[mirror_lxc.git] / src / lxc / cgroups / cgroup.h

/* SPDX-License-Identifier: LGPL-2.1+ */

#ifndef __LXC_CGROUP_H
#define __LXC_CGROUP_H

#include <stdbool.h>
#include <stddef.h>
#include <sys/types.h>

#include "compiler.h"
#include "macro.h"
#include "memory_utils.h"

#define DEFAULT_CGROUP_MOUNTPOINT_RELATIVE "sys/fs/cgroup"
#define DEFAULT_CGROUP_MOUNTPOINT "/sys/fs/cgroup"
#define DEFAULT_PAYLOAD_CGROUP_PREFIX "lxc.payload."
#define DEFAULT_MONITOR_CGROUP_PREFIX "lxc.monitor."
#define DEFAULT_PAYLOAD_CGROUP "payload"
#define DEFAULT_MONITOR_CGROUP "monitor"
#define CGROUP_CREATE_RETRY "-NNNN"
#define CGROUP_CREATE_RETRY_LEN (STRLITERALLEN(CGROUP_CREATE_RETRY))
#define CGROUP_PIVOT "lxc.pivot"

struct lxc_handler;
struct lxc_conf;
struct lxc_list;

typedef enum {
        CGROUP_LAYOUT_UNKNOWN = -1,
        CGROUP_LAYOUT_LEGACY  =  0,
        CGROUP_LAYOUT_HYBRID  =  1,
        CGROUP_LAYOUT_UNIFIED =  2,
} cgroup_layout_t;

/* A descriptor for a mounted hierarchy
 *
 * @controllers
 * - legacy hierarchy
 *   Either NULL, or a null-terminated list of all the co-mounted controllers.
 * - unified hierarchy
 *   Either NULL, or a null-terminated list of all enabled controllers.
 *
 * @mountpoint
 * - The mountpoint we will use.
 * - legacy hierarchy
 *   It will be either /sys/fs/cgroup/controller or
 *   /sys/fs/cgroup/controllerlist.
 * - unified hierarchy
 *   It will either be /sys/fs/cgroup or /sys/fs/cgroup/<mountpoint-name>
 *   depending on whether this is a hybrid cgroup layout (mix of legacy and
 *   unified hierarchies) or a pure unified cgroup layout.
 *
 * @container_base_path
 * - The cgroup under which the container cgroup path
 *   is created. This will be either the caller's cgroup (if not root), or
 *   init's cgroup (if root).
 *
 * @container_full_path
 * - The full path to the container's cgroup.
 *
 * @container_limit_path
 * - The full path to the container's limiting cgroup. May simply point to
 *   container_full_path.
 *
 * @monitor_full_path
 * - The full path to the monitor's cgroup.
 *
 * @version
 * - legacy hierarchy
 *   If the hierarchy is a legacy hierarchy this will be set to
 *   CGROUP_SUPER_MAGIC.
 * - unified hierarchy
 *   If the hierarchy is a unified hierarchy this will be set to
 *   CGROUP2_SUPER_MAGIC.
 */
struct hierarchy {
	/*
	 * cgroup2 only: what files need to be chowned to delegate a cgroup to
	 * an unprivileged user.
	 */
	char **cgroup2_chown;
	char **controllers;
	char *mountpoint;
	char *container_base_path;
	char *container_full_path;
	char *container_limit_path;
	char *monitor_full_path;
	int version;

	/* cgroup2 only */
	unsigned int bpf_device_controller:1;
	unsigned int freezer_controller:1;

	/* container cgroup fd */
	int cgfd_con;
	/* limiting cgroup fd (may be equal to cgfd_con if not separated) */
	int cgfd_limit;
	/* monitor cgroup fd */
	int cgfd_mon;
};

struct cgroup_ops {
	/* string constant */
	const char *driver;

	/* string constant */
	const char *version;

	/* What controllers is the container supposed to use. */
	char **cgroup_use;
	char *cgroup_pattern;
	char *container_cgroup;
	char *monitor_cgroup;

	/* @hierarchies
	 * - A NULL-terminated array of struct hierarchy, one per legacy
	 *   hierarchy. No duplicates. First sufficient, writeable mounted
	 *   hierarchy wins.
	 */
	struct hierarchy **hierarchies;
	/* Pointer to the unified hierarchy. Do not free! */
	struct hierarchy *unified;

	/*
	 * @cgroup2_devices
	 * bpf program to limit device access; only applicable to privileged
	 * containers.
	 */
	struct bpf_program *cgroup2_devices;

	/*
	 * @cgroup_layout
	 * - What cgroup layout the container is running with.
	 *   - CGROUP_LAYOUT_UNKNOWN
	 *     The cgroup layout could not be determined. This should be treated
	 *     as an error condition.
	 *   - CGROUP_LAYOUT_LEGACY
	 *     The container is running with all controllers mounted into legacy
	 *     cgroup hierarchies.
	 *   - CGROUP_LAYOUT_HYBRID
	 *     The container is running with at least one controller mounted
	 *     into a legacy cgroup hierarchy and a mountpoint for the unified
	 *     hierarchy. The unified hierarchy can be empty (no controllers
	 *     enabled) or non-empty (controllers enabled).
	 *   - CGROUP_LAYOUT_UNIFIED
	 *     The container is running on a pure unified cgroup hierarchy. The
	 *     unified hierarchy can be empty (no controllers enabled) or
	 *     non-empty (controllers enabled).
	 */
	cgroup_layout_t cgroup_layout;

	int (*data_init)(struct cgroup_ops *ops);
	void (*payload_destroy)(struct cgroup_ops *ops, struct lxc_handler *handler);
	void (*monitor_destroy)(struct cgroup_ops *ops, struct lxc_handler *handler);
	bool (*monitor_create)(struct cgroup_ops *ops, struct lxc_handler *handler);
	bool (*monitor_enter)(struct cgroup_ops *ops, struct lxc_handler *handler);
	bool (*payload_create)(struct cgroup_ops *ops, struct lxc_handler *handler);
	bool (*payload_enter)(struct cgroup_ops *ops, struct lxc_handler *handler);
	const char *(*get_cgroup)(struct cgroup_ops *ops, const char *controller);
	bool (*escape)(const struct cgroup_ops *ops, struct lxc_conf *conf);
	int (*num_hierarchies)(struct cgroup_ops *ops);
	bool (*get_hierarchies)(struct cgroup_ops *ops, int n, char ***out);
	int (*set)(struct cgroup_ops *ops, const char *filename,
		   const char *value, const char *name, const char *lxcpath);
	int (*get)(struct cgroup_ops *ops, const char *filename, char *value,
		   size_t len, const char *name, const char *lxcpath);
	int (*freeze)(struct cgroup_ops *ops, int timeout);
	int (*unfreeze)(struct cgroup_ops *ops, int timeout);
	bool (*setup_limits_legacy)(struct cgroup_ops *ops,
				    struct lxc_conf *conf, bool with_devices);
	bool (*setup_limits)(struct cgroup_ops *ops, struct lxc_handler *handler);
	bool (*chown)(struct cgroup_ops *ops, struct lxc_conf *conf);
	bool (*attach)(struct cgroup_ops *ops, const struct lxc_conf *conf,
		       const char *name, const char *lxcpath, pid_t pid);
	bool (*mount)(struct cgroup_ops *ops, struct lxc_handler *handler,
		      const char *root, int type);
	bool (*devices_activate)(struct cgroup_ops *ops,
				 struct lxc_handler *handler);
	bool (*monitor_delegate_controllers)(struct cgroup_ops *ops);
	bool (*payload_delegate_controllers)(struct cgroup_ops *ops);
	void (*payload_finalize)(struct cgroup_ops *ops);
	const char *(*get_limiting_cgroup)(struct cgroup_ops *ops, const char *controller);
};

__hidden extern struct cgroup_ops *cgroup_init(struct lxc_conf *conf);

__hidden extern void cgroup_exit(struct cgroup_ops *ops);
define_cleanup_function(struct cgroup_ops *, cgroup_exit);

__hidden extern void prune_init_scope(char *cg);

__hidden extern int cgroup_attach(const struct lxc_conf *conf, const char *name,
				  const char *lxcpath, pid_t pid);
__hidden extern int cgroup_get(struct lxc_conf *conf, const char *name,
                               const char *lxcpath, const char *filename,
                               char *buf, size_t len);
__hidden extern int cgroup_set(struct lxc_conf *conf, const char *name,
                               const char *lxcpath, const char *filename,
                               const char *value);

static inline bool pure_unified_layout(const struct cgroup_ops *ops)
{
	return ops->cgroup_layout == CGROUP_LAYOUT_UNIFIED;
}

static inline int cgroup_unified_fd(const struct cgroup_ops *ops)
{
	if (!ops->unified)
		return -EBADF;

	return ops->unified->cgfd_con;
}

#endif /* __LXC_CGROUP_H */
Commit	Line	Data
cc73685d	1	/* SPDX-License-Identifier: LGPL-2.1+ */
33ad9f1a	2
f1a4a029 ÇO	3	#ifndef __LXC_CGROUP_H
f1a4a029 ÇO	4	#define __LXC_CGROUP_H
33ad9f1a	5
4fb3cba5 DE	6	#include <stdbool.h>
	7	#include <stddef.h>
	8	#include <sys/types.h>
33ad9f1a	9
c332ec90	10	#include "compiler.h"
fe70edee	11	#include "macro.h"
5a076633	12	#include "memory_utils.h"
fe70edee	13
e6d4df78	14	#define DEFAULT_CGROUP_MOUNTPOINT_RELATIVE "sys/fs/cgroup"
dca9587a	15	#define DEFAULT_CGROUP_MOUNTPOINT "/sys/fs/cgroup"
fe70edee CB	16	#define DEFAULT_PAYLOAD_CGROUP_PREFIX "lxc.payload."
fe70edee CB	17	#define DEFAULT_MONITOR_CGROUP_PREFIX "lxc.monitor."
d6bdd182 CB	18	#define DEFAULT_PAYLOAD_CGROUP "payload"
d6bdd182 CB	19	#define DEFAULT_MONITOR_CGROUP "monitor"
fe70edee CB	20	#define CGROUP_CREATE_RETRY "-NNNN"
fe70edee CB	21	#define CGROUP_CREATE_RETRY_LEN (STRLITERALLEN(CGROUP_CREATE_RETRY))
1973b62a	22	#define CGROUP_PIVOT "lxc.pivot"
625ad37b	23
758437c5	24	struct lxc_handler;
4fb3cba5	25	struct lxc_conf;
b98f7d6e	26	struct lxc_list;
33ad9f1a	27
d6337a5f CB	28	typedef enum {
	29	CGROUP_LAYOUT_UNKNOWN = -1,
	30	CGROUP_LAYOUT_LEGACY = 0,
	31	CGROUP_LAYOUT_HYBRID = 1,
	32	CGROUP_LAYOUT_UNIFIED = 2,
	33	} cgroup_layout_t;
	34
2202afc9 CB	35	/* A descriptor for a mounted hierarchy
	36	*
	37	* @controllers
	38	* - legacy hierarchy
	39	* Either NULL, or a null-terminated list of all the co-mounted controllers.
	40	* - unified hierarchy
	41	* Either NULL, or a null-terminated list of all enabled controllers.
	42	*
	43	* @mountpoint
	44	* - The mountpoint we will use.
	45	* - legacy hierarchy
	46	* It will be either /sys/fs/cgroup/controller or
	47	* /sys/fs/cgroup/controllerlist.
	48	* - unified hierarchy
	49	* It will either be /sys/fs/cgroup or /sys/fs/cgroup/<mountpoint-name>
	50	* depending on whether this is a hybrid cgroup layout (mix of legacy and
	51	* unified hierarchies) or a pure unified cgroup layout.
	52	*
bb221ad1	53	* @container_base_path
2202afc9 CB	54	* - The cgroup under which the container cgroup path
	55	* is created. This will be either the caller's cgroup (if not root), or
	56	* init's cgroup (if root).
	57	*
eb697136	58	* @container_full_path
a900cbaf WB	59	* - The full path to the container's cgroup.
	60	*
	61	* @container_limit_path
	62	* - The full path to the container's limiting cgroup. May simply point to
	63	* container_full_path.
2202afc9	64	*
e09b62f9 CB	65	* @monitor_full_path
	66	* - The full path to the monitor's cgroup.
	67	*
2202afc9 CB	68	* @version
	69	* - legacy hierarchy
	70	* If the hierarchy is a legacy hierarchy this will be set to
	71	* CGROUP_SUPER_MAGIC.
	72	* - unified hierarchy
c8714832	73	* If the hierarchy is a unified hierarchy this will be set to
2202afc9 CB	74	* CGROUP2_SUPER_MAGIC.
	75	*/
	76	struct hierarchy {
a6ca2ed8 CB	77	/*
	78	* cgroup2 only: what files need to be chowned to delegate a cgroup to
	79	* an unprivileged user.
	80	*/
	81	char **cgroup2_chown;
2202afc9 CB	82	char **controllers;
2202afc9 CB	83	char *mountpoint;
bb221ad1	84	char *container_base_path;
eb697136	85	char *container_full_path;
a900cbaf	86	char *container_limit_path;
e09b62f9	87	char *monitor_full_path;
2202afc9	88	int version;
dca9587a CB	89
dca9587a CB	90	/* cgroup2 only */
aaa1ec28	91	unsigned int bpf_device_controller:1;
6dcd6f02	92	unsigned int freezer_controller:1;
1973b62a	93
1973b62a	94	/* container cgroup fd */
a900cbaf WB	95	int cgfd_con;
	96	/* limiting cgroup fd (may be equal to cgfd_con if not separated) */
	97	int cgfd_limit;
	98	/* monitor cgroup fd */
1973b62a	99	int cgfd_mon;
2202afc9 CB	100	};
2202afc9 CB	101
d4ef7c50	102	struct cgroup_ops {
2202afc9	103	/* string constant */
d2a4d1db	104	const char *driver;
2202afc9 CB	105
2202afc9 CB	106	/* string constant */
d2a4d1db	107	const char *version;
4fb3cba5	108
2202afc9	109	/* What controllers is the container supposed to use. */
b7b18fc5	110	char **cgroup_use;
2202afc9 CB	111	char *cgroup_pattern;
2202afc9 CB	112	char *container_cgroup;
c581d2a6	113	char *monitor_cgroup;
625ad37b	114
2202afc9 CB	115	/* @hierarchies
	116	* - A NULL-terminated array of struct hierarchy, one per legacy
	117	* hierarchy. No duplicates. First sufficient, writeable mounted
	118	* hierarchy wins.
	119	*/
	120	struct hierarchy **hierarchies;
27a5132c	121	/* Pointer to the unified hierarchy. Do not free! */
2202afc9 CB	122	struct hierarchy *unified;
2202afc9 CB	123
cce5a3d7 CB	124	/*
	125	* @cgroup2_devices
	126	* bpf program to limit device access; only applicable to privileged
	127	* containers.
	128	*/
	129	struct bpf_program *cgroup2_devices;
	130
2202afc9 CB	131	/*
	132	* @cgroup_layout
	133	* - What cgroup layout the container is running with.
	134	* - CGROUP_LAYOUT_UNKNOWN
	135	* The cgroup layout could not be determined. This should be treated
	136	* as an error condition.
	137	* - CGROUP_LAYOUT_LEGACY
	138	* The container is running with all controllers mounted into legacy
	139	* cgroup hierarchies.
	140	* - CGROUP_LAYOUT_HYBRID
	141	* The container is running with at least one controller mounted
	142	* into a legacy cgroup hierarchy and a mountpoint for the unified
	143	* hierarchy. The unified hierarchy can be empty (no controllers
	144	* enabled) or non-empty (controllers enabled).
	145	* - CGROUP_LAYOUT_UNIFIED
	146	* The container is running on a pure unified cgroup hierarchy. The
	147	* unified hierarchy can be empty (no controllers enabled) or
	148	* non-empty (controllers enabled).
	149	*/
	150	cgroup_layout_t cgroup_layout;
	151
341e6516	152	int (data_init)(struct cgroup_ops ops);
434c8e15 CB	153	void (payload_destroy)(struct cgroup_ops ops, struct lxc_handler *handler);
434c8e15 CB	154	void (monitor_destroy)(struct cgroup_ops ops, struct lxc_handler *handler);
6439f06e	155	bool (monitor_create)(struct cgroup_ops ops, struct lxc_handler *handler);
c581d2a6	156	bool (monitor_enter)(struct cgroup_ops ops, struct lxc_handler *handler);
e8b181f5	157	bool (payload_create)(struct cgroup_ops ops, struct lxc_handler *handler);
c581d2a6	158	bool (payload_enter)(struct cgroup_ops ops, struct lxc_handler *handler);
2202afc9	159	const char (get_cgroup)(struct cgroup_ops ops, const char controller);
5a087e05	160	bool (escape)(const struct cgroup_ops ops, struct lxc_conf *conf);
2202afc9 CB	161	int (num_hierarchies)(struct cgroup_ops ops);
	162	bool (get_hierarchies)(struct cgroup_ops ops, int n, char ***out);
	163	int (set)(struct cgroup_ops ops, const char *filename,
	164	const char value, const char name, const char *lxcpath);
	165	int (get)(struct cgroup_ops ops, const char filename, char value,
	166	size_t len, const char name, const char lxcpath);
018051e3 CB	167	int (freeze)(struct cgroup_ops ops, int timeout);
018051e3 CB	168	int (unfreeze)(struct cgroup_ops ops, int timeout);
c581d2a6 CB	169	bool (setup_limits_legacy)(struct cgroup_ops ops,
	170	struct lxc_conf *conf, bool with_devices);
	171	bool (setup_limits)(struct cgroup_ops ops, struct lxc_handler *handler);
2202afc9	172	bool (chown)(struct cgroup_ops ops, struct lxc_conf *conf);
7581a82f CB	173	bool (attach)(struct cgroup_ops ops, const struct lxc_conf *conf,
7581a82f CB	174	const char name, const char lxcpath, pid_t pid);
2202afc9 CB	175	bool (mount)(struct cgroup_ops ops, struct lxc_handler *handler,
2202afc9 CB	176	const char *root, int type);
bf651989 CB	177	bool (devices_activate)(struct cgroup_ops ops,
bf651989 CB	178	struct lxc_handler *handler);
c581d2a6 CB	179	bool (monitor_delegate_controllers)(struct cgroup_ops ops);
c581d2a6 CB	180	bool (payload_delegate_controllers)(struct cgroup_ops ops);
78eb6aa6	181	void (payload_finalize)(struct cgroup_ops ops);
a900cbaf	182	const char (get_limiting_cgroup)(struct cgroup_ops ops, const char controller);
d4ef7c50 SH	183	};
d4ef7c50 SH	184
c332ec90	185	__hidden extern struct cgroup_ops cgroup_init(struct lxc_conf conf);
5a076633	186
c332ec90	187	__hidden extern void cgroup_exit(struct cgroup_ops *ops);
5a076633	188	define_cleanup_function(struct cgroup_ops *, cgroup_exit);
d4ef7c50	189
c332ec90	190	__hidden extern void prune_init_scope(char *cg);
f348e47c	191
c332ec90 CB	192	__hidden extern int cgroup_attach(const struct lxc_conf conf, const char name,
c332ec90 CB	193	const char *lxcpath, pid_t pid);
3baf0fc8 CB	194	__hidden extern int cgroup_get(struct lxc_conf conf, const char name,
	195	const char lxcpath, const char filename,
	196	char *buf, size_t len);
983b1db0 CB	197	__hidden extern int cgroup_set(struct lxc_conf conf, const char name,
	198	const char lxcpath, const char filename,
	199	const char *value);
900b6606	200
1973b62a CB	201	static inline bool pure_unified_layout(const struct cgroup_ops *ops)
	202	{
	203	return ops->cgroup_layout == CGROUP_LAYOUT_UNIFIED;
	204	}
	205
f7176c3e CB	206	static inline int cgroup_unified_fd(const struct cgroup_ops *ops)
	207	{
	208	if (!ops->unified)
	209	return -EBADF;
	210
	211	return ops->unified->cgfd_con;
	212	}
	213
c332ec90	214	#endif /* __LXC_CGROUP_H */