]>
Commit | Line | Data |
---|---|---|
ccb4cabe SH |
1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * Copyright © 2016 Canonical Ltd. | |
5 | * | |
6 | * Authors: | |
7 | * Serge Hallyn <serge.hallyn@ubuntu.com> | |
3fd0de4d | 8 | * Christian Brauner <christian.brauner@ubuntu.com> |
ccb4cabe SH |
9 | * |
10 | * This library is free software; you can redistribute it and/or | |
11 | * modify it under the terms of the GNU Lesser General Public | |
12 | * License as published by the Free Software Foundation; either | |
13 | * version 2.1 of the License, or (at your option) any later version. | |
14 | * | |
15 | * This library is distributed in the hope that it will be useful, | |
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | * Lesser General Public License for more details. | |
19 | * | |
20 | * You should have received a copy of the GNU Lesser General Public | |
21 | * License along with this library; if not, write to the Free Software | |
22 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
23 | */ | |
24 | ||
25 | /* | |
26 | * cgfs-ng.c: this is a new, simplified implementation of a filesystem | |
27 | * cgroup backend. The original cgfs.c was designed to be as flexible | |
28 | * as possible. It would try to find cgroup filesystems no matter where | |
29 | * or how you had them mounted, and deduce the most usable mount for | |
0e7ff52c | 30 | * each controller. |
ccb4cabe SH |
31 | * |
32 | * This new implementation assumes that cgroup filesystems are mounted | |
33 | * under /sys/fs/cgroup/clist where clist is either the controller, or | |
34 | * a comman-separated list of controllers. | |
35 | */ | |
a54694f8 | 36 | |
ccb4cabe | 37 | #include "config.h" |
a54694f8 CB |
38 | |
39 | #include <ctype.h> | |
40 | #include <dirent.h> | |
41 | #include <errno.h> | |
42 | #include <grp.h> | |
43 | #include <stdint.h> | |
ccb4cabe SH |
44 | #include <stdio.h> |
45 | #include <stdlib.h> | |
a54694f8 | 46 | #include <string.h> |
ccb4cabe | 47 | #include <unistd.h> |
c8bf519d | 48 | #include <linux/kdev_t.h> |
438c4581 CB |
49 | #include <linux/types.h> |
50 | #include <sys/types.h> | |
c8bf519d | 51 | |
b635e92d | 52 | #include "caps.h" |
ccb4cabe | 53 | #include "cgroup.h" |
6328fd9c | 54 | #include "cgroup_utils.h" |
ccb4cabe | 55 | #include "commands.h" |
43654d34 | 56 | #include "conf.h" |
a54694f8 | 57 | #include "log.h" |
43654d34 | 58 | #include "storage/storage.h" |
a54694f8 | 59 | #include "utils.h" |
ccb4cabe SH |
60 | |
61 | lxc_log_define(lxc_cgfsng, lxc); | |
62 | ||
63 | static struct cgroup_ops cgfsng_ops; | |
64 | ||
9e288301 | 65 | /* A descriptor for a mounted hierarchy |
16a2cde9 CB |
66 | * |
67 | * @controllers | |
68 | * - legacy hierarchy | |
9e288301 | 69 | * Either NULL, or a null-terminated list of all the co-mounted controllers. |
16a2cde9 | 70 | * - unified hierarchy |
9e288301 | 71 | * Either NULL, or a null-terminated list of all enabled controllers. |
16a2cde9 CB |
72 | * |
73 | * @mountpoint | |
9e288301 | 74 | * - The mountpoint we will use. |
16a2cde9 | 75 | * - legacy hierarchy |
9e288301 CB |
76 | * It will be either /sys/fs/cgroup/controller or |
77 | * /sys/fs/cgroup/controllerlist. | |
16a2cde9 | 78 | * - unified hierarchy |
9e288301 CB |
79 | * It will either be /sys/fs/cgroup or /sys/fs/cgroup/<mountpoint-name> |
80 | * depending on whether this is a hybrid cgroup layout (mix of legacy and | |
81 | * unified hierarchies) or a pure unified cgroup layout. | |
16a2cde9 CB |
82 | * |
83 | * @base_cgroup | |
9e288301 CB |
84 | * - The cgroup under which the container cgroup path |
85 | * is created. This will be either the caller's cgroup (if not root), or | |
86 | * init's cgroup (if root). | |
16a2cde9 CB |
87 | * |
88 | * @fullcgpath | |
9e288301 | 89 | * - The full path to the containers cgroup. |
16a2cde9 CB |
90 | * |
91 | * @version | |
92 | * - legacy hierarchy | |
9e288301 CB |
93 | * If the hierarchy is a legacy hierarchy this will be set to |
94 | * CGROUP_SUPER_MAGIC. | |
16a2cde9 | 95 | * - unified hierarchy |
9e288301 CB |
96 | * If the hierarchy is a legacy hierarchy this will be set to |
97 | * CGROUP2_SUPER_MAGIC. | |
ccb4cabe SH |
98 | */ |
99 | struct hierarchy { | |
100 | char **controllers; | |
101 | char *mountpoint; | |
102 | char *base_cgroup; | |
103 | char *fullcgpath; | |
d6337a5f | 104 | int version; |
ccb4cabe SH |
105 | }; |
106 | ||
16a2cde9 CB |
107 | /* The cgroup data which is attached to the lxc_handler. |
108 | * | |
109 | * @cgroup_pattern | |
110 | * - A copy of lxc.cgroup.pattern. | |
111 | * | |
112 | * @container_cgroup | |
113 | * - If not null, the cgroup which was created for the container. For each | |
114 | * hierarchy, it is created under the @hierarchy->base_cgroup directory. | |
115 | * Relative to the base_cgroup it is the same for all hierarchies. | |
116 | * | |
117 | * @name | |
118 | * - The name of the container. | |
119 | * | |
120 | * @cgroup_meta | |
121 | * - A copy of the container's cgroup information. This overrides | |
122 | * @cgroup_pattern. | |
123 | * | |
09f3bb13 CB |
124 | * @cgroup_layout |
125 | * - What cgroup layout the container is running with. | |
16a2cde9 CB |
126 | * - CGROUP_LAYOUT_UNKNOWN |
127 | * The cgroup layout could not be determined. This should be treated as an | |
128 | * error condition. | |
129 | * - CGROUP_LAYOUT_LEGACY | |
130 | * The container is running with all controllers mounted into legacy cgroup | |
131 | * hierarchies. | |
132 | * - CGROUP_LAYOUT_HYBRID | |
133 | * The container is running with at least one controller mounted into a | |
134 | * legacy cgroup hierarchy and a mountpoint for the unified hierarchy. The | |
135 | * unified hierarchy can be empty (no controllers enabled) or non-empty | |
136 | * (controllers enabled). | |
137 | * - CGROUP_LAYOUT_UNIFIED | |
138 | * The container is running on a pure unified cgroup hierarchy. The unified | |
139 | * hierarchy can be empty (no controllers enabled) or non-empty (controllers | |
140 | * enabled). | |
ccb4cabe SH |
141 | */ |
142 | struct cgfsng_handler_data { | |
ccb4cabe | 143 | char *cgroup_pattern; |
1a0e70ac CB |
144 | char *container_cgroup; /* cgroup we created for the container */ |
145 | char *name; /* container name */ | |
43654d34 CB |
146 | /* per-container cgroup information */ |
147 | struct lxc_cgroup cgroup_meta; | |
d6337a5f | 148 | cgroup_layout_t cgroup_layout; |
ccb4cabe SH |
149 | }; |
150 | ||
09f3bb13 CB |
151 | /* @hierarchies |
152 | * - A NULL-terminated array of struct hierarchy, one per legacy hierarchy. No | |
153 | * duplicates. First sufficient, writeable mounted hierarchy wins. | |
457ca9aa SH |
154 | */ |
155 | struct hierarchy **hierarchies; | |
09f3bb13 CB |
156 | /* Pointer to the unified hierarchy in the null terminated list @hierarchies. |
157 | * This is merely a convenience for hybrid cgroup layouts to easily retrieve the | |
158 | * unified hierarchy without iterating throught @hierarchies. | |
159 | */ | |
d6337a5f | 160 | struct hierarchy *unified; |
457ca9aa | 161 | /* |
09f3bb13 CB |
162 | * @cgroup_layout |
163 | * - What cgroup layout the container is running with. | |
164 | * - CGROUP_LAYOUT_UNKNOWN | |
165 | * The cgroup layout could not be determined. This should be treated as an | |
166 | * error condition. | |
167 | * - CGROUP_LAYOUT_LEGACY | |
168 | * The container is running with all controllers mounted into legacy cgroup | |
169 | * hierarchies. | |
170 | * - CGROUP_LAYOUT_HYBRID | |
171 | * The container is running with at least one controller mounted into a | |
172 | * legacy cgroup hierarchy and a mountpoint for the unified hierarchy. The | |
173 | * unified hierarchy can be empty (no controllers enabled) or non-empty | |
174 | * (controllers enabled). | |
175 | * - CGROUP_LAYOUT_UNIFIED | |
176 | * The container is running on a pure unified cgroup hierarchy. The unified | |
177 | * hierarchy can be empty (no controllers enabled) or non-empty (controllers | |
178 | * enabled). | |
457ca9aa | 179 | */ |
09f3bb13 CB |
180 | cgroup_layout_t cgroup_layout; |
181 | /* What controllers is the container supposed to use. */ | |
457ca9aa SH |
182 | char *cgroup_use; |
183 | ||
09f3bb13 CB |
184 | /* @lxc_cgfsng_debug |
185 | * - Whether to print debug info to stdout for the cgfsng driver. | |
e4aeecf5 CB |
186 | */ |
187 | static bool lxc_cgfsng_debug; | |
188 | ||
09f3bb13 CB |
189 | #define CGFSNG_DEBUG(format, ...) \ |
190 | do { \ | |
191 | if (lxc_cgfsng_debug) \ | |
192 | printf("cgfsng: " format, ##__VA_ARGS__); \ | |
193 | } while (0) | |
65d78313 | 194 | |
ccb4cabe SH |
195 | static void free_string_list(char **clist) |
196 | { | |
2d5fe5ba | 197 | int i; |
ccb4cabe | 198 | |
2d5fe5ba CB |
199 | if (!clist) |
200 | return; | |
201 | ||
202 | for (i = 0; clist[i]; i++) | |
203 | free(clist[i]); | |
204 | ||
205 | free(clist); | |
ccb4cabe SH |
206 | } |
207 | ||
7745483d | 208 | /* Allocate a pointer, do not fail. */ |
ccb4cabe SH |
209 | static void *must_alloc(size_t sz) |
210 | { | |
211 | return must_realloc(NULL, sz); | |
212 | } | |
213 | ||
8b8db2f6 CB |
214 | /* Given a pointer to a null-terminated array of pointers, realloc to add one |
215 | * entry, and point the new entry to NULL. Do not fail. Return the index to the | |
216 | * second-to-last entry - that is, the one which is now available for use | |
217 | * (keeping the list null-terminated). | |
ccb4cabe SH |
218 | */ |
219 | static int append_null_to_list(void ***list) | |
220 | { | |
221 | int newentry = 0; | |
222 | ||
223 | if (*list) | |
8b8db2f6 CB |
224 | for (; (*list)[newentry]; newentry++) |
225 | ; | |
ccb4cabe SH |
226 | |
227 | *list = must_realloc(*list, (newentry + 2) * sizeof(void **)); | |
228 | (*list)[newentry + 1] = NULL; | |
229 | return newentry; | |
230 | } | |
231 | ||
8073018d CB |
232 | /* Given a null-terminated array of strings, check whether @entry is one of the |
233 | * strings. | |
ccb4cabe SH |
234 | */ |
235 | static bool string_in_list(char **list, const char *entry) | |
236 | { | |
237 | int i; | |
238 | ||
239 | if (!list) | |
240 | return false; | |
d6337a5f | 241 | |
ccb4cabe SH |
242 | for (i = 0; list[i]; i++) |
243 | if (strcmp(list[i], entry) == 0) | |
244 | return true; | |
245 | ||
246 | return false; | |
247 | } | |
248 | ||
ac010944 CB |
249 | /* Return a copy of @entry prepending "name=", i.e. turn "systemd" into |
250 | * "name=systemd". Do not fail. | |
251 | */ | |
252 | static char *cg_legacy_must_prefix_named(char *entry) | |
253 | { | |
254 | size_t len; | |
255 | char *prefixed; | |
256 | ||
257 | len = strlen(entry); | |
258 | prefixed = must_alloc(len + 6); | |
259 | ||
260 | memcpy(prefixed, "name=", sizeof("name=")); | |
261 | memcpy(prefixed + sizeof("name="), entry, len); | |
262 | prefixed[len + 5] = '\0'; | |
263 | return prefixed; | |
264 | } | |
265 | ||
42a993b4 CB |
266 | /* Append an entry to the clist. Do not fail. @clist must be NULL the first time |
267 | * we are called. | |
ccb4cabe | 268 | * |
42a993b4 CB |
269 | * We also handle named subsystems here. Any controller which is not a kernel |
270 | * subsystem, we prefix "name=". Any which is both a kernel and named subsystem, | |
271 | * we refuse to use because we're not sure which we have here. | |
272 | * (TODO: We could work around this in some cases by just remounting to be | |
273 | * unambiguous, or by comparing mountpoint contents with current cgroup.) | |
ccb4cabe SH |
274 | * |
275 | * The last entry will always be NULL. | |
276 | */ | |
42a993b4 CB |
277 | static void must_append_controller(char **klist, char **nlist, char ***clist, |
278 | char *entry) | |
ccb4cabe SH |
279 | { |
280 | int newentry; | |
281 | char *copy; | |
282 | ||
283 | if (string_in_list(klist, entry) && string_in_list(nlist, entry)) { | |
c2712f64 | 284 | ERROR("Refusing to use ambiguous controller \"%s\"", entry); |
ccb4cabe SH |
285 | ERROR("It is both a named and kernel subsystem"); |
286 | return; | |
287 | } | |
288 | ||
289 | newentry = append_null_to_list((void ***)clist); | |
290 | ||
291 | if (strncmp(entry, "name=", 5) == 0) | |
292 | copy = must_copy_string(entry); | |
293 | else if (string_in_list(klist, entry)) | |
294 | copy = must_copy_string(entry); | |
295 | else | |
7745483d | 296 | copy = cg_legacy_must_prefix_named(entry); |
ccb4cabe SH |
297 | |
298 | (*clist)[newentry] = copy; | |
299 | } | |
300 | ||
ccb4cabe SH |
301 | static void free_handler_data(struct cgfsng_handler_data *d) |
302 | { | |
ccb4cabe SH |
303 | free(d->cgroup_pattern); |
304 | free(d->container_cgroup); | |
305 | free(d->name); | |
43654d34 CB |
306 | if (d->cgroup_meta.dir) |
307 | free(d->cgroup_meta.dir); | |
308 | if (d->cgroup_meta.controllers) | |
309 | free(d->cgroup_meta.controllers); | |
ccb4cabe SH |
310 | free(d); |
311 | } | |
312 | ||
5ae0207c CB |
313 | /* Given a handler's cgroup data, return the struct hierarchy for the controller |
314 | * @c, or NULL if there is none. | |
ccb4cabe | 315 | */ |
457ca9aa | 316 | struct hierarchy *get_hierarchy(const char *c) |
ccb4cabe SH |
317 | { |
318 | int i; | |
319 | ||
457ca9aa | 320 | if (!hierarchies) |
ccb4cabe | 321 | return NULL; |
d6337a5f | 322 | |
457ca9aa | 323 | for (i = 0; hierarchies[i]; i++) { |
d6337a5f CB |
324 | if (!c) { |
325 | /* This is the empty unified hierarchy. */ | |
326 | if (hierarchies[i]->controllers && | |
327 | !hierarchies[i]->controllers[0]) | |
328 | return hierarchies[i]; | |
329 | ||
330 | return NULL; | |
331 | } | |
332 | ||
457ca9aa SH |
333 | if (string_in_list(hierarchies[i]->controllers, c)) |
334 | return hierarchies[i]; | |
ccb4cabe | 335 | } |
d6337a5f | 336 | |
ccb4cabe SH |
337 | return NULL; |
338 | } | |
339 | ||
a54694f8 CB |
340 | #define BATCH_SIZE 50 |
341 | static void batch_realloc(char **mem, size_t oldlen, size_t newlen) | |
342 | { | |
343 | int newbatches = (newlen / BATCH_SIZE) + 1; | |
344 | int oldbatches = (oldlen / BATCH_SIZE) + 1; | |
345 | ||
346 | if (!*mem || newbatches > oldbatches) { | |
347 | *mem = must_realloc(*mem, newbatches * BATCH_SIZE); | |
348 | } | |
349 | } | |
350 | ||
351 | static void append_line(char **dest, size_t oldlen, char *new, size_t newlen) | |
352 | { | |
353 | size_t full = oldlen + newlen; | |
354 | ||
355 | batch_realloc(dest, oldlen, full + 1); | |
356 | ||
357 | memcpy(*dest + oldlen, new, newlen + 1); | |
358 | } | |
359 | ||
360 | /* Slurp in a whole file */ | |
d6337a5f | 361 | static char *read_file(const char *fnam) |
a54694f8 CB |
362 | { |
363 | FILE *f; | |
364 | char *line = NULL, *buf = NULL; | |
365 | size_t len = 0, fulllen = 0; | |
366 | int linelen; | |
367 | ||
368 | f = fopen(fnam, "r"); | |
369 | if (!f) | |
370 | return NULL; | |
371 | while ((linelen = getline(&line, &len, f)) != -1) { | |
372 | append_line(&buf, fulllen, line, linelen); | |
373 | fulllen += linelen; | |
374 | } | |
375 | fclose(f); | |
376 | free(line); | |
377 | return buf; | |
378 | } | |
379 | ||
380 | /* Taken over modified from the kernel sources. */ | |
381 | #define NBITS 32 /* bits in uint32_t */ | |
382 | #define DIV_ROUND_UP(n, d) (((n) + (d)-1) / (d)) | |
383 | #define BITS_TO_LONGS(nr) DIV_ROUND_UP(nr, NBITS) | |
384 | ||
385 | static void set_bit(unsigned bit, uint32_t *bitarr) | |
386 | { | |
387 | bitarr[bit / NBITS] |= (1 << (bit % NBITS)); | |
388 | } | |
389 | ||
390 | static void clear_bit(unsigned bit, uint32_t *bitarr) | |
391 | { | |
392 | bitarr[bit / NBITS] &= ~(1 << (bit % NBITS)); | |
393 | } | |
394 | ||
395 | static bool is_set(unsigned bit, uint32_t *bitarr) | |
396 | { | |
397 | return (bitarr[bit / NBITS] & (1 << (bit % NBITS))) != 0; | |
398 | } | |
399 | ||
400 | /* Create cpumask from cpulist aka turn: | |
401 | * | |
402 | * 0,2-3 | |
403 | * | |
d5d468f6 | 404 | * into bit array |
a54694f8 CB |
405 | * |
406 | * 1 0 1 1 | |
407 | */ | |
408 | static uint32_t *lxc_cpumask(char *buf, size_t nbits) | |
409 | { | |
410 | char *token; | |
d5d468f6 CB |
411 | size_t arrlen; |
412 | uint32_t *bitarr; | |
a54694f8 | 413 | char *saveptr = NULL; |
d5d468f6 CB |
414 | |
415 | arrlen = BITS_TO_LONGS(nbits); | |
416 | bitarr = calloc(arrlen, sizeof(uint32_t)); | |
a54694f8 CB |
417 | if (!bitarr) |
418 | return NULL; | |
419 | ||
420 | for (; (token = strtok_r(buf, ",", &saveptr)); buf = NULL) { | |
421 | errno = 0; | |
d5d468f6 CB |
422 | unsigned end, start; |
423 | char *range; | |
a54694f8 | 424 | |
d5d468f6 CB |
425 | start = strtoul(token, NULL, 0); |
426 | end = start; | |
427 | range = strchr(token, '-'); | |
a54694f8 CB |
428 | if (range) |
429 | end = strtoul(range + 1, NULL, 0); | |
d5d468f6 | 430 | |
a54694f8 CB |
431 | if (!(start <= end)) { |
432 | free(bitarr); | |
433 | return NULL; | |
434 | } | |
435 | ||
436 | if (end >= nbits) { | |
437 | free(bitarr); | |
438 | return NULL; | |
439 | } | |
440 | ||
441 | while (start <= end) | |
442 | set_bit(start++, bitarr); | |
443 | } | |
444 | ||
445 | return bitarr; | |
446 | } | |
447 | ||
a54694f8 CB |
448 | /* Turn cpumask into simple, comma-separated cpulist. */ |
449 | static char *lxc_cpumask_to_cpulist(uint32_t *bitarr, size_t nbits) | |
450 | { | |
a54694f8 | 451 | int ret; |
414c6719 | 452 | size_t i; |
a54694f8 | 453 | char **cpulist = NULL; |
414c6719 | 454 | char numstr[LXC_NUMSTRLEN64] = {0}; |
a54694f8 CB |
455 | |
456 | for (i = 0; i <= nbits; i++) { | |
414c6719 CB |
457 | if (!is_set(i, bitarr)) |
458 | continue; | |
459 | ||
460 | ret = snprintf(numstr, LXC_NUMSTRLEN64, "%zu", i); | |
461 | if (ret < 0 || (size_t)ret >= LXC_NUMSTRLEN64) { | |
462 | lxc_free_array((void **)cpulist, free); | |
463 | return NULL; | |
464 | } | |
465 | ||
466 | ret = lxc_append_string(&cpulist, numstr); | |
467 | if (ret < 0) { | |
468 | lxc_free_array((void **)cpulist, free); | |
469 | return NULL; | |
a54694f8 CB |
470 | } |
471 | } | |
414c6719 CB |
472 | |
473 | if (!cpulist) | |
474 | return NULL; | |
475 | ||
a54694f8 CB |
476 | return lxc_string_join(",", (const char **)cpulist, false); |
477 | } | |
478 | ||
479 | static ssize_t get_max_cpus(char *cpulist) | |
480 | { | |
481 | char *c1, *c2; | |
482 | char *maxcpus = cpulist; | |
483 | size_t cpus = 0; | |
484 | ||
485 | c1 = strrchr(maxcpus, ','); | |
486 | if (c1) | |
487 | c1++; | |
488 | ||
489 | c2 = strrchr(maxcpus, '-'); | |
490 | if (c2) | |
491 | c2++; | |
492 | ||
493 | if (!c1 && !c2) | |
494 | c1 = maxcpus; | |
495 | else if (c1 > c2) | |
496 | c2 = c1; | |
497 | else if (c1 < c2) | |
498 | c1 = c2; | |
333987b9 | 499 | else if (!c1 && c2) |
a54694f8 CB |
500 | c1 = c2; |
501 | ||
a54694f8 CB |
502 | errno = 0; |
503 | cpus = strtoul(c1, NULL, 0); | |
504 | if (errno != 0) | |
505 | return -1; | |
506 | ||
507 | return cpus; | |
508 | } | |
509 | ||
6f9584d8 | 510 | #define __ISOL_CPUS "/sys/devices/system/cpu/isolated" |
a3926f6a | 511 | static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized) |
a54694f8 | 512 | { |
a54694f8 CB |
513 | int ret; |
514 | ssize_t i; | |
59ac3b88 CB |
515 | char *lastslash, *fpath, oldv; |
516 | ssize_t maxisol = 0, maxposs = 0; | |
517 | char *cpulist = NULL, *isolcpus = NULL, *posscpus = NULL; | |
518 | uint32_t *isolmask = NULL, *possmask = NULL; | |
6f9584d8 | 519 | bool bret = false, flipped_bit = false; |
a54694f8 CB |
520 | |
521 | lastslash = strrchr(path, '/'); | |
59ac3b88 CB |
522 | if (!lastslash) { |
523 | ERROR("Failed to detect \"/\" in \"%s\"", path); | |
a54694f8 CB |
524 | return bret; |
525 | } | |
526 | oldv = *lastslash; | |
527 | *lastslash = '\0'; | |
528 | fpath = must_make_path(path, "cpuset.cpus", NULL); | |
529 | posscpus = read_file(fpath); | |
6f9584d8 | 530 | if (!posscpus) { |
59ac3b88 | 531 | SYSERROR("Failed to read file \"%s\"", fpath); |
6f9584d8 CB |
532 | goto on_error; |
533 | } | |
a54694f8 CB |
534 | |
535 | /* Get maximum number of cpus found in possible cpuset. */ | |
536 | maxposs = get_max_cpus(posscpus); | |
537 | if (maxposs < 0) | |
6f9584d8 | 538 | goto on_error; |
a54694f8 | 539 | |
6f9584d8 CB |
540 | if (!file_exists(__ISOL_CPUS)) { |
541 | /* This system doesn't expose isolated cpus. */ | |
59ac3b88 | 542 | DEBUG("The path \""__ISOL_CPUS"\" to read isolated cpus from does not exist"); |
65d29cbc CB |
543 | cpulist = posscpus; |
544 | /* No isolated cpus but we weren't already initialized by | |
545 | * someone. We should simply copy the parents cpuset.cpus | |
546 | * values. | |
547 | */ | |
548 | if (!am_initialized) { | |
59ac3b88 | 549 | DEBUG("Copying cpu settings of parent cgroup"); |
65d29cbc CB |
550 | goto copy_parent; |
551 | } | |
552 | /* No isolated cpus but we were already initialized by someone. | |
553 | * Nothing more to do for us. | |
554 | */ | |
6f9584d8 CB |
555 | goto on_success; |
556 | } | |
557 | ||
558 | isolcpus = read_file(__ISOL_CPUS); | |
559 | if (!isolcpus) { | |
59ac3b88 | 560 | SYSERROR("Failed to read file \""__ISOL_CPUS"\""); |
6f9584d8 CB |
561 | goto on_error; |
562 | } | |
a54694f8 | 563 | if (!isdigit(isolcpus[0])) { |
59ac3b88 | 564 | TRACE("No isolated cpus detected"); |
a54694f8 CB |
565 | cpulist = posscpus; |
566 | /* No isolated cpus but we weren't already initialized by | |
567 | * someone. We should simply copy the parents cpuset.cpus | |
568 | * values. | |
569 | */ | |
6f9584d8 | 570 | if (!am_initialized) { |
59ac3b88 | 571 | DEBUG("Copying cpu settings of parent cgroup"); |
a54694f8 | 572 | goto copy_parent; |
6f9584d8 | 573 | } |
a54694f8 CB |
574 | /* No isolated cpus but we were already initialized by someone. |
575 | * Nothing more to do for us. | |
576 | */ | |
6f9584d8 | 577 | goto on_success; |
a54694f8 CB |
578 | } |
579 | ||
580 | /* Get maximum number of cpus found in isolated cpuset. */ | |
581 | maxisol = get_max_cpus(isolcpus); | |
582 | if (maxisol < 0) | |
6f9584d8 | 583 | goto on_error; |
a54694f8 CB |
584 | |
585 | if (maxposs < maxisol) | |
586 | maxposs = maxisol; | |
587 | maxposs++; | |
588 | ||
589 | possmask = lxc_cpumask(posscpus, maxposs); | |
6f9584d8 | 590 | if (!possmask) { |
59ac3b88 | 591 | ERROR("Failed to create cpumask for possible cpus"); |
6f9584d8 CB |
592 | goto on_error; |
593 | } | |
a54694f8 CB |
594 | |
595 | isolmask = lxc_cpumask(isolcpus, maxposs); | |
6f9584d8 | 596 | if (!isolmask) { |
59ac3b88 | 597 | ERROR("Failed to create cpumask for isolated cpus"); |
6f9584d8 CB |
598 | goto on_error; |
599 | } | |
a54694f8 CB |
600 | |
601 | for (i = 0; i <= maxposs; i++) { | |
59ac3b88 CB |
602 | if (!is_set(i, isolmask) || !is_set(i, possmask)) |
603 | continue; | |
604 | ||
605 | flipped_bit = true; | |
606 | clear_bit(i, possmask); | |
a54694f8 CB |
607 | } |
608 | ||
6f9584d8 | 609 | if (!flipped_bit) { |
59ac3b88 | 610 | DEBUG("No isolated cpus present in cpuset"); |
6f9584d8 CB |
611 | goto on_success; |
612 | } | |
59ac3b88 | 613 | DEBUG("Removed isolated cpus from cpuset"); |
6f9584d8 | 614 | |
a54694f8 | 615 | cpulist = lxc_cpumask_to_cpulist(possmask, maxposs); |
6f9584d8 | 616 | if (!cpulist) { |
59ac3b88 | 617 | ERROR("Failed to create cpu list"); |
6f9584d8 CB |
618 | goto on_error; |
619 | } | |
a54694f8 CB |
620 | |
621 | copy_parent: | |
622 | *lastslash = oldv; | |
dcbc861e | 623 | free(fpath); |
a54694f8 CB |
624 | fpath = must_make_path(path, "cpuset.cpus", NULL); |
625 | ret = lxc_write_to_file(fpath, cpulist, strlen(cpulist), false); | |
6f9584d8 | 626 | if (ret < 0) { |
59ac3b88 | 627 | SYSERROR("Failed to write cpu list to \"%s\"", fpath); |
6f9584d8 CB |
628 | goto on_error; |
629 | } | |
630 | ||
631 | on_success: | |
632 | bret = true; | |
a54694f8 | 633 | |
6f9584d8 | 634 | on_error: |
a54694f8 CB |
635 | free(fpath); |
636 | ||
637 | free(isolcpus); | |
638 | free(isolmask); | |
639 | ||
640 | if (posscpus != cpulist) | |
641 | free(posscpus); | |
642 | free(possmask); | |
643 | ||
644 | free(cpulist); | |
645 | return bret; | |
646 | } | |
647 | ||
e3a3fecf SH |
648 | /* Copy contents of parent(@path)/@file to @path/@file */ |
649 | static bool copy_parent_file(char *path, char *file) | |
650 | { | |
e3a3fecf | 651 | int ret; |
b095a8eb CB |
652 | char *fpath, *lastslash, oldv; |
653 | int len = 0; | |
654 | char *value = NULL; | |
e3a3fecf SH |
655 | |
656 | lastslash = strrchr(path, '/'); | |
b095a8eb CB |
657 | if (!lastslash) { |
658 | ERROR("Failed to detect \"/\" in \"%s\"", path); | |
e3a3fecf SH |
659 | return false; |
660 | } | |
661 | oldv = *lastslash; | |
662 | *lastslash = '\0'; | |
663 | fpath = must_make_path(path, file, NULL); | |
664 | len = lxc_read_from_file(fpath, NULL, 0); | |
665 | if (len <= 0) | |
b095a8eb CB |
666 | goto on_error; |
667 | ||
e3a3fecf | 668 | value = must_alloc(len + 1); |
b095a8eb CB |
669 | ret = lxc_read_from_file(fpath, value, len); |
670 | if (ret != len) | |
671 | goto on_error; | |
e3a3fecf | 672 | free(fpath); |
b095a8eb | 673 | |
e3a3fecf SH |
674 | *lastslash = oldv; |
675 | fpath = must_make_path(path, file, NULL); | |
676 | ret = lxc_write_to_file(fpath, value, len, false); | |
677 | if (ret < 0) | |
b095a8eb | 678 | SYSERROR("Failed to write \"%s\" to file \"%s\"", value, fpath); |
e3a3fecf SH |
679 | free(fpath); |
680 | free(value); | |
681 | return ret >= 0; | |
682 | ||
b095a8eb CB |
683 | on_error: |
684 | SYSERROR("Failed to read file \"%s\"", fpath); | |
e3a3fecf SH |
685 | free(fpath); |
686 | free(value); | |
687 | return false; | |
688 | } | |
689 | ||
7793add3 CB |
690 | /* Initialize the cpuset hierarchy in first directory of @gname and set |
691 | * cgroup.clone_children so that children inherit settings. Since the | |
692 | * h->base_path is populated by init or ourselves, we know it is already | |
693 | * initialized. | |
e3a3fecf | 694 | */ |
a3926f6a | 695 | static bool cg_legacy_handle_cpuset_hierarchy(struct hierarchy *h, char *cgname) |
e3a3fecf | 696 | { |
7793add3 CB |
697 | int ret; |
698 | char v; | |
699 | char *cgpath, *clonechildrenpath, *slash; | |
e3a3fecf SH |
700 | |
701 | if (!string_in_list(h->controllers, "cpuset")) | |
702 | return true; | |
703 | ||
704 | if (*cgname == '/') | |
705 | cgname++; | |
706 | slash = strchr(cgname, '/'); | |
707 | if (slash) | |
708 | *slash = '\0'; | |
709 | ||
710 | cgpath = must_make_path(h->mountpoint, h->base_cgroup, cgname, NULL); | |
711 | if (slash) | |
712 | *slash = '/'; | |
7793add3 CB |
713 | |
714 | ret = mkdir(cgpath, 0755); | |
715 | if (ret < 0) { | |
716 | if (errno != EEXIST) { | |
717 | SYSERROR("Failed to create directory \"%s\"", cgpath); | |
718 | free(cgpath); | |
719 | return false; | |
720 | } | |
e3a3fecf | 721 | } |
6f9584d8 | 722 | |
7793add3 CB |
723 | clonechildrenpath = |
724 | must_make_path(cgpath, "cgroup.clone_children", NULL); | |
6328fd9c CB |
725 | /* unified hierarchy doesn't have clone_children */ |
726 | if (!file_exists(clonechildrenpath)) { | |
e3a3fecf SH |
727 | free(clonechildrenpath); |
728 | free(cgpath); | |
729 | return true; | |
730 | } | |
7793add3 CB |
731 | |
732 | ret = lxc_read_from_file(clonechildrenpath, &v, 1); | |
733 | if (ret < 0) { | |
734 | SYSERROR("Failed to read file \"%s\"", clonechildrenpath); | |
e3a3fecf SH |
735 | free(clonechildrenpath); |
736 | free(cgpath); | |
737 | return false; | |
738 | } | |
739 | ||
a54694f8 | 740 | /* Make sure any isolated cpus are removed from cpuset.cpus. */ |
a3926f6a | 741 | if (!cg_legacy_filter_and_set_cpus(cgpath, v == '1')) { |
7793add3 | 742 | SYSERROR("Failed to remove isolated cpus"); |
6f9584d8 CB |
743 | free(clonechildrenpath); |
744 | free(cgpath); | |
a54694f8 | 745 | return false; |
6f9584d8 | 746 | } |
a54694f8 | 747 | |
7793add3 CB |
748 | /* Already set for us by someone else. */ |
749 | if (v == '1') { | |
750 | DEBUG("\"cgroup.clone_children\" was already set to \"1\""); | |
e3a3fecf SH |
751 | free(clonechildrenpath); |
752 | free(cgpath); | |
753 | return true; | |
754 | } | |
755 | ||
756 | /* copy parent's settings */ | |
a54694f8 | 757 | if (!copy_parent_file(cgpath, "cpuset.mems")) { |
7793add3 | 758 | SYSERROR("Failed to copy \"cpuset.mems\" settings"); |
e3a3fecf SH |
759 | free(cgpath); |
760 | free(clonechildrenpath); | |
761 | return false; | |
762 | } | |
763 | free(cgpath); | |
764 | ||
7793add3 CB |
765 | ret = lxc_write_to_file(clonechildrenpath, "1", 1, false); |
766 | if (ret < 0) { | |
e3a3fecf | 767 | /* Set clone_children so children inherit our settings */ |
7793add3 | 768 | SYSERROR("Failed to write 1 to \"%s\"", clonechildrenpath); |
e3a3fecf SH |
769 | free(clonechildrenpath); |
770 | return false; | |
771 | } | |
772 | free(clonechildrenpath); | |
773 | return true; | |
774 | } | |
775 | ||
5c0089ae CB |
776 | /* Given two null-terminated lists of strings, return true if any string is in |
777 | * both. | |
ccb4cabe SH |
778 | */ |
779 | static bool controller_lists_intersect(char **l1, char **l2) | |
780 | { | |
781 | int i; | |
782 | ||
783 | if (!l1 || !l2) | |
784 | return false; | |
785 | ||
786 | for (i = 0; l1[i]; i++) { | |
787 | if (string_in_list(l2, l1[i])) | |
788 | return true; | |
789 | } | |
5c0089ae | 790 | |
ccb4cabe SH |
791 | return false; |
792 | } | |
793 | ||
258449e5 CB |
794 | /* For a null-terminated list of controllers @clist, return true if any of those |
795 | * controllers is already listed the null-terminated list of hierarchies @hlist. | |
796 | * Realistically, if one is present, all must be present. | |
ccb4cabe SH |
797 | */ |
798 | static bool controller_list_is_dup(struct hierarchy **hlist, char **clist) | |
799 | { | |
800 | int i; | |
801 | ||
802 | if (!hlist) | |
803 | return false; | |
258449e5 | 804 | |
ccb4cabe SH |
805 | for (i = 0; hlist[i]; i++) |
806 | if (controller_lists_intersect(hlist[i]->controllers, clist)) | |
807 | return true; | |
ccb4cabe | 808 | |
258449e5 | 809 | return false; |
ccb4cabe SH |
810 | } |
811 | ||
f57ac67f CB |
812 | /* Return true if the controller @entry is found in the null-terminated list of |
813 | * hierarchies @hlist. | |
ccb4cabe SH |
814 | */ |
815 | static bool controller_found(struct hierarchy **hlist, char *entry) | |
816 | { | |
817 | int i; | |
d6337a5f | 818 | |
ccb4cabe SH |
819 | if (!hlist) |
820 | return false; | |
821 | ||
822 | for (i = 0; hlist[i]; i++) | |
823 | if (string_in_list(hlist[i]->controllers, entry)) | |
824 | return true; | |
d6337a5f | 825 | |
ccb4cabe SH |
826 | return false; |
827 | } | |
828 | ||
e1c27ab0 CB |
829 | /* Return true if all of the controllers which we require have been found. The |
830 | * required list is freezer and anything in lxc.cgroup.use. | |
ccb4cabe | 831 | */ |
457ca9aa | 832 | static bool all_controllers_found(void) |
ccb4cabe | 833 | { |
e1c27ab0 CB |
834 | char *p; |
835 | char *saveptr = NULL; | |
836 | struct hierarchy **hlist = hierarchies; | |
ccb4cabe | 837 | |
ccb4cabe | 838 | if (!controller_found(hlist, "freezer")) { |
65d78313 | 839 | CGFSNG_DEBUG("No freezer controller mountpoint found\n"); |
ccb4cabe SH |
840 | return false; |
841 | } | |
842 | ||
457ca9aa | 843 | if (!cgroup_use) |
ccb4cabe | 844 | return true; |
c2712f64 | 845 | |
457ca9aa | 846 | for (p = strtok_r(cgroup_use, ",", &saveptr); p; |
e1c27ab0 | 847 | p = strtok_r(NULL, ",", &saveptr)) { |
ccb4cabe | 848 | if (!controller_found(hlist, p)) { |
65d78313 | 849 | CGFSNG_DEBUG("No %s controller mountpoint found\n", p); |
ccb4cabe SH |
850 | return false; |
851 | } | |
852 | } | |
c2712f64 | 853 | |
ccb4cabe SH |
854 | return true; |
855 | } | |
856 | ||
f205f10c CB |
857 | /* Get the controllers from a mountinfo line There are other ways we could get |
858 | * this info. For lxcfs, field 3 is /cgroup/controller-list. For cgroupfs, we | |
859 | * could parse the mount options. But we simply assume that the mountpoint must | |
860 | * be /sys/fs/cgroup/controller-list | |
ccb4cabe | 861 | */ |
a3926f6a CB |
862 | static char **cg_hybrid_get_controllers(char **klist, char **nlist, char *line, |
863 | int type) | |
ccb4cabe | 864 | { |
f205f10c CB |
865 | /* The fourth field is /sys/fs/cgroup/comma-delimited-controller-list |
866 | * for legacy hierarchies. | |
867 | */ | |
ccb4cabe | 868 | int i; |
411ac6d8 | 869 | char *dup, *p2, *tok; |
d6337a5f | 870 | char *p = line, *saveptr = NULL, *sep = ","; |
411ac6d8 | 871 | char **aret = NULL; |
6328fd9c | 872 | |
ccb4cabe | 873 | for (i = 0; i < 4; i++) { |
235f1815 | 874 | p = strchr(p, ' '); |
ccb4cabe SH |
875 | if (!p) |
876 | return NULL; | |
877 | p++; | |
878 | } | |
a55f31bd | 879 | |
f205f10c CB |
880 | /* Note, if we change how mountinfo works, then our caller will need to |
881 | * verify /sys/fs/cgroup/ in this field. | |
882 | */ | |
883 | if (strncmp(p, "/sys/fs/cgroup/", 15) != 0) { | |
65d78313 | 884 | CGFSNG_DEBUG("Found hierarchy not under /sys/fs/cgroup: \"%s\"\n", p); |
ccb4cabe | 885 | return NULL; |
5059aae9 | 886 | } |
d6337a5f | 887 | |
ccb4cabe | 888 | p += 15; |
235f1815 | 889 | p2 = strchr(p, ' '); |
ccb4cabe | 890 | if (!p2) { |
65d78313 | 891 | CGFSNG_DEBUG("Corrupt mountinfo\n"); |
ccb4cabe SH |
892 | return NULL; |
893 | } | |
894 | *p2 = '\0'; | |
6328fd9c | 895 | |
d6337a5f CB |
896 | if (type == CGROUP_SUPER_MAGIC) { |
897 | /* strdup() here for v1 hierarchies. Otherwise strtok_r() will | |
898 | * destroy mountpoints such as "/sys/fs/cgroup/cpu,cpuacct". | |
899 | */ | |
900 | dup = strdup(p); | |
901 | if (!dup) | |
902 | return NULL; | |
903 | ||
904 | for (tok = strtok_r(dup, sep, &saveptr); tok; | |
905 | tok = strtok_r(NULL, sep, &saveptr)) | |
906 | must_append_controller(klist, nlist, &aret, tok); | |
907 | ||
908 | free(dup); | |
411ac6d8 | 909 | } |
d6337a5f | 910 | *p2 = ' '; |
f205f10c | 911 | |
d6337a5f CB |
912 | return aret; |
913 | } | |
411ac6d8 | 914 | |
d6337a5f CB |
915 | static char **cg_unified_make_empty_controller(void) |
916 | { | |
917 | int newentry; | |
918 | char **aret = NULL; | |
919 | ||
920 | newentry = append_null_to_list((void ***)&aret); | |
921 | aret[newentry] = NULL; | |
922 | return aret; | |
923 | } | |
924 | ||
925 | static char **cg_unified_get_controllers(const char *file) | |
926 | { | |
927 | char *buf, *tok; | |
928 | char *saveptr = NULL, *sep = " \t\n"; | |
929 | char **aret = NULL; | |
930 | ||
931 | buf = read_file(file); | |
932 | if (!buf) | |
411ac6d8 | 933 | return NULL; |
6328fd9c | 934 | |
d6337a5f CB |
935 | for (tok = strtok_r(buf, sep, &saveptr); tok; |
936 | tok = strtok_r(NULL, sep, &saveptr)) { | |
937 | int newentry; | |
938 | char *copy; | |
939 | ||
940 | newentry = append_null_to_list((void ***)&aret); | |
941 | copy = must_copy_string(tok); | |
942 | aret[newentry] = copy; | |
ccb4cabe SH |
943 | } |
944 | ||
d6337a5f | 945 | free(buf); |
ccb4cabe SH |
946 | return aret; |
947 | } | |
948 | ||
d6337a5f CB |
949 | static struct hierarchy *add_hierarchy(char **clist, char *mountpoint, |
950 | char *base_cgroup, int type) | |
ccb4cabe SH |
951 | { |
952 | struct hierarchy *new; | |
953 | int newentry; | |
954 | ||
955 | new = must_alloc(sizeof(*new)); | |
956 | new->controllers = clist; | |
957 | new->mountpoint = mountpoint; | |
958 | new->base_cgroup = base_cgroup; | |
959 | new->fullcgpath = NULL; | |
d6337a5f | 960 | new->version = type; |
6328fd9c | 961 | |
457ca9aa SH |
962 | newentry = append_null_to_list((void ***)&hierarchies); |
963 | hierarchies[newentry] = new; | |
d6337a5f | 964 | return new; |
ccb4cabe SH |
965 | } |
966 | ||
798c3b33 CB |
967 | /* Get a copy of the mountpoint from @line, which is a line from |
968 | * /proc/self/mountinfo. | |
ccb4cabe | 969 | */ |
a3926f6a | 970 | static char *cg_hybrid_get_mountpoint(char *line) |
ccb4cabe SH |
971 | { |
972 | int i; | |
ccb4cabe | 973 | size_t len; |
798c3b33 CB |
974 | char *p2; |
975 | char *p = line, *sret = NULL; | |
ccb4cabe SH |
976 | |
977 | for (i = 0; i < 4; i++) { | |
235f1815 | 978 | p = strchr(p, ' '); |
ccb4cabe SH |
979 | if (!p) |
980 | return NULL; | |
981 | p++; | |
982 | } | |
d6337a5f | 983 | |
798c3b33 | 984 | if (strncmp(p, "/sys/fs/cgroup/", 15) != 0) |
d6337a5f CB |
985 | return NULL; |
986 | ||
987 | p2 = strchr(p + 15, ' '); | |
988 | if (!p2) | |
989 | return NULL; | |
990 | *p2 = '\0'; | |
991 | ||
ccb4cabe SH |
992 | len = strlen(p); |
993 | sret = must_alloc(len + 1); | |
994 | memcpy(sret, p, len); | |
995 | sret[len] = '\0'; | |
996 | return sret; | |
997 | } | |
998 | ||
f523291e | 999 | /* Given a multi-line string, return a null-terminated copy of the current line. */ |
ccb4cabe SH |
1000 | static char *copy_to_eol(char *p) |
1001 | { | |
235f1815 | 1002 | char *p2 = strchr(p, '\n'), *sret; |
ccb4cabe SH |
1003 | size_t len; |
1004 | ||
1005 | if (!p2) | |
1006 | return NULL; | |
1007 | ||
1008 | len = p2 - p; | |
1009 | sret = must_alloc(len + 1); | |
1010 | memcpy(sret, p, len); | |
1011 | sret[len] = '\0'; | |
1012 | return sret; | |
1013 | } | |
1014 | ||
bced39de CB |
1015 | /* cgline: pointer to character after the first ':' in a line in a \n-terminated |
1016 | * /proc/self/cgroup file. Check whether controller c is present. | |
ccb4cabe SH |
1017 | */ |
1018 | static bool controller_in_clist(char *cgline, char *c) | |
1019 | { | |
1020 | char *tok, *saveptr = NULL, *eol, *tmp; | |
1021 | size_t len; | |
1022 | ||
235f1815 | 1023 | eol = strchr(cgline, ':'); |
ccb4cabe SH |
1024 | if (!eol) |
1025 | return false; | |
1026 | ||
1027 | len = eol - cgline; | |
1028 | tmp = alloca(len + 1); | |
1029 | memcpy(tmp, cgline, len); | |
1030 | tmp[len] = '\0'; | |
1031 | ||
1032 | for (tok = strtok_r(tmp, ",", &saveptr); tok; | |
d6337a5f | 1033 | tok = strtok_r(NULL, ",", &saveptr)) { |
ccb4cabe SH |
1034 | if (strcmp(tok, c) == 0) |
1035 | return true; | |
1036 | } | |
d6337a5f | 1037 | |
ccb4cabe SH |
1038 | return false; |
1039 | } | |
1040 | ||
c3ef912e CB |
1041 | /* @basecginfo is a copy of /proc/$$/cgroup. Return the current cgroup for |
1042 | * @controller. | |
ccb4cabe | 1043 | */ |
c3ef912e CB |
1044 | static char *cg_hybrid_get_current_cgroup(char *basecginfo, char *controller, |
1045 | int type) | |
ccb4cabe SH |
1046 | { |
1047 | char *p = basecginfo; | |
6328fd9c | 1048 | |
d6337a5f CB |
1049 | for (;;) { |
1050 | bool is_cgv2_base_cgroup = false; | |
1051 | ||
6328fd9c | 1052 | /* cgroup v2 entry in "/proc/<pid>/cgroup": "0::/some/path" */ |
d6337a5f CB |
1053 | if ((type == CGROUP2_SUPER_MAGIC) && (*p == '0')) |
1054 | is_cgv2_base_cgroup = true; | |
ccb4cabe | 1055 | |
235f1815 | 1056 | p = strchr(p, ':'); |
ccb4cabe SH |
1057 | if (!p) |
1058 | return NULL; | |
1059 | p++; | |
d6337a5f CB |
1060 | |
1061 | if (is_cgv2_base_cgroup || (controller && controller_in_clist(p, controller))) { | |
235f1815 | 1062 | p = strchr(p, ':'); |
ccb4cabe SH |
1063 | if (!p) |
1064 | return NULL; | |
1065 | p++; | |
1066 | return copy_to_eol(p); | |
1067 | } | |
1068 | ||
235f1815 | 1069 | p = strchr(p, '\n'); |
ccb4cabe SH |
1070 | if (!p) |
1071 | return NULL; | |
1072 | p++; | |
1073 | } | |
1074 | } | |
1075 | ||
ccb4cabe SH |
1076 | static void must_append_string(char ***list, char *entry) |
1077 | { | |
6dfb18bf | 1078 | int newentry; |
ccb4cabe SH |
1079 | char *copy; |
1080 | ||
6dfb18bf | 1081 | newentry = append_null_to_list((void ***)list); |
ccb4cabe SH |
1082 | copy = must_copy_string(entry); |
1083 | (*list)[newentry] = copy; | |
1084 | } | |
1085 | ||
d6337a5f | 1086 | static int get_existing_subsystems(char ***klist, char ***nlist) |
ccb4cabe SH |
1087 | { |
1088 | FILE *f; | |
1089 | char *line = NULL; | |
1090 | size_t len = 0; | |
1091 | ||
d6337a5f CB |
1092 | f = fopen("/proc/self/cgroup", "r"); |
1093 | if (!f) | |
1094 | return -1; | |
1095 | ||
ccb4cabe SH |
1096 | while (getline(&line, &len, f) != -1) { |
1097 | char *p, *p2, *tok, *saveptr = NULL; | |
235f1815 | 1098 | p = strchr(line, ':'); |
ccb4cabe SH |
1099 | if (!p) |
1100 | continue; | |
1101 | p++; | |
235f1815 | 1102 | p2 = strchr(p, ':'); |
ccb4cabe SH |
1103 | if (!p2) |
1104 | continue; | |
1105 | *p2 = '\0'; | |
ff8d6ee9 | 1106 | |
6328fd9c CB |
1107 | /* If the kernel has cgroup v2 support, then /proc/self/cgroup |
1108 | * contains an entry of the form: | |
ff8d6ee9 CB |
1109 | * |
1110 | * 0::/some/path | |
1111 | * | |
6328fd9c | 1112 | * In this case we use "cgroup2" as controller name. |
ff8d6ee9 | 1113 | */ |
6328fd9c CB |
1114 | if ((p2 - p) == 0) { |
1115 | must_append_string(klist, "cgroup2"); | |
ff8d6ee9 | 1116 | continue; |
6328fd9c | 1117 | } |
ff8d6ee9 | 1118 | |
ccb4cabe | 1119 | for (tok = strtok_r(p, ",", &saveptr); tok; |
d6337a5f | 1120 | tok = strtok_r(NULL, ",", &saveptr)) { |
ccb4cabe SH |
1121 | if (strncmp(tok, "name=", 5) == 0) |
1122 | must_append_string(nlist, tok); | |
1123 | else | |
1124 | must_append_string(klist, tok); | |
1125 | } | |
1126 | } | |
1127 | ||
1128 | free(line); | |
1129 | fclose(f); | |
d6337a5f | 1130 | return 0; |
ccb4cabe SH |
1131 | } |
1132 | ||
1133 | static void trim(char *s) | |
1134 | { | |
1135 | size_t len = strlen(s); | |
2c28d76b | 1136 | while ((len > 1) && (s[len - 1] == '\n')) |
ccb4cabe SH |
1137 | s[--len] = '\0'; |
1138 | } | |
1139 | ||
e4aeecf5 CB |
1140 | static void lxc_cgfsng_print_handler_data(const struct cgfsng_handler_data *d) |
1141 | { | |
1142 | printf("Cgroup information:\n"); | |
1143 | printf(" container name: %s\n", d->name ? d->name : "(null)"); | |
1144 | printf(" lxc.cgroup.use: %s\n", cgroup_use ? cgroup_use : "(null)"); | |
43654d34 CB |
1145 | printf(" lxc.cgroup.pattern: %s\n", |
1146 | d->cgroup_pattern ? d->cgroup_pattern : "(null)"); | |
1147 | printf(" lxc.cgroup.dir: %s\n", | |
1148 | d->cgroup_meta.dir ? d->cgroup_meta.dir : "(null)"); | |
1149 | printf(" cgroup: %s\n", | |
1150 | d->container_cgroup ? d->container_cgroup : "(null)"); | |
e4aeecf5 CB |
1151 | } |
1152 | ||
1153 | static void lxc_cgfsng_print_hierarchies() | |
ccb4cabe | 1154 | { |
a7b0cc4c | 1155 | struct hierarchy **it; |
ccb4cabe | 1156 | int i; |
41c33dbe | 1157 | |
457ca9aa | 1158 | if (!hierarchies) { |
c2712f64 | 1159 | printf(" No hierarchies found\n"); |
ccb4cabe SH |
1160 | return; |
1161 | } | |
e4aeecf5 | 1162 | printf(" Hierarchies:\n"); |
a7b0cc4c CB |
1163 | for (i = 0, it = hierarchies; it && *it; it++, i++) { |
1164 | char **cit; | |
ccb4cabe | 1165 | int j; |
c2712f64 CB |
1166 | printf(" %d: base_cgroup: %s\n", i, (*it)->base_cgroup ? (*it)->base_cgroup : "(null)"); |
1167 | printf(" mountpoint: %s\n", (*it)->mountpoint ? (*it)->mountpoint : "(null)"); | |
e4aeecf5 | 1168 | printf(" controllers:\n"); |
a7b0cc4c | 1169 | for (j = 0, cit = (*it)->controllers; cit && *cit; cit++, j++) |
e4aeecf5 | 1170 | printf(" %d: %s\n", j, *cit); |
ccb4cabe SH |
1171 | } |
1172 | } | |
41c33dbe | 1173 | |
a3926f6a CB |
1174 | static void lxc_cgfsng_print_basecg_debuginfo(char *basecginfo, char **klist, |
1175 | char **nlist) | |
41c33dbe SH |
1176 | { |
1177 | int k; | |
a7b0cc4c | 1178 | char **it; |
41c33dbe | 1179 | |
a7b0cc4c CB |
1180 | printf("basecginfo is:\n"); |
1181 | printf("%s\n", basecginfo); | |
41c33dbe | 1182 | |
a7b0cc4c CB |
1183 | for (k = 0, it = klist; it && *it; it++, k++) |
1184 | printf("kernel subsystem %d: %s\n", k, *it); | |
1185 | for (k = 0, it = nlist; it && *it; it++, k++) | |
1186 | printf("named subsystem %d: %s\n", k, *it); | |
41c33dbe | 1187 | } |
ccb4cabe | 1188 | |
e4aeecf5 CB |
1189 | static void lxc_cgfsng_print_debuginfo(const struct cgfsng_handler_data *d) |
1190 | { | |
1191 | lxc_cgfsng_print_handler_data(d); | |
1192 | lxc_cgfsng_print_hierarchies(); | |
1193 | } | |
1194 | ||
ccb4cabe SH |
1195 | /* |
1196 | * At startup, parse_hierarchies finds all the info we need about | |
1197 | * cgroup mountpoints and current cgroups, and stores it in @d. | |
1198 | */ | |
a3926f6a | 1199 | static bool cg_hybrid_init(void) |
ccb4cabe | 1200 | { |
d6337a5f CB |
1201 | int ret; |
1202 | char *basecginfo; | |
1203 | bool will_escape; | |
ccb4cabe | 1204 | FILE *f; |
ccb4cabe | 1205 | size_t len = 0; |
d6337a5f CB |
1206 | char *line = NULL; |
1207 | char **klist = NULL, **nlist = NULL; | |
ccb4cabe | 1208 | |
d30ec4cb SH |
1209 | /* |
1210 | * Root spawned containers escape the current cgroup, so use init's | |
1211 | * cgroups as our base in that case. | |
1212 | */ | |
d6337a5f CB |
1213 | will_escape = (geteuid() == 0); |
1214 | if (will_escape) | |
ccb4cabe | 1215 | basecginfo = read_file("/proc/1/cgroup"); |
d6337a5f CB |
1216 | else |
1217 | basecginfo = read_file("/proc/self/cgroup"); | |
ccb4cabe SH |
1218 | if (!basecginfo) |
1219 | return false; | |
1220 | ||
d6337a5f CB |
1221 | ret = get_existing_subsystems(&klist, &nlist); |
1222 | if (ret < 0) { | |
1223 | CGFSNG_DEBUG("Failed to retrieve available cgroup v1 controllers\n"); | |
1224 | free(basecginfo); | |
ccb4cabe SH |
1225 | return false; |
1226 | } | |
1227 | ||
d6337a5f CB |
1228 | f = fopen("/proc/self/mountinfo", "r"); |
1229 | if (!f) { | |
1230 | CGFSNG_DEBUG("Failed to open \"/proc/self/mountinfo\"\n"); | |
bd01b7d5 | 1231 | free(basecginfo); |
d6337a5f CB |
1232 | return false; |
1233 | } | |
41c33dbe | 1234 | |
e4aeecf5 CB |
1235 | if (lxc_cgfsng_debug) |
1236 | lxc_cgfsng_print_basecg_debuginfo(basecginfo, klist, nlist); | |
ccb4cabe | 1237 | |
ccb4cabe | 1238 | while (getline(&line, &len, f) != -1) { |
49ff3958 | 1239 | int type; |
d6337a5f CB |
1240 | bool writeable; |
1241 | struct hierarchy *new; | |
1242 | char *mountpoint = NULL, *base_cgroup = NULL; | |
1243 | char **controller_list = NULL; | |
ccb4cabe | 1244 | |
49ff3958 | 1245 | type = get_cgroup_version(line); |
d6337a5f | 1246 | if (type == 0) |
ccb4cabe SH |
1247 | continue; |
1248 | ||
d6337a5f | 1249 | if (type == CGROUP2_SUPER_MAGIC && unified) |
ccb4cabe SH |
1250 | continue; |
1251 | ||
d6337a5f CB |
1252 | if (cgroup_layout == CGROUP_LAYOUT_UNKNOWN) { |
1253 | if (type == CGROUP2_SUPER_MAGIC) | |
1254 | cgroup_layout = CGROUP_LAYOUT_UNIFIED; | |
1255 | else if (type == CGROUP_SUPER_MAGIC) | |
1256 | cgroup_layout = CGROUP_LAYOUT_LEGACY; | |
1257 | } else if (cgroup_layout == CGROUP_LAYOUT_UNIFIED) { | |
1258 | if (type == CGROUP_SUPER_MAGIC) | |
1259 | cgroup_layout = CGROUP_LAYOUT_HYBRID; | |
1260 | } else if (cgroup_layout == CGROUP_LAYOUT_LEGACY) { | |
1261 | if (type == CGROUP2_SUPER_MAGIC) | |
1262 | cgroup_layout = CGROUP_LAYOUT_HYBRID; | |
ccb4cabe SH |
1263 | } |
1264 | ||
a3926f6a | 1265 | controller_list = cg_hybrid_get_controllers(klist, nlist, line, type); |
d6337a5f CB |
1266 | if (!controller_list && type == CGROUP_SUPER_MAGIC) |
1267 | continue; | |
1268 | ||
1269 | if (type == CGROUP_SUPER_MAGIC) | |
1270 | if (controller_list_is_dup(hierarchies, controller_list)) | |
1271 | goto next; | |
1272 | ||
a3926f6a | 1273 | mountpoint = cg_hybrid_get_mountpoint(line); |
ccb4cabe | 1274 | if (!mountpoint) { |
65d78313 | 1275 | CGFSNG_DEBUG("Failed parsing mountpoint from \"%s\"\n", line); |
d6337a5f | 1276 | goto next; |
ccb4cabe SH |
1277 | } |
1278 | ||
d6337a5f | 1279 | if (type == CGROUP_SUPER_MAGIC) |
a3926f6a | 1280 | base_cgroup = cg_hybrid_get_current_cgroup(basecginfo, controller_list[0], CGROUP_SUPER_MAGIC); |
d6337a5f | 1281 | else |
a3926f6a | 1282 | base_cgroup = cg_hybrid_get_current_cgroup(basecginfo, NULL, CGROUP2_SUPER_MAGIC); |
ccb4cabe | 1283 | if (!base_cgroup) { |
d6337a5f CB |
1284 | CGFSNG_DEBUG("Failed to find current cgroup\n"); |
1285 | goto next; | |
ccb4cabe | 1286 | } |
6328fd9c | 1287 | |
ccb4cabe SH |
1288 | trim(base_cgroup); |
1289 | prune_init_scope(base_cgroup); | |
d6337a5f | 1290 | if (type == CGROUP2_SUPER_MAGIC) |
6328fd9c CB |
1291 | writeable = test_writeable_v2(mountpoint, base_cgroup); |
1292 | else | |
1293 | writeable = test_writeable_v1(mountpoint, base_cgroup); | |
d6337a5f CB |
1294 | if (!writeable) |
1295 | goto next; | |
1296 | ||
1297 | if (type == CGROUP2_SUPER_MAGIC) { | |
1298 | char *cgv2_ctrl_path; | |
1299 | ||
1300 | cgv2_ctrl_path = must_make_path(mountpoint, base_cgroup, | |
1301 | "cgroup.controllers", | |
1302 | NULL); | |
1303 | ||
1304 | controller_list = cg_unified_get_controllers(cgv2_ctrl_path); | |
1305 | free(cgv2_ctrl_path); | |
1306 | if (!controller_list) | |
1307 | controller_list = cg_unified_make_empty_controller(); | |
ccb4cabe | 1308 | } |
d6337a5f CB |
1309 | new = add_hierarchy(controller_list, mountpoint, base_cgroup, type); |
1310 | if (type == CGROUP2_SUPER_MAGIC && !unified) | |
1311 | unified = new; | |
1312 | ||
1313 | continue; | |
1314 | ||
1315 | next: | |
1316 | free_string_list(controller_list); | |
1317 | free(mountpoint); | |
1318 | free(base_cgroup); | |
ccb4cabe SH |
1319 | } |
1320 | ||
1321 | free_string_list(klist); | |
1322 | free_string_list(nlist); | |
1323 | ||
1324 | free(basecginfo); | |
1325 | ||
1326 | fclose(f); | |
1327 | free(line); | |
1328 | ||
e4aeecf5 CB |
1329 | if (lxc_cgfsng_debug) { |
1330 | printf("writeable subsystems:\n"); | |
1331 | lxc_cgfsng_print_hierarchies(); | |
1332 | } | |
1333 | ||
ccb4cabe SH |
1334 | /* verify that all controllers in cgroup.use and all crucial |
1335 | * controllers are accounted for | |
1336 | */ | |
c2712f64 | 1337 | if (!all_controllers_found()) |
ccb4cabe SH |
1338 | return false; |
1339 | ||
1340 | return true; | |
1341 | } | |
1342 | ||
d6337a5f CB |
1343 | static int cg_is_pure_unified(void) { |
1344 | ||
1345 | int ret; | |
1346 | struct statfs fs; | |
1347 | ||
1348 | ret = statfs("/sys/fs/cgroup", &fs); | |
1349 | if (ret < 0) | |
1350 | return -ENOMEDIUM; | |
1351 | ||
1352 | if (is_fs_type(&fs, CGROUP2_SUPER_MAGIC)) | |
1353 | return CGROUP2_SUPER_MAGIC; | |
1354 | ||
1355 | return 0; | |
1356 | } | |
1357 | ||
1358 | /* Get current cgroup from /proc/self/cgroup for the cgroupfs v2 hierarchy. */ | |
a3926f6a | 1359 | static char *cg_unified_get_current_cgroup(void) |
457ca9aa | 1360 | { |
d6337a5f CB |
1361 | char *basecginfo; |
1362 | char *base_cgroup; | |
1363 | bool will_escape; | |
1364 | char *copy = NULL; | |
1365 | ||
1366 | will_escape = (geteuid() == 0); | |
1367 | if (will_escape) | |
1368 | basecginfo = read_file("/proc/1/cgroup"); | |
1369 | else | |
1370 | basecginfo = read_file("/proc/self/cgroup"); | |
1371 | if (!basecginfo) | |
1372 | return NULL; | |
1373 | ||
1374 | base_cgroup = strstr(basecginfo, "0::/"); | |
1375 | if (!base_cgroup) | |
1376 | goto cleanup_on_err; | |
1377 | ||
1378 | base_cgroup = base_cgroup + 3; | |
1379 | copy = copy_to_eol(base_cgroup); | |
1380 | if (!copy) | |
1381 | goto cleanup_on_err; | |
1382 | ||
1383 | cleanup_on_err: | |
1384 | free(basecginfo); | |
1385 | if (copy) | |
1386 | trim(copy); | |
1387 | ||
1388 | return copy; | |
1389 | } | |
1390 | ||
a3926f6a | 1391 | static int cg_unified_init(void) |
d6337a5f CB |
1392 | { |
1393 | int ret; | |
1394 | char *mountpoint, *subtree_path; | |
1395 | char **delegatable; | |
1396 | char *base_cgroup = NULL; | |
1397 | ||
1398 | ret = cg_is_pure_unified(); | |
1399 | if (ret == -ENOMEDIUM) | |
1400 | return -ENOMEDIUM; | |
1401 | ||
1402 | if (ret != CGROUP2_SUPER_MAGIC) | |
1403 | return 0; | |
1404 | ||
a3926f6a | 1405 | base_cgroup = cg_unified_get_current_cgroup(); |
d6337a5f CB |
1406 | if (!base_cgroup) |
1407 | return -EINVAL; | |
1408 | prune_init_scope(base_cgroup); | |
1409 | ||
1410 | /* We assume that we have already been given controllers to delegate | |
1411 | * further down the hierarchy. If not it is up to the user to delegate | |
1412 | * them to us. | |
1413 | */ | |
1414 | mountpoint = must_copy_string("/sys/fs/cgroup"); | |
1415 | subtree_path = must_make_path(mountpoint, base_cgroup, | |
1416 | "cgroup.subtree_control", NULL); | |
1417 | delegatable = cg_unified_get_controllers(subtree_path); | |
1418 | free(subtree_path); | |
1419 | if (!delegatable) | |
1420 | delegatable = cg_unified_make_empty_controller(); | |
1421 | if (!delegatable[0]) | |
1422 | CGFSNG_DEBUG("No controllers are enabled for delegation\n"); | |
1423 | ||
1424 | /* TODO: If the user requested specific controllers via lxc.cgroup.use | |
1425 | * we should verify here. The reason I'm not doing it right is that I'm | |
1426 | * not convinced that lxc.cgroup.use will be the future since it is a | |
1427 | * global property. I much rather have an option that lets you request | |
1428 | * controllers per container. | |
1429 | */ | |
1430 | ||
1431 | add_hierarchy(delegatable, mountpoint, base_cgroup, CGROUP2_SUPER_MAGIC); | |
1432 | unified = hierarchies[0]; | |
1433 | ||
1434 | cgroup_layout = CGROUP_LAYOUT_UNIFIED; | |
1435 | return CGROUP2_SUPER_MAGIC; | |
1436 | } | |
1437 | ||
1438 | static bool cg_init(void) | |
1439 | { | |
1440 | int ret; | |
457ca9aa | 1441 | const char *tmp; |
d6337a5f | 1442 | |
457ca9aa SH |
1443 | errno = 0; |
1444 | tmp = lxc_global_config_value("lxc.cgroup.use"); | |
1a0e70ac | 1445 | if (!cgroup_use && errno != 0) { /* lxc.cgroup.use can be NULL */ |
65d78313 | 1446 | CGFSNG_DEBUG("Failed to retrieve list of cgroups to use\n"); |
457ca9aa SH |
1447 | return false; |
1448 | } | |
1449 | cgroup_use = must_copy_string(tmp); | |
1450 | ||
a3926f6a | 1451 | ret = cg_unified_init(); |
d6337a5f CB |
1452 | if (ret < 0) |
1453 | return false; | |
1454 | ||
1455 | if (ret == CGROUP2_SUPER_MAGIC) | |
1456 | return true; | |
1457 | ||
a3926f6a | 1458 | return cg_hybrid_init(); |
457ca9aa SH |
1459 | } |
1460 | ||
43654d34 | 1461 | static void *cgfsng_init(struct lxc_handler *handler) |
ccb4cabe | 1462 | { |
457ca9aa | 1463 | const char *cgroup_pattern; |
43654d34 | 1464 | struct cgfsng_handler_data *d; |
ccb4cabe SH |
1465 | |
1466 | d = must_alloc(sizeof(*d)); | |
1467 | memset(d, 0, sizeof(*d)); | |
1468 | ||
43654d34 CB |
1469 | /* copy container name */ |
1470 | d->name = must_copy_string(handler->name); | |
1471 | ||
1472 | /* copy per-container cgroup information */ | |
ae5e6c08 CB |
1473 | d->cgroup_meta.dir = NULL; |
1474 | d->cgroup_meta.controllers = NULL; | |
9b5396f9 CB |
1475 | if (handler->conf) { |
1476 | d->cgroup_meta.dir = must_copy_string(handler->conf->cgroup_meta.dir); | |
1477 | d->cgroup_meta.controllers = must_copy_string(handler->conf->cgroup_meta.controllers); | |
1478 | } | |
ccb4cabe | 1479 | |
43654d34 | 1480 | /* copy system-wide cgroup information */ |
ccb4cabe | 1481 | cgroup_pattern = lxc_global_config_value("lxc.cgroup.pattern"); |
43654d34 CB |
1482 | if (!cgroup_pattern) { |
1483 | /* lxc.cgroup.pattern is only NULL on error. */ | |
ccb4cabe SH |
1484 | ERROR("Error getting cgroup pattern"); |
1485 | goto out_free; | |
1486 | } | |
1487 | d->cgroup_pattern = must_copy_string(cgroup_pattern); | |
1488 | ||
d6337a5f CB |
1489 | d->cgroup_layout = cgroup_layout; |
1490 | if (d->cgroup_layout == CGROUP_LAYOUT_LEGACY) | |
1491 | TRACE("Running with legacy cgroup layout"); | |
1492 | else if (d->cgroup_layout == CGROUP_LAYOUT_HYBRID) | |
1493 | TRACE("Running with hybrid cgroup layout"); | |
1494 | else if (d->cgroup_layout == CGROUP_LAYOUT_UNIFIED) | |
1495 | TRACE("Running with unified cgroup layout"); | |
1496 | else | |
1497 | WARN("Running with unknown cgroup layout"); | |
1498 | ||
e4aeecf5 CB |
1499 | if (lxc_cgfsng_debug) |
1500 | lxc_cgfsng_print_debuginfo(d); | |
ccb4cabe SH |
1501 | |
1502 | return d; | |
1503 | ||
1504 | out_free: | |
1505 | free_handler_data(d); | |
1506 | return NULL; | |
1507 | } | |
1508 | ||
bd8ef4e4 | 1509 | static int recursive_destroy(char *dirname) |
ccb4cabe | 1510 | { |
a17f8b3f | 1511 | int ret; |
74f96976 | 1512 | struct dirent *direntp; |
ccb4cabe SH |
1513 | DIR *dir; |
1514 | int r = 0; | |
1515 | ||
1516 | dir = opendir(dirname); | |
1517 | if (!dir) | |
1518 | return -1; | |
1519 | ||
74f96976 | 1520 | while ((direntp = readdir(dir))) { |
ccb4cabe | 1521 | char *pathname; |
a17f8b3f | 1522 | struct stat mystat; |
ccb4cabe | 1523 | |
ccb4cabe SH |
1524 | if (!strcmp(direntp->d_name, ".") || |
1525 | !strcmp(direntp->d_name, "..")) | |
1526 | continue; | |
1527 | ||
1528 | pathname = must_make_path(dirname, direntp->d_name, NULL); | |
1529 | ||
a17f8b3f CB |
1530 | ret = lstat(pathname, &mystat); |
1531 | if (ret < 0) { | |
ccb4cabe | 1532 | if (!r) |
a17f8b3f | 1533 | WARN("Failed to stat %s", pathname); |
ccb4cabe SH |
1534 | r = -1; |
1535 | goto next; | |
1536 | } | |
1537 | ||
1538 | if (!S_ISDIR(mystat.st_mode)) | |
1539 | goto next; | |
a17f8b3f | 1540 | |
bd8ef4e4 | 1541 | ret = recursive_destroy(pathname); |
a17f8b3f | 1542 | if (ret < 0) |
ccb4cabe | 1543 | r = -1; |
bd8ef4e4 | 1544 | next: |
ccb4cabe SH |
1545 | free(pathname); |
1546 | } | |
1547 | ||
a17f8b3f CB |
1548 | ret = rmdir(dirname); |
1549 | if (ret < 0) { | |
ccb4cabe | 1550 | if (!r) |
bd8ef4e4 CB |
1551 | WARN("%s - Failed to delete \"%s\"", strerror(errno), |
1552 | dirname); | |
ccb4cabe SH |
1553 | r = -1; |
1554 | } | |
1555 | ||
a17f8b3f CB |
1556 | ret = closedir(dir); |
1557 | if (ret < 0) { | |
ccb4cabe | 1558 | if (!r) |
bd8ef4e4 CB |
1559 | WARN("%s - Failed to delete \"%s\"", strerror(errno), |
1560 | dirname); | |
ccb4cabe SH |
1561 | r = -1; |
1562 | } | |
a17f8b3f | 1563 | |
ccb4cabe SH |
1564 | return r; |
1565 | } | |
1566 | ||
bd8ef4e4 CB |
1567 | static int cgroup_rmdir(char *container_cgroup) |
1568 | { | |
1569 | int i; | |
1570 | ||
1571 | if (!container_cgroup || !hierarchies) | |
1572 | return 0; | |
1573 | ||
1574 | for (i = 0; hierarchies[i]; i++) { | |
1575 | int ret; | |
1576 | struct hierarchy *h = hierarchies[i]; | |
1577 | ||
1578 | if (!h->fullcgpath) | |
1579 | continue; | |
1580 | ||
1581 | ret = recursive_destroy(h->fullcgpath); | |
1582 | if (ret < 0) | |
1583 | WARN("Failed to destroy \"%s\"", h->fullcgpath); | |
1584 | ||
1585 | free(h->fullcgpath); | |
1586 | h->fullcgpath = NULL; | |
1587 | } | |
1588 | ||
1589 | return 0; | |
1590 | } | |
1591 | ||
4160c3a0 CB |
1592 | struct generic_userns_exec_data { |
1593 | struct cgfsng_handler_data *d; | |
1594 | struct lxc_conf *conf; | |
1595 | uid_t origuid; /* target uid in parent namespace */ | |
1596 | char *path; | |
1597 | }; | |
1598 | ||
bd8ef4e4 | 1599 | static int cgroup_rmdir_wrapper(void *data) |
ccb4cabe | 1600 | { |
6efacf80 | 1601 | int ret; |
4160c3a0 CB |
1602 | struct generic_userns_exec_data *arg = data; |
1603 | uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid; | |
1604 | gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid; | |
ccb4cabe | 1605 | |
6efacf80 CB |
1606 | ret = setresgid(nsgid, nsgid, nsgid); |
1607 | if (ret < 0) { | |
1608 | SYSERROR("Failed to setresgid(%d, %d, %d)", (int)nsgid, | |
1609 | (int)nsgid, (int)nsgid); | |
1610 | return -1; | |
1611 | } | |
1612 | ||
1613 | ret = setresuid(nsuid, nsuid, nsuid); | |
1614 | if (ret < 0) { | |
1615 | SYSERROR("Failed to setresuid(%d, %d, %d)", (int)nsuid, | |
1616 | (int)nsuid, (int)nsuid); | |
1617 | return -1; | |
1618 | } | |
1619 | ||
1620 | ret = setgroups(0, NULL); | |
1621 | if (ret < 0 && errno != EPERM) { | |
1622 | SYSERROR("Failed to setgroups(0, NULL)"); | |
1623 | return -1; | |
1624 | } | |
ccb4cabe | 1625 | |
bd8ef4e4 | 1626 | return cgroup_rmdir(arg->d->container_cgroup); |
ccb4cabe SH |
1627 | } |
1628 | ||
bd8ef4e4 | 1629 | static void cgfsng_destroy(void *hdata, struct lxc_conf *conf) |
ccb4cabe | 1630 | { |
bd8ef4e4 CB |
1631 | int ret; |
1632 | struct cgfsng_handler_data *d = hdata; | |
4160c3a0 CB |
1633 | struct generic_userns_exec_data wrap; |
1634 | ||
bd8ef4e4 CB |
1635 | if (!d) |
1636 | return; | |
1637 | ||
4160c3a0 | 1638 | wrap.origuid = 0; |
bd8ef4e4 | 1639 | wrap.d = hdata; |
4160c3a0 CB |
1640 | wrap.conf = conf; |
1641 | ||
ccb4cabe | 1642 | if (conf && !lxc_list_empty(&conf->id_map)) |
bd8ef4e4 CB |
1643 | ret = userns_exec_1(conf, cgroup_rmdir_wrapper, &wrap, |
1644 | "cgroup_rmdir_wrapper"); | |
ccb4cabe | 1645 | else |
bd8ef4e4 CB |
1646 | ret = cgroup_rmdir(d->container_cgroup); |
1647 | if (ret < 0) { | |
1648 | WARN("Failed to destroy cgroups"); | |
ccb4cabe | 1649 | return; |
ccb4cabe SH |
1650 | } |
1651 | ||
1652 | free_handler_data(d); | |
1653 | } | |
1654 | ||
1655 | struct cgroup_ops *cgfsng_ops_init(void) | |
1656 | { | |
e4aeecf5 CB |
1657 | if (getenv("LXC_DEBUG_CGFSNG")) |
1658 | lxc_cgfsng_debug = true; | |
1659 | ||
d6337a5f | 1660 | if (!cg_init()) |
457ca9aa | 1661 | return NULL; |
e4aeecf5 | 1662 | |
ccb4cabe SH |
1663 | return &cgfsng_ops; |
1664 | } | |
1665 | ||
a3926f6a | 1666 | static bool cg_unified_create_cgroup(struct hierarchy *h, char *cgname) |
0c3deb94 CB |
1667 | { |
1668 | char **it; | |
1669 | size_t i, parts_len; | |
1670 | size_t full_len = 0; | |
1671 | char *add_controllers = NULL, *cgroup = NULL; | |
1672 | char **parts = NULL; | |
1673 | bool bret = false; | |
1674 | ||
1675 | if (h->version != CGROUP2_SUPER_MAGIC) | |
1676 | return true; | |
1677 | ||
1678 | if (!h->controllers) | |
1679 | return true; | |
1680 | ||
1681 | /* For now we simply enable all controllers that we have detected by | |
1682 | * creating a string like "+memory +pids +cpu +io". | |
1683 | * TODO: In the near future we might want to support "-<controller>" | |
1684 | * etc. but whether supporting semantics like this make sense will need | |
1685 | * some thinking. | |
1686 | */ | |
1687 | for (it = h->controllers; it && *it; it++) { | |
1688 | full_len += strlen(*it) + 2; | |
1689 | add_controllers = must_realloc(add_controllers, full_len + 1); | |
1690 | if (h->controllers[0] == *it) | |
1691 | add_controllers[0] = '\0'; | |
1692 | strcat(add_controllers, "+"); | |
1693 | strcat(add_controllers, *it); | |
1694 | if ((it + 1) && *(it + 1)) | |
1695 | strcat(add_controllers, " "); | |
1696 | } | |
1697 | ||
1698 | parts = lxc_string_split(cgname, '/'); | |
1699 | if (!parts) | |
1700 | goto on_error; | |
1701 | parts_len = lxc_array_len((void **)parts); | |
1702 | if (parts_len > 0) | |
1703 | parts_len--; | |
1704 | ||
1705 | cgroup = must_make_path(h->mountpoint, h->base_cgroup, NULL); | |
1706 | for (i = 0; i < parts_len; i++) { | |
1707 | int ret; | |
1708 | char *target; | |
1709 | ||
1710 | cgroup = must_append_path(cgroup, parts[i], NULL); | |
1711 | target = must_make_path(cgroup, "cgroup.subtree_control", NULL); | |
1712 | ret = lxc_write_to_file(target, add_controllers, full_len, false); | |
1713 | free(target); | |
1714 | if (ret < 0) { | |
1715 | SYSERROR("Could not enable \"%s\" controllers in the " | |
1716 | "unified cgroup \"%s\"", add_controllers, cgroup); | |
1717 | goto on_error; | |
1718 | } | |
1719 | } | |
1720 | ||
1721 | bret = true; | |
1722 | ||
1723 | on_error: | |
1724 | lxc_free_array((void **)parts, free); | |
1725 | free(add_controllers); | |
1726 | free(cgroup); | |
1727 | return bret; | |
1728 | } | |
1729 | ||
ccb4cabe SH |
1730 | static bool create_path_for_hierarchy(struct hierarchy *h, char *cgname) |
1731 | { | |
0c3deb94 CB |
1732 | int ret; |
1733 | ||
e3a3fecf | 1734 | h->fullcgpath = must_make_path(h->mountpoint, h->base_cgroup, cgname, NULL); |
1a0e70ac | 1735 | if (dir_exists(h->fullcgpath)) { /* it must not already exist */ |
0c3deb94 | 1736 | ERROR("cgroup \"%s\" already existed", h->fullcgpath); |
d8da679e | 1737 | return false; |
6f9584d8 | 1738 | } |
0c3deb94 | 1739 | |
a3926f6a | 1740 | if (!cg_legacy_handle_cpuset_hierarchy(h, cgname)) { |
0c3deb94 CB |
1741 | ERROR("Failed to handle cgroupfs v1 cpuset controller"); |
1742 | return false; | |
1743 | } | |
1744 | ||
1745 | ret = mkdir_p(h->fullcgpath, 0755); | |
1746 | if (ret < 0) { | |
1747 | ERROR("Failed to create cgroup \"%s\"", h->fullcgpath); | |
e3a3fecf | 1748 | return false; |
6f9584d8 | 1749 | } |
0c3deb94 | 1750 | |
a3926f6a | 1751 | return cg_unified_create_cgroup(h, cgname); |
ccb4cabe SH |
1752 | } |
1753 | ||
1754 | static void remove_path_for_hierarchy(struct hierarchy *h, char *cgname) | |
1755 | { | |
1756 | if (rmdir(h->fullcgpath) < 0) | |
1757 | SYSERROR("Failed to clean up cgroup %s from failed creation attempt", h->fullcgpath); | |
1758 | free(h->fullcgpath); | |
1759 | h->fullcgpath = NULL; | |
1760 | } | |
1761 | ||
1762 | /* | |
d30ec4cb | 1763 | * Try to create the same cgroup in all hierarchies. |
ccb4cabe SH |
1764 | * Start with cgroup_pattern; next cgroup_pattern-1, -2, ..., -999 |
1765 | */ | |
1766 | static inline bool cgfsng_create(void *hdata) | |
1767 | { | |
bb30b52a | 1768 | int i; |
ccb4cabe | 1769 | size_t len; |
0c3deb94 | 1770 | char *container_cgroup, *offset, *tmp; |
7d531e9b CB |
1771 | int idx = 0; |
1772 | struct cgfsng_handler_data *d = hdata; | |
ccb4cabe SH |
1773 | |
1774 | if (!d) | |
1775 | return false; | |
43654d34 | 1776 | |
ccb4cabe SH |
1777 | if (d->container_cgroup) { |
1778 | WARN("cgfsng_create called a second time"); | |
1779 | return false; | |
1780 | } | |
1781 | ||
43654d34 | 1782 | if (d->cgroup_meta.dir) |
7d531e9b | 1783 | tmp = lxc_string_join("/", (const char *[]){d->cgroup_meta.dir, d->name, NULL}, false); |
43654d34 CB |
1784 | else |
1785 | tmp = lxc_string_replace("%n", d->name, d->cgroup_pattern); | |
ccb4cabe SH |
1786 | if (!tmp) { |
1787 | ERROR("Failed expanding cgroup name pattern"); | |
1788 | return false; | |
1789 | } | |
1a0e70ac | 1790 | len = strlen(tmp) + 5; /* leave room for -NNN\0 */ |
0c3deb94 CB |
1791 | container_cgroup = must_alloc(len); |
1792 | strcpy(container_cgroup, tmp); | |
ccb4cabe | 1793 | free(tmp); |
0c3deb94 | 1794 | offset = container_cgroup + len - 5; |
ccb4cabe SH |
1795 | |
1796 | again: | |
95adfe93 SH |
1797 | if (idx == 1000) { |
1798 | ERROR("Too many conflicting cgroup names"); | |
ccb4cabe | 1799 | goto out_free; |
95adfe93 | 1800 | } |
66b66624 | 1801 | if (idx) { |
bb30b52a CB |
1802 | int ret; |
1803 | ||
66b66624 CB |
1804 | ret = snprintf(offset, 5, "-%d", idx); |
1805 | if (ret < 0 || (size_t)ret >= 5) { | |
1806 | FILE *f = fopen("/dev/null", "w"); | |
97ebced3 | 1807 | if (f) { |
66b66624 CB |
1808 | fprintf(f, "Workaround for GCC7 bug: " |
1809 | "https://gcc.gnu.org/bugzilla/" | |
1810 | "show_bug.cgi?id=78969"); | |
1811 | fclose(f); | |
1812 | } | |
1813 | } | |
1814 | } | |
457ca9aa | 1815 | for (i = 0; hierarchies[i]; i++) { |
0c3deb94 | 1816 | if (!create_path_for_hierarchy(hierarchies[i], container_cgroup)) { |
ccb4cabe | 1817 | int j; |
1a0e70ac | 1818 | ERROR("Failed to create \"%s\"", hierarchies[i]->fullcgpath); |
457ca9aa SH |
1819 | free(hierarchies[i]->fullcgpath); |
1820 | hierarchies[i]->fullcgpath = NULL; | |
ccb4cabe | 1821 | for (j = 0; j < i; j++) |
0c3deb94 | 1822 | remove_path_for_hierarchy(hierarchies[j], container_cgroup); |
ccb4cabe SH |
1823 | idx++; |
1824 | goto again; | |
1825 | } | |
1826 | } | |
1827 | /* Done */ | |
0c3deb94 | 1828 | d->container_cgroup = container_cgroup; |
ccb4cabe SH |
1829 | return true; |
1830 | ||
1831 | out_free: | |
0c3deb94 | 1832 | free(container_cgroup); |
ccb4cabe SH |
1833 | return false; |
1834 | } | |
1835 | ||
ccb4cabe SH |
1836 | static bool cgfsng_enter(void *hdata, pid_t pid) |
1837 | { | |
ccb4cabe SH |
1838 | char pidstr[25]; |
1839 | int i, len; | |
1840 | ||
1841 | len = snprintf(pidstr, 25, "%d", pid); | |
1842 | if (len < 0 || len > 25) | |
1843 | return false; | |
1844 | ||
457ca9aa SH |
1845 | for (i = 0; hierarchies[i]; i++) { |
1846 | char *fullpath = must_make_path(hierarchies[i]->fullcgpath, | |
ccb4cabe SH |
1847 | "cgroup.procs", NULL); |
1848 | if (lxc_write_to_file(fullpath, pidstr, len, false) != 0) { | |
d3b00a8f | 1849 | SYSERROR("Failed to enter %s", fullpath); |
ccb4cabe SH |
1850 | free(fullpath); |
1851 | return false; | |
1852 | } | |
1853 | free(fullpath); | |
1854 | } | |
1855 | ||
1856 | return true; | |
1857 | } | |
1858 | ||
6efacf80 CB |
1859 | static int chowmod(char *path, uid_t chown_uid, gid_t chown_gid, |
1860 | mode_t chmod_mode) | |
1861 | { | |
1862 | int ret; | |
1863 | ||
1864 | ret = chown(path, chown_uid, chown_gid); | |
1865 | if (ret < 0) { | |
1866 | WARN("%s - Failed to chown(%s, %d, %d)", strerror(errno), path, | |
1867 | (int)chown_uid, (int)chown_gid); | |
1868 | return -1; | |
1869 | } | |
1870 | ||
1871 | ret = chmod(path, chmod_mode); | |
1872 | if (ret < 0) { | |
1873 | WARN("%s - Failed to chmod(%s, %d)", strerror(errno), path, | |
1874 | (int)chmod_mode); | |
1875 | return -1; | |
1876 | } | |
1877 | ||
1878 | return 0; | |
1879 | } | |
1880 | ||
1881 | /* chgrp the container cgroups to container group. We leave | |
c0888dfe SH |
1882 | * the container owner as cgroup owner. So we must make the |
1883 | * directories 775 so that the container can create sub-cgroups. | |
43647298 SH |
1884 | * |
1885 | * Also chown the tasks and cgroup.procs files. Those may not | |
1886 | * exist depending on kernel version. | |
c0888dfe | 1887 | */ |
ccb4cabe SH |
1888 | static int chown_cgroup_wrapper(void *data) |
1889 | { | |
6efacf80 | 1890 | int i, ret; |
4160c3a0 CB |
1891 | uid_t destuid; |
1892 | struct generic_userns_exec_data *arg = data; | |
1893 | uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid; | |
1894 | gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid; | |
ccb4cabe | 1895 | |
6efacf80 CB |
1896 | ret = setresgid(nsgid, nsgid, nsgid); |
1897 | if (ret < 0) { | |
1898 | SYSERROR("Failed to setresgid(%d, %d, %d)", | |
1899 | (int)nsgid, (int)nsgid, (int)nsgid); | |
1900 | return -1; | |
1901 | } | |
1902 | ||
1903 | ret = setresuid(nsuid, nsuid, nsuid); | |
1904 | if (ret < 0) { | |
1905 | SYSERROR("Failed to setresuid(%d, %d, %d)", | |
1906 | (int)nsuid, (int)nsuid, (int)nsuid); | |
1907 | return -1; | |
1908 | } | |
1909 | ||
1910 | ret = setgroups(0, NULL); | |
1911 | if (ret < 0 && errno != EPERM) { | |
1912 | SYSERROR("Failed to setgroups(0, NULL)"); | |
1913 | return -1; | |
1914 | } | |
ccb4cabe SH |
1915 | |
1916 | destuid = get_ns_uid(arg->origuid); | |
1917 | ||
457ca9aa | 1918 | for (i = 0; hierarchies[i]; i++) { |
6efacf80 CB |
1919 | char *fullpath; |
1920 | char *path = hierarchies[i]->fullcgpath; | |
43647298 | 1921 | |
63e42fee | 1922 | ret = chowmod(path, destuid, nsgid, 0775); |
6efacf80 | 1923 | if (ret < 0) |
ccb4cabe | 1924 | return -1; |
c0888dfe | 1925 | |
6efacf80 CB |
1926 | /* Failures to chown() these are inconvenient but not |
1927 | * detrimental We leave these owned by the container launcher, | |
1928 | * so that container root can write to the files to attach. We | |
1929 | * chmod() them 664 so that container systemd can write to the | |
1930 | * files (which systemd in wily insists on doing). | |
ab8f5424 | 1931 | */ |
6efacf80 CB |
1932 | |
1933 | if (hierarchies[i]->version == CGROUP_SUPER_MAGIC) { | |
1934 | fullpath = must_make_path(path, "tasks", NULL); | |
1935 | (void)chowmod(fullpath, destuid, nsgid, 0664); | |
1936 | free(fullpath); | |
1937 | } | |
43647298 SH |
1938 | |
1939 | fullpath = must_make_path(path, "cgroup.procs", NULL); | |
6efacf80 | 1940 | (void)chowmod(fullpath, destuid, 0, 0664); |
ccb4cabe | 1941 | free(fullpath); |
0e17357c | 1942 | |
d6337a5f | 1943 | if (hierarchies[i]->version != CGROUP2_SUPER_MAGIC) |
0e17357c CB |
1944 | continue; |
1945 | ||
1946 | fullpath = must_make_path(path, "cgroup.subtree_control", NULL); | |
6efacf80 | 1947 | (void)chowmod(fullpath, destuid, nsgid, 0664); |
0e17357c CB |
1948 | free(fullpath); |
1949 | ||
1950 | fullpath = must_make_path(path, "cgroup.threads", NULL); | |
6efacf80 | 1951 | (void)chowmod(fullpath, destuid, nsgid, 0664); |
0e17357c | 1952 | free(fullpath); |
ccb4cabe SH |
1953 | } |
1954 | ||
1955 | return 0; | |
1956 | } | |
1957 | ||
058c1cb6 | 1958 | static bool cgfsng_chown(void *hdata, struct lxc_conf *conf) |
ccb4cabe SH |
1959 | { |
1960 | struct cgfsng_handler_data *d = hdata; | |
4160c3a0 | 1961 | struct generic_userns_exec_data wrap; |
ccb4cabe SH |
1962 | |
1963 | if (!d) | |
1964 | return false; | |
1965 | ||
1966 | if (lxc_list_empty(&conf->id_map)) | |
1967 | return true; | |
1968 | ||
ccb4cabe | 1969 | wrap.origuid = geteuid(); |
4160c3a0 CB |
1970 | wrap.path = NULL; |
1971 | wrap.d = d; | |
1972 | wrap.conf = conf; | |
ccb4cabe | 1973 | |
c9b7c33e CB |
1974 | if (userns_exec_1(conf, chown_cgroup_wrapper, &wrap, |
1975 | "chown_cgroup_wrapper") < 0) { | |
ccb4cabe SH |
1976 | ERROR("Error requesting cgroup chown in new namespace"); |
1977 | return false; | |
1978 | } | |
1979 | ||
1980 | return true; | |
1981 | } | |
1982 | ||
8aa1044f SH |
1983 | /* |
1984 | * We've safe-mounted a tmpfs as parent, so we don't need to protect against | |
1985 | * symlinks any more - just use mount | |
1986 | */ | |
1987 | ||
1988 | /* mount cgroup-full if requested */ | |
1989 | static int mount_cgroup_full(int type, struct hierarchy *h, char *dest, | |
a3926f6a | 1990 | char *container_cgroup) |
8aa1044f SH |
1991 | { |
1992 | if (type < LXC_AUTO_CGROUP_FULL_RO || type > LXC_AUTO_CGROUP_FULL_MIXED) | |
1993 | return 0; | |
1994 | if (mount(h->mountpoint, dest, "cgroup", MS_BIND, NULL) < 0) { | |
1995 | SYSERROR("Error bind-mounting %s cgroup onto %s", h->mountpoint, | |
1996 | dest); | |
1997 | return -1; | |
1998 | } | |
1999 | if (type != LXC_AUTO_CGROUP_FULL_RW) { | |
5b6f9369 SH |
2000 | unsigned long flags = MS_BIND | MS_NOSUID | MS_NOEXEC | MS_NODEV | |
2001 | MS_REMOUNT | MS_RDONLY; | |
2002 | if (mount(NULL, dest, "cgroup", flags, NULL) < 0) { | |
8aa1044f SH |
2003 | SYSERROR("Error remounting %s readonly", dest); |
2004 | return -1; | |
2005 | } | |
2006 | } | |
2007 | ||
2008 | INFO("Bind mounted %s onto %s", h->mountpoint, dest); | |
2009 | if (type != LXC_AUTO_CGROUP_FULL_MIXED) | |
2010 | return 0; | |
2011 | ||
2012 | /* mount just the container path rw */ | |
2013 | char *source = must_make_path(h->mountpoint, h->base_cgroup, container_cgroup, NULL); | |
5b6f9369 | 2014 | char *rwpath = must_make_path(dest, h->base_cgroup, container_cgroup, NULL); |
8aa1044f | 2015 | if (mount(source, rwpath, "cgroup", MS_BIND, NULL) < 0) |
13277ec4 | 2016 | WARN("Failed to mount %s read-write: %s", rwpath, |
2017 | strerror(errno)); | |
8aa1044f SH |
2018 | INFO("Made %s read-write", rwpath); |
2019 | free(rwpath); | |
2020 | free(source); | |
2021 | return 0; | |
2022 | } | |
2023 | ||
2024 | /* cgroup-full:* is done, no need to create subdirs */ | |
2025 | static bool cg_mount_needs_subdirs(int type) | |
2026 | { | |
2027 | if (type >= LXC_AUTO_CGROUP_FULL_RO) | |
2028 | return false; | |
a3926f6a | 2029 | |
8aa1044f SH |
2030 | return true; |
2031 | } | |
2032 | ||
886cac86 CB |
2033 | /* After $rootfs/sys/fs/container/controller/the/cg/path has been created, |
2034 | * remount controller ro if needed and bindmount the cgroupfs onto | |
2035 | * controll/the/cg/path. | |
8aa1044f | 2036 | */ |
a3926f6a CB |
2037 | static int do_secondstage_mounts_if_needed(int type, struct hierarchy *h, |
2038 | char *controllerpath, char *cgpath, | |
2039 | const char *container_cgroup) | |
8aa1044f | 2040 | { |
5285689c | 2041 | int ret, remount_flags; |
886cac86 CB |
2042 | char *sourcepath; |
2043 | int flags = MS_BIND; | |
2044 | ||
8aa1044f | 2045 | if (type == LXC_AUTO_CGROUP_RO || type == LXC_AUTO_CGROUP_MIXED) { |
886cac86 CB |
2046 | ret = mount(controllerpath, controllerpath, "cgroup", MS_BIND, NULL); |
2047 | if (ret < 0) { | |
2048 | SYSERROR("Failed to bind mount \"%s\" onto \"%s\"", | |
2049 | controllerpath, controllerpath); | |
8aa1044f SH |
2050 | return -1; |
2051 | } | |
886cac86 | 2052 | |
5285689c CB |
2053 | remount_flags = add_required_remount_flags(controllerpath, |
2054 | controllerpath, | |
2055 | flags | MS_REMOUNT); | |
886cac86 CB |
2056 | ret = mount(controllerpath, controllerpath, "cgroup", |
2057 | MS_REMOUNT | MS_BIND | MS_RDONLY, NULL); | |
2058 | if (ret < 0) { | |
2059 | SYSERROR("Failed to remount \"%s\" ro", controllerpath); | |
8aa1044f SH |
2060 | return -1; |
2061 | } | |
886cac86 | 2062 | |
8aa1044f SH |
2063 | INFO("Remounted %s read-only", controllerpath); |
2064 | } | |
886cac86 CB |
2065 | |
2066 | sourcepath = must_make_path(h->mountpoint, h->base_cgroup, | |
2067 | container_cgroup, NULL); | |
8aa1044f SH |
2068 | if (type == LXC_AUTO_CGROUP_RO) |
2069 | flags |= MS_RDONLY; | |
886cac86 CB |
2070 | |
2071 | ret = mount(sourcepath, cgpath, "cgroup", flags, NULL); | |
2072 | if (ret < 0) { | |
2073 | SYSERROR("Failed to mount \"%s\" onto \"%s\"", h->controllers[0], cgpath); | |
8aa1044f | 2074 | free(sourcepath); |
8aa1044f SH |
2075 | return -1; |
2076 | } | |
886cac86 | 2077 | INFO("Mounted \"%s\" onto \"%s\"", h->controllers[0], cgpath); |
f8c40ffa L |
2078 | |
2079 | if (flags & MS_RDONLY) { | |
5285689c CB |
2080 | remount_flags = add_required_remount_flags(sourcepath, cgpath, |
2081 | flags | MS_REMOUNT); | |
2082 | ret = mount(sourcepath, cgpath, "cgroup", remount_flags, NULL); | |
886cac86 CB |
2083 | if (ret < 0) { |
2084 | SYSERROR("Failed to remount \"%s\" ro", cgpath); | |
f8c40ffa | 2085 | free(sourcepath); |
f8c40ffa L |
2086 | return -1; |
2087 | } | |
5285689c | 2088 | INFO("Remounted %s read-only", cgpath); |
f8c40ffa L |
2089 | } |
2090 | ||
8aa1044f | 2091 | free(sourcepath); |
886cac86 | 2092 | INFO("Completed second stage cgroup automounts for \"%s\"", cgpath); |
8aa1044f SH |
2093 | return 0; |
2094 | } | |
2095 | ||
5285689c CB |
2096 | static int cg_mount_in_cgroup_namespace(int type, struct hierarchy *h, |
2097 | const char *controllerpath) | |
b635e92d CB |
2098 | { |
2099 | int ret; | |
2100 | char *controllers = NULL; | |
a760603e CB |
2101 | char *fstype = "cgroup2"; |
2102 | unsigned long flags = 0; | |
b635e92d | 2103 | |
a760603e CB |
2104 | flags |= MS_NOSUID; |
2105 | flags |= MS_NOEXEC; | |
2106 | flags |= MS_NODEV; | |
2107 | flags |= MS_RELATIME; | |
2108 | ||
2109 | if (type == LXC_AUTO_CGROUP_RO || type == LXC_AUTO_CGROUP_FULL_RO) | |
2110 | flags |= MS_RDONLY; | |
2111 | ||
d6337a5f | 2112 | if (h->version != CGROUP2_SUPER_MAGIC) { |
a760603e CB |
2113 | controllers = lxc_string_join(",", (const char **)h->controllers, false); |
2114 | if (!controllers) | |
2115 | return -ENOMEM; | |
2116 | fstype = "cgroup"; | |
b635e92d CB |
2117 | } |
2118 | ||
a760603e | 2119 | ret = mount("cgroup", controllerpath, fstype, flags, controllers); |
b635e92d CB |
2120 | free(controllers); |
2121 | if (ret < 0) { | |
a760603e | 2122 | SYSERROR("Failed to mount %s with cgroup filesystem type %s", controllerpath, fstype); |
b635e92d CB |
2123 | return -1; |
2124 | } | |
2125 | ||
a760603e | 2126 | DEBUG("Mounted %s with cgroup filesystem type %s", controllerpath, fstype); |
b635e92d CB |
2127 | return 0; |
2128 | } | |
2129 | ||
ccb4cabe SH |
2130 | static bool cgfsng_mount(void *hdata, const char *root, int type) |
2131 | { | |
3f69fb12 | 2132 | int i, ret; |
8aa1044f SH |
2133 | char *tmpfspath = NULL; |
2134 | bool retval = false; | |
b635e92d CB |
2135 | struct lxc_handler *handler = hdata; |
2136 | struct cgfsng_handler_data *d = handler->cgroup_data; | |
3f69fb12 | 2137 | bool has_cgns = false, wants_force_mount = false; |
8aa1044f SH |
2138 | |
2139 | if ((type & LXC_AUTO_CGROUP_MASK) == 0) | |
2140 | return true; | |
2141 | ||
3f69fb12 SY |
2142 | if (type & LXC_AUTO_CGROUP_FORCE) { |
2143 | type &= ~LXC_AUTO_CGROUP_FORCE; | |
2144 | wants_force_mount = true; | |
2145 | } | |
b635e92d | 2146 | |
3f69fb12 SY |
2147 | if (!wants_force_mount){ |
2148 | if (!lxc_list_empty(&handler->conf->keepcaps)) | |
2149 | wants_force_mount = !in_caplist(CAP_SYS_ADMIN, &handler->conf->keepcaps); | |
2150 | else | |
2151 | wants_force_mount = in_caplist(CAP_SYS_ADMIN, &handler->conf->caps); | |
2152 | } | |
8aa1044f | 2153 | |
3f69fb12 SY |
2154 | has_cgns = cgns_supported(); |
2155 | if (has_cgns && !wants_force_mount) | |
2156 | return true; | |
8aa1044f SH |
2157 | |
2158 | if (type == LXC_AUTO_CGROUP_NOSPEC) | |
2159 | type = LXC_AUTO_CGROUP_MIXED; | |
2160 | else if (type == LXC_AUTO_CGROUP_FULL_NOSPEC) | |
2161 | type = LXC_AUTO_CGROUP_FULL_MIXED; | |
2162 | ||
2163 | /* Mount tmpfs */ | |
3f69fb12 SY |
2164 | tmpfspath = must_make_path(root, "/sys/fs/cgroup", NULL); |
2165 | ret = safe_mount("cgroup_root", tmpfspath, "tmpfs", | |
2166 | MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME, | |
2167 | "size=10240k,mode=755", root); | |
2168 | if (ret < 0) | |
2169 | goto on_error; | |
8aa1044f | 2170 | |
457ca9aa | 2171 | for (i = 0; hierarchies[i]; i++) { |
8aa1044f | 2172 | char *controllerpath, *path2; |
457ca9aa | 2173 | struct hierarchy *h = hierarchies[i]; |
8aa1044f | 2174 | char *controller = strrchr(h->mountpoint, '/'); |
8aa1044f SH |
2175 | |
2176 | if (!controller) | |
2177 | continue; | |
2178 | controller++; | |
2179 | controllerpath = must_make_path(tmpfspath, controller, NULL); | |
2180 | if (dir_exists(controllerpath)) { | |
2181 | free(controllerpath); | |
2182 | continue; | |
2183 | } | |
3f69fb12 SY |
2184 | ret = mkdir(controllerpath, 0755); |
2185 | if (ret < 0) { | |
8aa1044f SH |
2186 | SYSERROR("Error creating cgroup path: %s", controllerpath); |
2187 | free(controllerpath); | |
3f69fb12 | 2188 | goto on_error; |
8aa1044f | 2189 | } |
b635e92d | 2190 | |
3f69fb12 | 2191 | if (has_cgns && wants_force_mount) { |
b635e92d CB |
2192 | /* If cgroup namespaces are supported but the container |
2193 | * will not have CAP_SYS_ADMIN after it has started we | |
2194 | * need to mount the cgroups manually. | |
2195 | */ | |
3f69fb12 | 2196 | ret = cg_mount_in_cgroup_namespace(type, h, controllerpath); |
b635e92d | 2197 | free(controllerpath); |
3f69fb12 SY |
2198 | if (ret < 0) |
2199 | goto on_error; | |
2200 | ||
b635e92d CB |
2201 | continue; |
2202 | } | |
2203 | ||
3f69fb12 SY |
2204 | ret = mount_cgroup_full(type, h, controllerpath, d->container_cgroup); |
2205 | if (ret < 0) { | |
8aa1044f | 2206 | free(controllerpath); |
3f69fb12 | 2207 | goto on_error; |
8aa1044f | 2208 | } |
3f69fb12 | 2209 | |
8aa1044f SH |
2210 | if (!cg_mount_needs_subdirs(type)) { |
2211 | free(controllerpath); | |
2212 | continue; | |
2213 | } | |
3f69fb12 SY |
2214 | |
2215 | path2 = must_make_path(controllerpath, h->base_cgroup, | |
2216 | d->container_cgroup, NULL); | |
2217 | ret = mkdir_p(path2, 0755); | |
2218 | if (ret < 0) { | |
8aa1044f | 2219 | free(controllerpath); |
8e0c6620 | 2220 | free(path2); |
3f69fb12 | 2221 | goto on_error; |
8aa1044f | 2222 | } |
2f62fb00 | 2223 | |
3f69fb12 SY |
2224 | ret = do_secondstage_mounts_if_needed( |
2225 | type, h, controllerpath, path2, d->container_cgroup); | |
8aa1044f SH |
2226 | free(controllerpath); |
2227 | free(path2); | |
3f69fb12 SY |
2228 | if (ret < 0) |
2229 | goto on_error; | |
8aa1044f SH |
2230 | } |
2231 | retval = true; | |
2232 | ||
3f69fb12 | 2233 | on_error: |
8aa1044f SH |
2234 | free(tmpfspath); |
2235 | return retval; | |
ccb4cabe SH |
2236 | } |
2237 | ||
2238 | static int recursive_count_nrtasks(char *dirname) | |
2239 | { | |
74f96976 | 2240 | struct dirent *direntp; |
ccb4cabe SH |
2241 | DIR *dir; |
2242 | int count = 0, ret; | |
2243 | char *path; | |
2244 | ||
2245 | dir = opendir(dirname); | |
2246 | if (!dir) | |
2247 | return 0; | |
2248 | ||
74f96976 | 2249 | while ((direntp = readdir(dir))) { |
ccb4cabe SH |
2250 | struct stat mystat; |
2251 | ||
2252 | if (!direntp) | |
2253 | break; | |
2254 | ||
2255 | if (!strcmp(direntp->d_name, ".") || | |
2256 | !strcmp(direntp->d_name, "..")) | |
2257 | continue; | |
2258 | ||
2259 | path = must_make_path(dirname, direntp->d_name, NULL); | |
2260 | ||
2261 | if (lstat(path, &mystat)) | |
2262 | goto next; | |
2263 | ||
2264 | if (!S_ISDIR(mystat.st_mode)) | |
2265 | goto next; | |
2266 | ||
2267 | count += recursive_count_nrtasks(path); | |
2268 | next: | |
2269 | free(path); | |
2270 | } | |
2271 | ||
2272 | path = must_make_path(dirname, "cgroup.procs", NULL); | |
2273 | ret = lxc_count_file_lines(path); | |
2274 | if (ret != -1) | |
2275 | count += ret; | |
2276 | free(path); | |
2277 | ||
2278 | (void) closedir(dir); | |
2279 | ||
2280 | return count; | |
2281 | } | |
2282 | ||
2283 | static int cgfsng_nrtasks(void *hdata) { | |
2284 | struct cgfsng_handler_data *d = hdata; | |
2285 | char *path; | |
2286 | int count; | |
2287 | ||
457ca9aa | 2288 | if (!d || !d->container_cgroup || !hierarchies) |
ccb4cabe | 2289 | return -1; |
a3926f6a | 2290 | |
457ca9aa | 2291 | path = must_make_path(hierarchies[0]->fullcgpath, NULL); |
ccb4cabe SH |
2292 | count = recursive_count_nrtasks(path); |
2293 | free(path); | |
2294 | return count; | |
2295 | } | |
2296 | ||
2297 | /* Only root needs to escape to the cgroup of its init */ | |
7103fe6f | 2298 | static bool cgfsng_escape() |
ccb4cabe | 2299 | { |
ccb4cabe SH |
2300 | int i; |
2301 | ||
2302 | if (geteuid()) | |
2303 | return true; | |
2304 | ||
457ca9aa SH |
2305 | for (i = 0; hierarchies[i]; i++) { |
2306 | char *fullpath = must_make_path(hierarchies[i]->mountpoint, | |
2307 | hierarchies[i]->base_cgroup, | |
ccb4cabe SH |
2308 | "cgroup.procs", NULL); |
2309 | if (lxc_write_to_file(fullpath, "0", 2, false) != 0) { | |
d3b00a8f | 2310 | SYSERROR("Failed to escape to %s", fullpath); |
ccb4cabe | 2311 | free(fullpath); |
6df334d1 | 2312 | return false; |
ccb4cabe SH |
2313 | } |
2314 | free(fullpath); | |
2315 | } | |
2316 | ||
6df334d1 | 2317 | return true; |
ccb4cabe SH |
2318 | } |
2319 | ||
36662416 TA |
2320 | static int cgfsng_num_hierarchies(void) |
2321 | { | |
2322 | int i; | |
2323 | ||
2324 | for (i = 0; hierarchies[i]; i++) | |
2325 | ; | |
2326 | ||
2327 | return i; | |
2328 | } | |
2329 | ||
2330 | static bool cgfsng_get_hierarchies(int n, char ***out) | |
2331 | { | |
2332 | int i; | |
2333 | ||
2334 | /* sanity check n */ | |
6b38e644 | 2335 | for (i = 0; i < n; i++) |
36662416 TA |
2336 | if (!hierarchies[i]) |
2337 | return false; | |
36662416 TA |
2338 | |
2339 | *out = hierarchies[i]->controllers; | |
2340 | ||
2341 | return true; | |
2342 | } | |
2343 | ||
ccb4cabe SH |
2344 | #define THAWED "THAWED" |
2345 | #define THAWED_LEN (strlen(THAWED)) | |
2346 | ||
d6337a5f CB |
2347 | /* TODO: If the unified cgroup hierarchy grows a freezer controller this needs |
2348 | * to be adapted. | |
2349 | */ | |
ccb4cabe SH |
2350 | static bool cgfsng_unfreeze(void *hdata) |
2351 | { | |
d6337a5f | 2352 | int ret; |
ccb4cabe | 2353 | char *fullpath; |
d6337a5f | 2354 | struct hierarchy *h; |
ccb4cabe | 2355 | |
d6337a5f | 2356 | h = get_hierarchy("freezer"); |
457ca9aa | 2357 | if (!h) |
ccb4cabe | 2358 | return false; |
d6337a5f | 2359 | |
ccb4cabe | 2360 | fullpath = must_make_path(h->fullcgpath, "freezer.state", NULL); |
d6337a5f | 2361 | ret = lxc_write_to_file(fullpath, THAWED, THAWED_LEN, false); |
ccb4cabe | 2362 | free(fullpath); |
d6337a5f CB |
2363 | if (ret < 0) |
2364 | return false; | |
2365 | ||
ccb4cabe SH |
2366 | return true; |
2367 | } | |
2368 | ||
2369 | static const char *cgfsng_get_cgroup(void *hdata, const char *subsystem) | |
2370 | { | |
d6337a5f CB |
2371 | struct hierarchy *h; |
2372 | ||
2373 | h = get_hierarchy(subsystem); | |
ccb4cabe SH |
2374 | if (!h) |
2375 | return NULL; | |
2376 | ||
371f834d SH |
2377 | return h->fullcgpath ? h->fullcgpath + strlen(h->mountpoint) : NULL; |
2378 | } | |
2379 | ||
2380 | /* | |
2381 | * Given a cgroup path returned from lxc_cmd_get_cgroup_path, build a | |
2382 | * full path, which must be freed by the caller. | |
2383 | */ | |
2384 | static char *build_full_cgpath_from_monitorpath(struct hierarchy *h, | |
2385 | const char *inpath, | |
2386 | const char *filename) | |
2387 | { | |
371f834d | 2388 | return must_make_path(h->mountpoint, inpath, filename, NULL); |
ccb4cabe SH |
2389 | } |
2390 | ||
c2aed66d CB |
2391 | /* Technically, we're always at a delegation boundary here. (This is especially |
2392 | * true when cgroup namespaces are available.) The reasoning is that in order | |
2393 | * for us to have been able to start a container in the first place the root | |
2394 | * cgroup must have been a leaf node. Now, either the container's init system | |
2395 | * has populated the cgroup and kept it as a leaf node or it has created | |
2396 | * subtrees. In the former case we will simply attach to the leaf node we | |
2397 | * created when we started the container in the latter case we create our own | |
2398 | * cgroup for the attaching process. | |
2399 | */ | |
a3926f6a CB |
2400 | static int __cg_unified_attach(const struct hierarchy *h, const char *name, |
2401 | const char *lxcpath, const char *pidstr, | |
2402 | size_t pidstr_len, const char *controller) | |
c2aed66d CB |
2403 | { |
2404 | int ret; | |
2405 | size_t len; | |
2406 | int fret = -1, idx = 0; | |
2407 | char *base_path = NULL, *container_cgroup = NULL, *full_path = NULL; | |
2408 | ||
2409 | container_cgroup = lxc_cmd_get_cgroup_path(name, lxcpath, controller); | |
2410 | /* not running */ | |
2411 | if (!container_cgroup) | |
2412 | return 0; | |
2413 | ||
2414 | base_path = must_make_path(h->mountpoint, container_cgroup, NULL); | |
2415 | full_path = must_make_path(base_path, "cgroup.procs", NULL); | |
2416 | /* cgroup is populated */ | |
2417 | ret = lxc_write_to_file(full_path, pidstr, pidstr_len, false); | |
2418 | if (ret < 0 && errno != EBUSY) | |
2419 | goto on_error; | |
2420 | ||
2421 | if (ret == 0) | |
2422 | goto on_success; | |
2423 | ||
2424 | free(full_path); | |
2425 | ||
2426 | len = strlen(base_path) + sizeof("/lxc-1000") - 1 + | |
2427 | sizeof("/cgroup-procs") - 1; | |
2428 | full_path = must_alloc(len + 1); | |
2429 | do { | |
2430 | if (idx) | |
2431 | ret = snprintf(full_path, len + 1, "%s/lxc-%d", | |
2432 | base_path, idx); | |
2433 | else | |
2434 | ret = snprintf(full_path, len + 1, "%s/lxc", base_path); | |
2435 | if (ret < 0 || (size_t)ret >= len + 1) | |
2436 | goto on_error; | |
2437 | ||
2438 | ret = mkdir_p(full_path, 0755); | |
2439 | if (ret < 0 && errno != EEXIST) | |
2440 | goto on_error; | |
2441 | ||
2442 | strcat(full_path, "/cgroup.procs"); | |
2443 | ret = lxc_write_to_file(full_path, pidstr, len, false); | |
2444 | if (ret == 0) | |
2445 | goto on_success; | |
2446 | ||
2447 | /* this is a non-leaf node */ | |
2448 | if (errno != EBUSY) | |
2449 | goto on_error; | |
2450 | ||
2451 | } while (++idx > 0 && idx < 1000); | |
2452 | ||
2453 | on_success: | |
2454 | if (idx < 1000) | |
2455 | fret = 0; | |
2456 | ||
2457 | on_error: | |
2458 | free(base_path); | |
2459 | free(container_cgroup); | |
2460 | free(full_path); | |
2461 | ||
2462 | return fret; | |
2463 | } | |
2464 | ||
ccb4cabe SH |
2465 | static bool cgfsng_attach(const char *name, const char *lxcpath, pid_t pid) |
2466 | { | |
c2aed66d | 2467 | int i, len, ret; |
ccb4cabe | 2468 | char pidstr[25]; |
ccb4cabe SH |
2469 | |
2470 | len = snprintf(pidstr, 25, "%d", pid); | |
2471 | if (len < 0 || len > 25) | |
2472 | return false; | |
2473 | ||
457ca9aa | 2474 | for (i = 0; hierarchies[i]; i++) { |
c2aed66d CB |
2475 | char *path; |
2476 | char *fullpath = NULL; | |
457ca9aa | 2477 | struct hierarchy *h = hierarchies[i]; |
ccb4cabe | 2478 | |
c2aed66d | 2479 | if (h->version == CGROUP2_SUPER_MAGIC) { |
a3926f6a CB |
2480 | ret = __cg_unified_attach(h, name, lxcpath, pidstr, len, |
2481 | h->controllers[0]); | |
c2aed66d CB |
2482 | if (ret < 0) |
2483 | return false; | |
2484 | ||
2485 | continue; | |
2486 | } | |
2487 | ||
ccb4cabe | 2488 | path = lxc_cmd_get_cgroup_path(name, lxcpath, h->controllers[0]); |
c2aed66d CB |
2489 | /* not running */ |
2490 | if (!path) | |
ccb4cabe SH |
2491 | continue; |
2492 | ||
371f834d | 2493 | fullpath = build_full_cgpath_from_monitorpath(h, path, "cgroup.procs"); |
c2aed66d CB |
2494 | ret = lxc_write_to_file(fullpath, pidstr, len, false); |
2495 | if (ret < 0) { | |
ccb4cabe SH |
2496 | SYSERROR("Failed to attach %d to %s", (int)pid, fullpath); |
2497 | free(fullpath); | |
ccb4cabe SH |
2498 | return false; |
2499 | } | |
ccb4cabe SH |
2500 | free(fullpath); |
2501 | } | |
2502 | ||
ccb4cabe SH |
2503 | return true; |
2504 | } | |
2505 | ||
2506 | /* | |
2507 | * Called externally (i.e. from 'lxc-cgroup') to query cgroup limits. | |
2508 | * Here we don't have a cgroup_data set up, so we ask the running | |
2509 | * container through the commands API for the cgroup path | |
2510 | */ | |
0069cc61 CB |
2511 | static int cgfsng_get(const char *filename, char *value, size_t len, |
2512 | const char *name, const char *lxcpath) | |
ccb4cabe | 2513 | { |
ccb4cabe | 2514 | int ret = -1; |
0069cc61 CB |
2515 | size_t controller_len; |
2516 | char *controller, *p, *path; | |
2517 | struct hierarchy *h; | |
ccb4cabe | 2518 | |
0069cc61 CB |
2519 | controller_len = strlen(filename); |
2520 | controller = alloca(controller_len + 1); | |
2521 | strcpy(controller, filename); | |
2522 | p = strchr(controller, '.'); | |
2523 | if (p) | |
ccb4cabe SH |
2524 | *p = '\0'; |
2525 | ||
0069cc61 CB |
2526 | path = lxc_cmd_get_cgroup_path(name, lxcpath, controller); |
2527 | /* not running */ | |
2528 | if (!path) | |
ccb4cabe SH |
2529 | return -1; |
2530 | ||
0069cc61 | 2531 | h = get_hierarchy(controller); |
ccb4cabe | 2532 | if (h) { |
0069cc61 CB |
2533 | char *fullpath; |
2534 | ||
2535 | fullpath = build_full_cgpath_from_monitorpath(h, path, filename); | |
ccb4cabe SH |
2536 | ret = lxc_read_from_file(fullpath, value, len); |
2537 | free(fullpath); | |
2538 | } | |
ccb4cabe SH |
2539 | free(path); |
2540 | ||
2541 | return ret; | |
2542 | } | |
2543 | ||
2544 | /* | |
2545 | * Called externally (i.e. from 'lxc-cgroup') to set new cgroup limits. | |
2546 | * Here we don't have a cgroup_data set up, so we ask the running | |
2547 | * container through the commands API for the cgroup path | |
2548 | */ | |
87777968 CB |
2549 | static int cgfsng_set(const char *filename, const char *value, const char *name, |
2550 | const char *lxcpath) | |
ccb4cabe | 2551 | { |
ccb4cabe | 2552 | int ret = -1; |
87777968 CB |
2553 | size_t controller_len; |
2554 | char *controller, *p, *path; | |
2555 | struct hierarchy *h; | |
ccb4cabe | 2556 | |
87777968 CB |
2557 | controller_len = strlen(filename); |
2558 | controller = alloca(controller_len + 1); | |
2559 | strcpy(controller, filename); | |
2560 | p = strchr(controller, '.'); | |
2561 | if (p) | |
ccb4cabe SH |
2562 | *p = '\0'; |
2563 | ||
87777968 CB |
2564 | path = lxc_cmd_get_cgroup_path(name, lxcpath, controller); |
2565 | /* not running */ | |
2566 | if (!path) | |
ccb4cabe SH |
2567 | return -1; |
2568 | ||
87777968 | 2569 | h = get_hierarchy(controller); |
ccb4cabe | 2570 | if (h) { |
87777968 CB |
2571 | char *fullpath; |
2572 | ||
2573 | fullpath = build_full_cgpath_from_monitorpath(h, path, filename); | |
ccb4cabe SH |
2574 | ret = lxc_write_to_file(fullpath, value, strlen(value), false); |
2575 | free(fullpath); | |
2576 | } | |
ccb4cabe SH |
2577 | free(path); |
2578 | ||
2579 | return ret; | |
2580 | } | |
2581 | ||
72add155 SH |
2582 | /* |
2583 | * take devices cgroup line | |
2584 | * /dev/foo rwx | |
2585 | * and convert it to a valid | |
2586 | * type major:minor mode | |
2587 | * line. Return <0 on error. Dest is a preallocated buffer | |
2588 | * long enough to hold the output. | |
2589 | */ | |
2590 | static int convert_devpath(const char *invalue, char *dest) | |
2591 | { | |
2a06d041 CB |
2592 | int n_parts; |
2593 | char *p, *path, type; | |
72add155 SH |
2594 | struct stat sb; |
2595 | unsigned long minor, major; | |
2a06d041 CB |
2596 | int ret = -EINVAL; |
2597 | char *mode = NULL; | |
72add155 SH |
2598 | |
2599 | path = must_copy_string(invalue); | |
2600 | ||
2601 | /* | |
2602 | * read path followed by mode; ignore any trailing text. | |
2603 | * A ' # comment' would be legal. Technically other text | |
2604 | * is not legal, we could check for that if we cared to | |
2605 | */ | |
2606 | for (n_parts = 1, p = path; *p && n_parts < 3; p++) { | |
2c2d6c49 SH |
2607 | if (*p != ' ') |
2608 | continue; | |
2609 | *p = '\0'; | |
2610 | if (n_parts != 1) | |
2611 | break; | |
2612 | p++; | |
2613 | n_parts++; | |
2614 | while (*p == ' ') | |
2615 | p++; | |
2616 | mode = p; | |
2617 | if (*p == '\0') | |
2618 | goto out; | |
72add155 | 2619 | } |
2c2d6c49 SH |
2620 | |
2621 | if (n_parts == 1) | |
72add155 | 2622 | goto out; |
72add155 SH |
2623 | |
2624 | ret = stat(path, &sb); | |
2625 | if (ret < 0) | |
2626 | goto out; | |
2627 | ||
72add155 SH |
2628 | mode_t m = sb.st_mode & S_IFMT; |
2629 | switch (m) { | |
2630 | case S_IFBLK: | |
2631 | type = 'b'; | |
2632 | break; | |
2633 | case S_IFCHR: | |
2634 | type = 'c'; | |
2635 | break; | |
2c2d6c49 | 2636 | default: |
72add155 SH |
2637 | ERROR("Unsupported device type %i for %s", m, path); |
2638 | ret = -EINVAL; | |
2639 | goto out; | |
2640 | } | |
2c2d6c49 SH |
2641 | |
2642 | major = MAJOR(sb.st_rdev); | |
2643 | minor = MINOR(sb.st_rdev); | |
2644 | ret = snprintf(dest, 50, "%c %lu:%lu %s", type, major, minor, mode); | |
72add155 | 2645 | if (ret < 0 || ret >= 50) { |
2a06d041 CB |
2646 | ERROR("Error on configuration value \"%c %lu:%lu %s\" (max 50 " |
2647 | "chars)", type, major, minor, mode); | |
72add155 SH |
2648 | ret = -ENAMETOOLONG; |
2649 | goto out; | |
2650 | } | |
2651 | ret = 0; | |
2652 | ||
2653 | out: | |
2654 | free(path); | |
2655 | return ret; | |
2656 | } | |
2657 | ||
ccb4cabe SH |
2658 | /* |
2659 | * Called from setup_limits - here we have the container's cgroup_data because | |
2660 | * we created the cgroups | |
2661 | */ | |
a3926f6a CB |
2662 | static int cg_legacy_set_data(const char *filename, const char *value, |
2663 | struct cgfsng_handler_data *d) | |
ccb4cabe | 2664 | { |
b3646d7e | 2665 | char *fullpath, *p; |
ab1a6cac | 2666 | size_t len; |
1a0e70ac CB |
2667 | /* "b|c <2^64-1>:<2^64-1> r|w|m" = 47 chars max */ |
2668 | char converted_value[50]; | |
b3646d7e CB |
2669 | struct hierarchy *h; |
2670 | int ret = 0; | |
2671 | char *controller = NULL; | |
ccb4cabe | 2672 | |
ab1a6cac CB |
2673 | len = strlen(filename); |
2674 | controller = alloca(len + 1); | |
b3646d7e | 2675 | strcpy(controller, filename); |
ab1a6cac CB |
2676 | p = strchr(controller, '.'); |
2677 | if (p) | |
ccb4cabe SH |
2678 | *p = '\0'; |
2679 | ||
c8bf519d | 2680 | if (strcmp("devices.allow", filename) == 0 && value[0] == '/') { |
72add155 SH |
2681 | ret = convert_devpath(value, converted_value); |
2682 | if (ret < 0) | |
c8bf519d | 2683 | return ret; |
72add155 | 2684 | value = converted_value; |
c8bf519d | 2685 | } |
2686 | ||
b3646d7e CB |
2687 | h = get_hierarchy(controller); |
2688 | if (!h) { | |
2689 | ERROR("Failed to setup limits for the \"%s\" controller. " | |
2690 | "The controller seems to be unused by \"cgfsng\" cgroup " | |
2691 | "driver or not enabled on the cgroup hierarchy", | |
2692 | controller); | |
d1953b26 | 2693 | errno = ENOENT; |
ab1a6cac | 2694 | return -ENOENT; |
ccb4cabe | 2695 | } |
b3646d7e CB |
2696 | |
2697 | fullpath = must_make_path(h->fullcgpath, filename, NULL); | |
2698 | ret = lxc_write_to_file(fullpath, value, strlen(value), false); | |
2699 | free(fullpath); | |
ccb4cabe SH |
2700 | return ret; |
2701 | } | |
2702 | ||
a3926f6a CB |
2703 | static bool __cg_legacy_setup_limits(void *hdata, |
2704 | struct lxc_list *cgroup_settings, | |
2705 | bool do_devices) | |
ccb4cabe SH |
2706 | { |
2707 | struct cgfsng_handler_data *d = hdata; | |
2708 | struct lxc_list *iterator, *sorted_cgroup_settings, *next; | |
2709 | struct lxc_cgroup *cg; | |
ccb4cabe SH |
2710 | bool ret = false; |
2711 | ||
2712 | if (lxc_list_empty(cgroup_settings)) | |
2713 | return true; | |
2714 | ||
2715 | sorted_cgroup_settings = sort_cgroup_settings(cgroup_settings); | |
6b38e644 | 2716 | if (!sorted_cgroup_settings) |
ccb4cabe | 2717 | return false; |
ccb4cabe | 2718 | |
ccb4cabe SH |
2719 | lxc_list_for_each(iterator, sorted_cgroup_settings) { |
2720 | cg = iterator->elem; | |
2721 | ||
2722 | if (do_devices == !strncmp("devices", cg->subsystem, 7)) { | |
a3926f6a | 2723 | if (cg_legacy_set_data(cg->subsystem, cg->value, d)) { |
ccb4cabe SH |
2724 | if (do_devices && (errno == EACCES || errno == EPERM)) { |
2725 | WARN("Error setting %s to %s for %s", | |
2726 | cg->subsystem, cg->value, d->name); | |
2727 | continue; | |
2728 | } | |
2729 | SYSERROR("Error setting %s to %s for %s", | |
2730 | cg->subsystem, cg->value, d->name); | |
2731 | goto out; | |
2732 | } | |
6a628f4a | 2733 | DEBUG("cgroup '%s' set to '%s'", cg->subsystem, cg->value); |
ccb4cabe | 2734 | } |
ccb4cabe SH |
2735 | } |
2736 | ||
2737 | ret = true; | |
6b38e644 | 2738 | INFO("Limits for the legacy cgroup hierarchies have been setup"); |
ccb4cabe | 2739 | out: |
ccb4cabe SH |
2740 | lxc_list_for_each_safe(iterator, sorted_cgroup_settings, next) { |
2741 | lxc_list_del(iterator); | |
2742 | free(iterator); | |
2743 | } | |
2744 | free(sorted_cgroup_settings); | |
2745 | return ret; | |
2746 | } | |
2747 | ||
a3926f6a CB |
2748 | static bool __cg_unified_setup_limits(void *hdata, |
2749 | struct lxc_list *cgroup_settings) | |
6b38e644 CB |
2750 | { |
2751 | struct lxc_list *iterator; | |
2752 | struct hierarchy *h = unified; | |
2753 | ||
2754 | if (lxc_list_empty(cgroup_settings)) | |
2755 | return true; | |
2756 | ||
2757 | if (!h) | |
2758 | return false; | |
2759 | ||
2760 | lxc_list_for_each(iterator, cgroup_settings) { | |
2761 | int ret; | |
2762 | char *fullpath; | |
2763 | struct lxc_cgroup *cg = iterator->elem; | |
2764 | ||
2765 | fullpath = must_make_path(h->fullcgpath, cg->subsystem, NULL); | |
2766 | ret = lxc_write_to_file(fullpath, cg->value, strlen(cg->value), false); | |
2767 | free(fullpath); | |
2768 | if (ret < 0) { | |
2769 | SYSERROR("Failed to set \"%s\" to \"%s\"", cg->subsystem, cg->value); | |
2770 | return false; | |
2771 | } | |
2772 | TRACE("Set \"%s\" to \"%s\"", cg->subsystem, cg->value); | |
2773 | } | |
2774 | ||
2775 | INFO("Limits for the unified cgroup hierarchy have been setup"); | |
2776 | return true; | |
2777 | } | |
2778 | ||
2779 | static bool cgfsng_setup_limits(void *hdata, struct lxc_conf *conf, | |
2780 | bool do_devices) | |
2781 | { | |
2782 | bool bret; | |
2783 | ||
a3926f6a | 2784 | bret = __cg_legacy_setup_limits(hdata, &conf->cgroup, do_devices); |
6b38e644 CB |
2785 | if (!bret) |
2786 | return false; | |
2787 | ||
a3926f6a | 2788 | return __cg_unified_setup_limits(hdata, &conf->cgroup2); |
6b38e644 CB |
2789 | } |
2790 | ||
ccb4cabe SH |
2791 | static struct cgroup_ops cgfsng_ops = { |
2792 | .init = cgfsng_init, | |
2793 | .destroy = cgfsng_destroy, | |
2794 | .create = cgfsng_create, | |
2795 | .enter = cgfsng_enter, | |
ccb4cabe | 2796 | .escape = cgfsng_escape, |
36662416 TA |
2797 | .num_hierarchies = cgfsng_num_hierarchies, |
2798 | .get_hierarchies = cgfsng_get_hierarchies, | |
ccb4cabe SH |
2799 | .get_cgroup = cgfsng_get_cgroup, |
2800 | .get = cgfsng_get, | |
2801 | .set = cgfsng_set, | |
2802 | .unfreeze = cgfsng_unfreeze, | |
2803 | .setup_limits = cgfsng_setup_limits, | |
2804 | .name = "cgroupfs-ng", | |
2805 | .attach = cgfsng_attach, | |
058c1cb6 | 2806 | .chown = cgfsng_chown, |
ccb4cabe SH |
2807 | .mount_cgroup = cgfsng_mount, |
2808 | .nrtasks = cgfsng_nrtasks, | |
2809 | .driver = CGFSNG, | |
2810 | ||
2811 | /* unsupported */ | |
2812 | .create_legacy = NULL, | |
2813 | }; |