |
1980 | return -1; | |
1981 | } | |
1982 | if (S_ISDIR(st.st_mode)) { | |
1983 | r = cgroup_recursive_task_count(sub_path); | |
1984 | if (r >= 0) | |
1985 | n += r; | |
1986 | } else if (!strcmp(dent->d_name, "tasks")) { | |
1987 | r = count_lines(sub_path); | |
1988 | if (r >= 0) | |
1989 | n += r; | |
1990 | } | |
1991 | free(sub_path); | |
1992 | } | |
1993 | closedir(d); | |
1994 | free(dent_buf); | |
1995 | ||
1996 | return n; | |
1997 | } | |
1998 | ||
574c4428 | 1999 | static int count_lines(const char *fn) |
33ad9f1a CS |
2000 | { |
2001 | FILE *f; | |
2002 | char *line = NULL; | |
2003 | size_t sz = 0; | |
2004 | int n = 0; | |
2005 | ||
2006 | f = fopen_cloexec(fn, "r"); | |
2007 | if (!f) | |
2008 | return -1; | |
2009 | ||
2010 | while (getline(&line, &sz, f) != -1) { | |
2011 | n++; | |
2012 | } | |
2013 | free(line); | |
2014 | fclose(f); | |
2015 | return n; | |
b98f7d6e SH |
2016 | } |
2017 | ||
574c4428 QH |
2018 | static int handle_cgroup_settings(struct cgroup_mount_point *mp, |
2019 | char *cgroup_path) | |
b98f7d6e | 2020 | { |
33ad9f1a | 2021 | int r, saved_errno = 0; |
7e7243e1 | 2022 | char buf[2]; |
1ea59ad2 | 2023 | |
934b1673 SH |
2024 | mp->need_cpuset_init = false; |
2025 | ||
1ea59ad2 SH |
2026 | /* If this is the memory cgroup, we want to enforce hierarchy. |
2027 | * But don't fail if for some reason we can't. | |
2028 | */ | |
2edb53c7 SH |
2029 | if (lxc_string_in_array("memory", (const char **)mp->hierarchy->subsystems)) { |
2030 | char *cc_path = cgroup_to_absolute_path(mp, cgroup_path, "/memory.use_hierarchy"); | |
2031 | if (cc_path) { | |
2032 | r = lxc_read_from_file(cc_path, buf, 1); | |
2033 | if (r < 1 || buf[0] != '1') { | |
2034 | r = lxc_write_to_file(cc_path, "1", 1, false); | |
2035 | if (r < 0) | |
2036 | SYSERROR("failed to set memory.use_hiararchy to 1; continuing"); | |
2037 | } | |
1ea59ad2 SH |
2038 | free(cc_path); |
2039 | } | |
2edb53c7 | 2040 | } |
1ea59ad2 | 2041 | |
33ad9f1a CS |
2042 | /* if this is a cpuset hierarchy, we have to set cgroup.clone_children in |
2043 | * the base cgroup, otherwise containers will start with an empty cpuset.mems | |
2044 | * and cpuset.cpus and then | |
2045 | */ | |
2edb53c7 SH |
2046 | if (lxc_string_in_array("cpuset", (const char **)mp->hierarchy->subsystems)) { |
2047 | char *cc_path = cgroup_to_absolute_path(mp, cgroup_path, "/cgroup.clone_children"); | |
d703c2b1 RV |
2048 | struct stat sb; |
2049 | ||
33ad9f1a | 2050 | if (!cc_path) |
2edb53c7 | 2051 | return -1; |
d703c2b1 RV |
2052 | /* cgroup.clone_children is not available when running under |
2053 | * older kernel versions; in this case, we'll initialize | |
2054 | * cpuset.cpus and cpuset.mems later, after the new cgroup | |
2055 | * was created | |
2056 | */ | |
2057 | if (stat(cc_path, &sb) != 0 && errno == ENOENT) { | |
934b1673 | 2058 | mp->need_cpuset_init = true; |
d703c2b1 RV |
2059 | free(cc_path); |
2060 | return 0; | |
2061 | } | |
7e7243e1 SH |
2062 | r = lxc_read_from_file(cc_path, buf, 1); |
2063 | if (r == 1 && buf[0] == '1') { | |
2064 | free(cc_path); | |
2edb53c7 | 2065 | return 0; |
7e7243e1 | 2066 | } |
33ad9f1a | 2067 | r = lxc_write_to_file(cc_path, "1", 1, false); |
2edb53c7 SH |
2068 | saved_errno = errno; |
2069 | free(cc_path); | |
2070 | errno = saved_errno; | |
2071 | return r < 0 ? -1 : 0; | |
33ad9f1a CS |
2072 | } |
2073 | return 0; | |
b98f7d6e | 2074 | } |
484ed030 | 2075 | |
934b1673 | 2076 | static int cgroup_read_from_file(const char *fn, char buf[], size_t bufsize) |
d703c2b1 RV |
2077 | { |
2078 | int ret = lxc_read_from_file(fn, buf, bufsize); | |
2079 | if (ret < 0) { | |
2080 | SYSERROR("failed to read %s", fn); | |
934b1673 | 2081 | return ret; |
d703c2b1 RV |
2082 | } |
2083 | if (ret == bufsize) { | |
934b1673 SH |
2084 | if (bufsize > 0) { |
2085 | /* obviously this wasn't empty */ | |
2086 | buf[bufsize-1] = '\0'; | |
2087 | return ret; | |
2088 | } | |
2089 | /* Callers don't do this, but regression/sanity check */ | |
2090 | ERROR("%s: was not expecting 0 bufsize", __func__); | |
2091 | return -1; | |
d703c2b1 RV |
2092 | } |
2093 | buf[ret] = '\0'; | |
934b1673 | 2094 | return ret; |
d703c2b1 RV |
2095 | } |
2096 | ||
2097 | static bool do_init_cpuset_file(struct cgroup_mount_point *mp, | |
2098 | const char *path, const char *name) | |
2099 | { | |
934b1673 SH |
2100 | char value[1024]; |
2101 | char *childfile, *parentfile = NULL, *tmp; | |
2102 | int ret; | |
2103 | bool ok = false; | |
2104 | ||
d703c2b1 RV |
2105 | childfile = cgroup_to_absolute_path(mp, path, name); |
2106 | if (!childfile) | |
2107 | return false; | |
2108 | ||
2109 | /* don't overwrite a non-empty value in the file */ | |
934b1673 SH |
2110 | ret = cgroup_read_from_file(childfile, value, sizeof(value)); |
2111 | if (ret < 0) | |
2112 | goto out; | |
d703c2b1 | 2113 | if (value[0] != '\0' && value[0] != '\n') { |
934b1673 SH |
2114 | ok = true; |
2115 | goto out; | |
d703c2b1 RV |
2116 | } |
2117 | ||
2118 | /* path to the same name in the parent cgroup */ | |
2119 | parentfile = strdup(path); | |
2120 | if (!parentfile) | |
934b1673 SH |
2121 | goto out; |
2122 | ||
d703c2b1 | 2123 | tmp = strrchr(parentfile, '/'); |
934b1673 SH |
2124 | if (!tmp) |
2125 | goto out; | |
d703c2b1 RV |
2126 | if (tmp == parentfile) |
2127 | tmp++; /* keep the '/' at the start */ | |
2128 | *tmp = '\0'; | |
2129 | tmp = parentfile; | |
2130 | parentfile = cgroup_to_absolute_path(mp, tmp, name); | |
2131 | free(tmp); | |
934b1673 SH |
2132 | if (!parentfile) |
2133 | goto out; | |
d703c2b1 RV |
2134 | |
2135 | /* copy from parent to child cgroup */ | |
934b1673 SH |
2136 | ret = cgroup_read_from_file(parentfile, value, sizeof(value)); |
2137 | if (ret < 0) | |
2138 | goto out; | |
2139 | if (ret == sizeof(value)) { | |
2140 | /* If anyone actually sees this error, we can address it */ | |
2141 | ERROR("parent cpuset value too long"); | |
2142 | goto out; | |
d703c2b1 RV |
2143 | } |
2144 | ok = (lxc_write_to_file(childfile, value, strlen(value), false) >= 0); | |
2145 | if (!ok) | |
2146 | SYSERROR("failed writing %s", childfile); | |
b1dad6f6 RV |
2147 | |
2148 | out: | |
934b1673 SH |
2149 | if (parentfile) |
2150 | free(parentfile); | |
d703c2b1 | 2151 | free(childfile); |
d703c2b1 RV |
2152 | return ok; |
2153 | } | |
2154 | ||
2155 | static bool init_cpuset_if_needed(struct cgroup_mount_point *mp, | |
2156 | const char *path) | |
2157 | { | |
2158 | /* the files we have to handle here are only in cpuset hierarchies */ | |
2159 | if (!lxc_string_in_array("cpuset", | |
2160 | (const char **)mp->hierarchy->subsystems)) | |
2161 | return true; | |
2162 | ||
b1dad6f6 RV |
2163 | if (!mp->need_cpuset_init) |
2164 | return true; | |
2165 | ||
d703c2b1 RV |
2166 | return (do_init_cpuset_file(mp, path, "/cpuset.cpus") && |
2167 | do_init_cpuset_file(mp, path, "/cpuset.mems") ); | |
2168 | } | |
2169 | ||
484ed030 SH |
2170 | extern void lxc_monitor_send_state(const char *name, lxc_state_t state, |
2171 | const char *lxcpath); | |
d4ef7c50 | 2172 | int do_unfreeze(int freeze, const char *name, const char *lxcpath) |
484ed030 | 2173 | { |
d4ef7c50 SH |
2174 | char v[100]; |
2175 | const char *state = freeze ? "FROZEN" : "THAWED"; | |
484ed030 | 2176 | |
d4ef7c50 SH |
2177 | if (lxc_cgroup_set("freezer.state", state, name, lxcpath) < 0) { |
2178 | ERROR("Failed to freeze %s:%s", lxcpath, name); | |
484ed030 SH |
2179 | return -1; |
2180 | } | |
d4ef7c50 SH |
2181 | while (1) { |
2182 | if (lxc_cgroup_get("freezer.state", v, 100, name, lxcpath) < 0) { | |
2183 | ERROR("Failed to get new freezer state for %s:%s", lxcpath, name); | |
2184 | return -1; | |
2185 | } | |
2186 | if (v[strlen(v)-1] == '\n') | |
2187 | v[strlen(v)-1] = '\0'; | |
2188 | if (strncmp(v, state, strlen(state)) == 0) { | |
2189 | if (name) | |
2190 | lxc_monitor_send_state(name, freeze ? FROZEN : THAWED, lxcpath); | |
2191 | return 0; | |
2192 | } | |
2193 | sleep(1); | |
484ed030 | 2194 | } |
d4ef7c50 | 2195 | } |
484ed030 | 2196 | |
d4ef7c50 SH |
2197 | int freeze_unfreeze(const char *name, int freeze, const char *lxcpath) |
2198 | { | |
2199 | return do_unfreeze(freeze, name, lxcpath); | |
2200 | } | |
484ed030 | 2201 | |
d4ef7c50 SH |
2202 | lxc_state_t freezer_state(const char *name, const char *lxcpath) |
2203 | { | |
2204 | char v[100]; | |
e8d07ef2 | 2205 | if (lxc_cgroup_get("freezer.state", v, 100, name, lxcpath) < 0) |
d4ef7c50 | 2206 | return -1; |
484ed030 | 2207 | |
d4ef7c50 SH |
2208 | if (v[strlen(v)-1] == '\n') |
2209 | v[strlen(v)-1] = '\0'; | |
2210 | return lxc_str2state(v); | |
2211 | } | |
484ed030 | 2212 | |
d4ef7c50 SH |
2213 | static void cgfs_destroy(struct lxc_handler *handler) |
2214 | { | |
2215 | struct cgfs_data *d = handler->cgroup_info->data; | |
2216 | if (!d) | |
2217 | return; | |
2218 | if (d->info) | |
2219 | lxc_cgroup_process_info_free_and_remove(d->info); | |
2220 | if (d->meta) | |
2221 | lxc_cgroup_put_meta(d->meta); | |
2222 | free(d); | |
2223 | handler->cgroup_info->data = NULL; | |
2224 | } | |
484ed030 | 2225 | |
d4ef7c50 SH |
2226 | static inline bool cgfs_init(struct lxc_handler *handler) |
2227 | { | |
2228 | struct cgfs_data *d = malloc(sizeof(*d)); | |
2229 | if (!d) | |
2230 | return false; | |
2231 | d->info = NULL; | |
2232 | d->meta = lxc_cgroup_load_meta(); | |
484ed030 | 2233 | |
d4ef7c50 SH |
2234 | if (!d->meta) { |
2235 | ERROR("cgroupfs failed to detect cgroup metadata"); | |
378a5729 | 2236 | free(d); |
d4ef7c50 SH |
2237 | return false; |
2238 | } | |
2239 | handler->cgroup_info->data = d; | |
2240 | return true; | |
2241 | } | |
484ed030 | 2242 | |
d4ef7c50 SH |
2243 | static inline bool cgfs_create(struct lxc_handler *handler) |
2244 | { | |
2245 | struct cgfs_data *d = handler->cgroup_info->data; | |
2246 | struct cgroup_process_info *i; | |
2247 | struct cgroup_meta_data *md = d->meta; | |
2248 | i = lxc_cgroupfs_create(handler->name, handler->cgroup_info->cgroup_pattern, md, NULL); | |
2249 | if (!i) | |
2250 | return false; | |
2251 | d->info = i; | |
2252 | return true; | |
2253 | } | |
484ed030 | 2254 | |
d4ef7c50 SH |
2255 | static inline bool cgfs_enter(struct lxc_handler *handler) |
2256 | { | |
2257 | struct cgfs_data *d = handler->cgroup_info->data; | |
2258 | struct cgroup_process_info *i = d->info; | |
2259 | int ret; | |
2260 | ||
2261 | ret = lxc_cgroupfs_enter(i, handler->pid, false); | |
484ed030 | 2262 | |
d4ef7c50 SH |
2263 | return ret == 0; |
2264 | } | |
2265 | ||
2266 | static inline bool cgfs_create_legacy(struct lxc_handler *handler) | |
2267 | { | |
2268 | struct cgfs_data *d = handler->cgroup_info->data; | |
2269 | struct cgroup_process_info *i = d->info; | |
2270 | if (lxc_cgroup_create_legacy(i, handler->name, handler->pid) < 0) { | |
2271 | ERROR("failed to create legacy ns cgroups for '%s'", handler->name); | |
2272 | return false; | |
484ed030 | 2273 | } |
d4ef7c50 SH |
2274 | return true; |
2275 | } | |
484ed030 | 2276 | |
d4ef7c50 SH |
2277 | static char *cgfs_get_cgroup(struct lxc_handler *handler, const char *subsystem) |
2278 | { | |
2279 | return lxc_cgroup_get_hierarchy_path_handler(subsystem, handler); | |
484ed030 SH |
2280 | } |
2281 | ||
0086f499 SH |
2282 | static int cgfs_unfreeze_fromhandler(struct lxc_handler *handler) |
2283 | { | |
2284 | char *cgabspath, *cgrelpath; | |
2285 | int ret; | |
2286 | ||
2287 | cgrelpath = lxc_cgroup_get_hierarchy_path_handler("freezer", handler); | |
2288 | cgabspath = lxc_cgroup_find_abs_path("freezer", cgrelpath, true, NULL); | |
2289 | if (!cgabspath) | |
2290 | return -1; | |
2291 | ||
2292 | ret = do_cgroup_set(cgabspath, "freezer.state", "THAWED"); | |
2293 | free(cgabspath); | |
2294 | return ret; | |
2295 | } | |
2296 | ||
9daf6f5d SH |
2297 | bool cgroupfs_setup_limits(struct lxc_handler *h, bool with_devices) |
2298 | { | |
2299 | return do_setup_cgroup_limits(h, &h->conf->cgroup, with_devices) == 0; | |
2300 | } | |
2301 | ||
5d897655 SH |
2302 | bool lxc_cgroupfs_attach(const char *name, const char *lxcpath, pid_t pid) |
2303 | { | |
2304 | struct cgroup_meta_data *meta_data; | |
2305 | struct cgroup_process_info *container_info; | |
2306 | int ret; | |
2307 | ||
2308 | meta_data = lxc_cgroup_load_meta(); | |
2309 | if (!meta_data) { | |
2310 | ERROR("could not move attached process %d to cgroup of container", pid); | |
2311 | return false; | |
2312 | } | |
2313 | ||
2314 | container_info = lxc_cgroup_get_container_info(name, lxcpath, meta_data); | |
2315 | lxc_cgroup_put_meta(meta_data); | |
2316 | if (!container_info) { | |
2317 | ERROR("could not move attached process %d to cgroup of container", pid); | |
2318 | return false; | |
2319 | } | |
2320 | ||
2321 | ret = lxc_cgroupfs_enter(container_info, pid, false); | |
2322 | lxc_cgroup_process_info_free(container_info); | |
2323 | if (ret < 0) { | |
2324 | ERROR("could not move attached process %d to cgroup of container", pid); | |
2325 | return false; | |
2326 | } | |
2327 | return true; | |
2328 | } | |
2329 | ||
d4ef7c50 SH |
2330 | static struct cgroup_ops cgfs_ops = { |
2331 | .destroy = cgfs_destroy, | |
2332 | .init = cgfs_init, | |
2333 | .create = cgfs_create, | |
2334 | .enter = cgfs_enter, | |
2335 | .create_legacy = cgfs_create_legacy, | |
2336 | .get_cgroup = cgfs_get_cgroup, | |
2337 | .get = lxc_cgroupfs_get, | |
2338 | .set = lxc_cgroupfs_set, | |
0086f499 | 2339 | .unfreeze_fromhandler = cgfs_unfreeze_fromhandler, |
9daf6f5d | 2340 | .setup_limits = cgroupfs_setup_limits, |
d4ef7c50 | 2341 | .name = "cgroupfs", |
5d897655 | 2342 | .attach = lxc_cgroupfs_attach, |
0996e18a | 2343 | .chown = NULL, |
c476bdce | 2344 | .mount_cgroup = cgroupfs_mount_cgroup, |
d4ef7c50 SH |
2345 | }; |
2346 | static void init_cg_ops(void) | |
484ed030 | 2347 | { |
d4ef7c50 SH |
2348 | if (!use_cgmanager) |
2349 | return; | |
2350 | if (cgmanager_initialized) | |
2351 | return; | |
2352 | if (!lxc_init_cgmanager()) { | |
2353 | ERROR("Could not contact cgroup manager, falling back to cgroupfs"); | |
2354 | active_cg_ops = &cgfs_ops; | |
2355 | } | |
2356 | } | |
484ed030 | 2357 | |
d4ef7c50 SH |
2358 | /* |
2359 | * These are the backend-independent cgroup handlers for container | |
2360 | * start and stop | |
2361 | */ | |
484ed030 | 2362 | |
d4ef7c50 SH |
2363 | /* Free all cgroup info held by the handler */ |
2364 | void cgroup_destroy(struct lxc_handler *handler) | |
2365 | { | |
2366 | if (!handler->cgroup_info) | |
2367 | return; | |
2368 | if (active_cg_ops) | |
2369 | active_cg_ops->destroy(handler); | |
484ed030 SH |
2370 | } |
2371 | ||
d4ef7c50 SH |
2372 | /* |
2373 | * Allocate a lxc_cgroup_info for the active cgroup | |
2374 | * backend, and assign it to the handler | |
2375 | */ | |
2376 | bool cgroup_init(struct lxc_handler *handler) | |
484ed030 | 2377 | { |
d4ef7c50 SH |
2378 | init_cg_ops(); |
2379 | handler->cgroup_info = malloc(sizeof(struct lxc_cgroup_info)); | |
2380 | if (!handler->cgroup_info) | |
2381 | return false; | |
2382 | memset(handler->cgroup_info, 0, sizeof(struct lxc_cgroup_info)); | |
2383 | /* if we are running as root, use system cgroup pattern, otherwise | |
2384 | * just create a cgroup under the current one. But also fall back to | |
2385 | * that if for some reason reading the configuration fails and no | |
2386 | * default value is available | |
2387 | */ | |
2388 | if (geteuid() == 0) | |
2389 | handler->cgroup_info->cgroup_pattern = lxc_global_config_value("lxc.cgroup.pattern"); | |
2390 | if (!handler->cgroup_info->cgroup_pattern) | |
2391 | handler->cgroup_info->cgroup_pattern = "%n"; | |
484ed030 | 2392 | |
d4ef7c50 SH |
2393 | return active_cg_ops->init(handler); |
2394 | } | |
484ed030 | 2395 | |
d4ef7c50 SH |
2396 | /* Create the container cgroups for all requested controllers */ |
2397 | bool cgroup_create(struct lxc_handler *handler) | |
2398 | { | |
2399 | return active_cg_ops->create(handler); | |
2400 | } | |
484ed030 | 2401 | |
d4ef7c50 SH |
2402 | /* |
2403 | * Enter the container init into its new cgroups for all | |
2404 | * requested controllers */ | |
2405 | bool cgroup_enter(struct lxc_handler *handler) | |
2406 | { | |
2407 | return active_cg_ops->enter(handler); | |
2408 | } | |
484ed030 | 2409 | |
d4ef7c50 SH |
2410 | bool cgroup_create_legacy(struct lxc_handler *handler) |
2411 | { | |
2412 | if (active_cg_ops->create_legacy) | |
2413 | return active_cg_ops->create_legacy(handler); | |
2414 | return true; | |
2415 | } | |
484ed030 | 2416 | |
d4ef7c50 SH |
2417 | char *cgroup_get_cgroup(struct lxc_handler *handler, const char *subsystem) |
2418 | { | |
2419 | return active_cg_ops->get_cgroup(handler, subsystem); | |
484ed030 SH |
2420 | } |
2421 | ||
d4ef7c50 SH |
2422 | int lxc_cgroup_set(const char *filename, const char *value, const char *name, const char *lxcpath) |
2423 | { | |
2424 | init_cg_ops(); | |
2425 | return active_cg_ops->set(filename, value, name, lxcpath); | |
2426 | } | |
2427 | ||
2428 | int lxc_cgroup_get(const char *filename, char *value, size_t len, const char *name, const char *lxcpath) | |
2429 | { | |
2430 | init_cg_ops(); | |
2431 | return active_cg_ops->get(filename, value, len, name, lxcpath); | |
2432 | } | |
0086f499 SH |
2433 | |
2434 | int lxc_unfreeze_fromhandler(struct lxc_handler *handler) | |
2435 | { | |
2436 | return active_cg_ops->unfreeze_fromhandler(handler); | |
2437 | } | |
9daf6f5d SH |
2438 | |
2439 | bool cgroup_setup_limits(struct lxc_handler *handler, bool with_devices) | |
2440 | { | |
2441 | return active_cg_ops->setup_limits(handler, with_devices); | |
2442 | } | |
0996e18a SH |
2443 | |
2444 | bool cgroup_chown(struct lxc_handler *handler) | |
2445 | { | |
2446 | if (active_cg_ops->chown) | |
2447 | return active_cg_ops->chown(handler); | |
2448 | return true; | |
2449 | } | |
5d897655 SH |
2450 | |
2451 | bool lxc_cgroup_attach(const char *name, const char *lxcpath, pid_t pid) | |
2452 | { | |
2453 | init_cg_ops(); | |
2454 | return active_cg_ops->attach(name, lxcpath, pid); | |
2455 | } | |
c476bdce SH |
2456 | |
2457 | bool lxc_setup_mount_cgroup(const char *root, | |
2458 | struct lxc_cgroup_info *cgroup_info, int type) | |
2459 | { | |
2460 | return active_cg_ops->mount_cgroup(root, cgroup_info, type); | |
2461 | } |