3 * Copyright © 2014-2016 Canonical, Inc
4 * Author: Serge Hallyn <serge.hallyn@ubuntu.com>
6 * See COPYING file for details.
9 #define FUSE_USE_VERSION 26
24 #include <linux/sched.h>
25 #include <sys/param.h>
26 #include <sys/socket.h>
27 #include <sys/mount.h>
28 #include <sys/epoll.h>
33 #include "config.h" // for VERSION
38 LXC_TYPE_PROC_MEMINFO
,
39 LXC_TYPE_PROC_CPUINFO
,
42 LXC_TYPE_PROC_DISKSTATS
,
51 char *buf
; // unused as of yet
53 int size
; //actual data size
57 /* reserve buffer size, for cpuall in /proc/stat */
58 #define BUF_RESERVE_SIZE 256
61 * A table caching which pid is init for a pid namespace.
62 * When looking up which pid is init for $qpid, we first
63 * 1. Stat /proc/$qpid/ns/pid.
64 * 2. Check whether the ino_t is in our store.
65 * a. if not, fork a child in qpid's ns to send us
66 * ucred.pid = 1, and read the initpid. Cache
67 * initpid and creation time for /proc/initpid
68 * in a new store entry.
69 * b. if so, verify that /proc/initpid still matches
70 * what we have saved. If not, clear the store
71 * entry and go back to a. If so, return the
74 struct pidns_init_store
{
75 ino_t ino
; // inode number for /proc/$pid/ns/pid
76 pid_t initpid
; // the pid of nit in that ns
77 long int ctime
; // the time at which /proc/$initpid was created
78 struct pidns_init_store
*next
;
82 /* lol - look at how they are allocated in the kernel */
83 #define PIDNS_HASH_SIZE 4096
84 #define HASH(x) ((x) % PIDNS_HASH_SIZE)
86 static struct pidns_init_store
*pidns_hash_table
[PIDNS_HASH_SIZE
];
87 static pthread_mutex_t pidns_store_mutex
= PTHREAD_MUTEX_INITIALIZER
;
88 static void lock_mutex(pthread_mutex_t
*l
)
92 if ((ret
= pthread_mutex_lock(l
)) != 0) {
93 fprintf(stderr
, "pthread_mutex_lock returned:%d %s\n", ret
, strerror(ret
));
98 static void unlock_mutex(pthread_mutex_t
*l
)
102 if ((ret
= pthread_mutex_unlock(l
)) != 0) {
103 fprintf(stderr
, "pthread_mutex_unlock returned:%d %s\n", ret
, strerror(ret
));
108 static void store_lock(void)
110 lock_mutex(&pidns_store_mutex
);
113 static void store_unlock(void)
115 unlock_mutex(&pidns_store_mutex
);
118 /* Must be called under store_lock */
119 static bool initpid_still_valid(struct pidns_init_store
*e
, struct stat
*nsfdsb
)
124 snprintf(fnam
, 100, "/proc/%d", e
->initpid
);
125 if (stat(fnam
, &initsb
) < 0)
128 fprintf(stderr
, "comparing ctime %ld %ld for pid %d\n",
129 e
->ctime
, initsb
.st_ctime
, e
->initpid
);
131 if (e
->ctime
!= initsb
.st_ctime
)
136 /* Must be called under store_lock */
137 static void remove_initpid(struct pidns_init_store
*e
)
139 struct pidns_init_store
*tmp
;
143 fprintf(stderr
, "remove_initpid: removing entry for %d\n", e
->initpid
);
146 if (pidns_hash_table
[h
] == e
) {
147 pidns_hash_table
[h
] = e
->next
;
152 tmp
= pidns_hash_table
[h
];
154 if (tmp
->next
== e
) {
164 /* Must be called under store_lock */
165 static void prune_initpid_store(void)
167 static long int last_prune
= 0;
168 struct pidns_init_store
*e
, *prev
, *delme
;
169 long int now
, threshold
;
173 last_prune
= time(NULL
);
177 if (now
< last_prune
+ PURGE_SECS
)
180 fprintf(stderr
, "pruning\n");
183 threshold
= now
- 2 * PURGE_SECS
;
185 for (i
= 0; i
< PIDNS_HASH_SIZE
; i
++) {
186 for (prev
= NULL
, e
= pidns_hash_table
[i
]; e
; ) {
187 if (e
->lastcheck
< threshold
) {
189 fprintf(stderr
, "Removing cached entry for %d\n", e
->initpid
);
193 prev
->next
= e
->next
;
195 pidns_hash_table
[i
] = e
->next
;
206 /* Must be called under store_lock */
207 static void save_initpid(struct stat
*sb
, pid_t pid
)
209 struct pidns_init_store
*e
;
215 fprintf(stderr
, "save_initpid: adding entry for %d\n", pid
);
217 snprintf(fpath
, 100, "/proc/%d", pid
);
218 if (stat(fpath
, &procsb
) < 0)
221 e
= malloc(sizeof(*e
));
225 e
->ctime
= procsb
.st_ctime
;
227 e
->next
= pidns_hash_table
[h
];
228 e
->lastcheck
= time(NULL
);
229 pidns_hash_table
[h
] = e
;
233 * Given the stat(2) info for a nsfd pid inode, lookup the init_pid_store
234 * entry for the inode number and creation time. Verify that the init pid
235 * is still valid. If not, remove it. Return the entry if valid, NULL
237 * Must be called under store_lock
239 static struct pidns_init_store
*lookup_verify_initpid(struct stat
*sb
)
241 int h
= HASH(sb
->st_ino
);
242 struct pidns_init_store
*e
= pidns_hash_table
[h
];
245 if (e
->ino
== sb
->st_ino
) {
246 if (initpid_still_valid(e
, sb
)) {
247 e
->lastcheck
= time(NULL
);
259 static int is_dir(const char *path
)
262 int ret
= stat(path
, &statbuf
);
263 if (ret
== 0 && S_ISDIR(statbuf
.st_mode
))
268 static char *must_copy_string(const char *str
)
280 static inline void drop_trailing_newlines(char *s
)
284 for (l
=strlen(s
); l
>0 && s
[l
-1] == '\n'; l
--)
288 #define BATCH_SIZE 50
289 static void dorealloc(char **mem
, size_t oldlen
, size_t newlen
)
291 int newbatches
= (newlen
/ BATCH_SIZE
) + 1;
292 int oldbatches
= (oldlen
/ BATCH_SIZE
) + 1;
294 if (!*mem
|| newbatches
> oldbatches
) {
297 tmp
= realloc(*mem
, newbatches
* BATCH_SIZE
);
302 static void append_line(char **contents
, size_t *len
, char *line
, ssize_t linelen
)
304 size_t newlen
= *len
+ linelen
;
305 dorealloc(contents
, *len
, newlen
+ 1);
306 memcpy(*contents
+ *len
, line
, linelen
+1);
310 static char *slurp_file(const char *from
, int fd
)
313 char *contents
= NULL
;
314 FILE *f
= fdopen(fd
, "r");
315 size_t len
= 0, fulllen
= 0;
321 while ((linelen
= getline(&line
, &len
, f
)) != -1) {
322 append_line(&contents
, &fulllen
, line
, linelen
);
327 drop_trailing_newlines(contents
);
332 static bool write_string(const char *fnam
, const char *string
, int fd
)
337 if (!(f
= fdopen(fd
, "w")))
339 len
= strlen(string
);
340 ret
= fwrite(string
, 1, len
, f
);
342 fprintf(stderr
, "Error writing to file: %s\n", strerror(errno
));
347 fprintf(stderr
, "Error writing to file: %s\n", strerror(errno
));
360 static bool store_hierarchy(char *stridx
, char *h
)
362 if (num_hierarchies
% ALLOC_NUM
== 0) {
363 size_t n
= (num_hierarchies
/ ALLOC_NUM
) + 1;
365 char **tmp
= realloc(hierarchies
, n
* sizeof(char *));
367 fprintf(stderr
, "Out of memory\n");
373 hierarchies
[num_hierarchies
++] = must_copy_string(h
);
377 static void print_subsystems(void)
381 fprintf(stderr
, "hierarchies:\n");
382 for (i
= 0; i
< num_hierarchies
; i
++) {
384 fprintf(stderr
, " %d: %s\n", i
, hierarchies
[i
]);
388 static bool in_comma_list(const char *needle
, const char *haystack
)
390 const char *s
= haystack
, *e
;
391 size_t nlen
= strlen(needle
);
393 while (*s
&& (e
= index(s
, ','))) {
398 if (strncmp(needle
, s
, nlen
) == 0)
402 if (strcmp(needle
, s
) == 0)
407 /* do we need to do any massaging here? I'm not sure... */
408 /* Return the mounted controller and store the corresponding open file descriptor
409 * referring to the controller mountpoint in the private lxcfs namespace in
412 static char *find_mounted_controller(const char *controller
, int *cfd
)
416 for (i
= 0; i
< num_hierarchies
; i
++) {
419 if (strcmp(hierarchies
[i
], controller
) == 0) {
420 *cfd
= fd_hierarchies
[i
];
421 return hierarchies
[i
];
423 if (in_comma_list(controller
, hierarchies
[i
])) {
424 *cfd
= fd_hierarchies
[i
];
425 return hierarchies
[i
];
432 bool cgfs_set_value(const char *controller
, const char *cgroup
, const char *file
,
437 char *fnam
, *tmpc
= find_mounted_controller(controller
, &cfd
);
441 /* . + /cgroup + / + file + \0 */
442 len
= strlen(cgroup
) + strlen(file
) + 3;
444 ret
= snprintf(fnam
, len
, "%s%s/%s", *cgroup
== '/' ? "." : "", cgroup
, file
);
445 if (ret
< 0 || (size_t)ret
>= len
)
448 fd
= openat(cfd
, fnam
, O_WRONLY
);
452 return write_string(fnam
, value
, fd
);
455 // Chown all the files in the cgroup directory. We do this when we create
456 // a cgroup on behalf of a user.
457 static void chown_all_cgroup_files(const char *dirname
, uid_t uid
, gid_t gid
, int fd
)
459 struct dirent
*direntp
;
460 char path
[MAXPATHLEN
];
465 len
= strlen(dirname
);
466 if (len
>= MAXPATHLEN
) {
467 fprintf(stderr
, "chown_all_cgroup_files: pathname too long: %s\n", dirname
);
471 fd1
= openat(fd
, dirname
, O_DIRECTORY
);
477 fprintf(stderr
, "chown_all_cgroup_files: failed to open %s\n", dirname
);
481 while ((direntp
= readdir(d
))) {
482 if (!strcmp(direntp
->d_name
, ".") || !strcmp(direntp
->d_name
, ".."))
484 ret
= snprintf(path
, MAXPATHLEN
, "%s/%s", dirname
, direntp
->d_name
);
485 if (ret
< 0 || ret
>= MAXPATHLEN
) {
486 fprintf(stderr
, "chown_all_cgroup_files: pathname too long under %s\n", dirname
);
489 if (fchownat(fd
, path
, uid
, gid
, 0) < 0)
490 fprintf(stderr
, "Failed to chown file %s to %u:%u", path
, uid
, gid
);
495 int cgfs_create(const char *controller
, const char *cg
, uid_t uid
, gid_t gid
)
499 char *dirnam
, *tmpc
= find_mounted_controller(controller
, &cfd
);
504 len
= strlen(cg
) + 2;
505 dirnam
= alloca(len
);
506 snprintf(dirnam
, len
, "%s%s", *cg
== '/' ? "." : "", cg
);
508 if (mkdirat(cfd
, dirnam
, 0755) < 0)
511 if (uid
== 0 && gid
== 0)
514 if (fchownat(cfd
, dirnam
, uid
, gid
, 0) < 0)
517 chown_all_cgroup_files(dirnam
, uid
, gid
, cfd
);
522 static bool recursive_rmdir(const char *dirname
)
524 struct dirent dirent
, *direntp
;
527 char pathname
[MAXPATHLEN
];
529 dir
= opendir(dirname
);
532 fprintf(stderr
, "%s: failed to open %s: %s\n", __func__
, dirname
, strerror(errno
));
537 while (!readdir_r(dir
, &dirent
, &direntp
)) {
544 if (!strcmp(direntp
->d_name
, ".") ||
545 !strcmp(direntp
->d_name
, ".."))
548 rc
= snprintf(pathname
, MAXPATHLEN
, "%s/%s", dirname
, direntp
->d_name
);
549 if (rc
< 0 || rc
>= MAXPATHLEN
) {
550 fprintf(stderr
, "pathname too long\n");
554 ret
= lstat(pathname
, &mystat
);
557 fprintf(stderr
, "%s: failed to stat %s: %s\n", __func__
, pathname
, strerror(errno
));
561 if (S_ISDIR(mystat
.st_mode
)) {
562 if (!recursive_rmdir(pathname
)) {
564 fprintf(stderr
, "Error removing %s\n", pathname
);
571 if (closedir(dir
) < 0) {
572 fprintf(stderr
, "%s: failed to close directory %s: %s\n", __func__
, dirname
, strerror(errno
));
576 if (rmdir(dirname
) < 0) {
578 fprintf(stderr
, "%s: failed to delete %s: %s\n", __func__
, dirname
, strerror(errno
));
586 bool cgfs_remove(const char *controller
, const char *cg
)
590 char *dirnam
, *tmpc
= find_mounted_controller(controller
, &cfd
);
594 /* BASEDIR / tmpc / cg \0 */
595 len
= strlen(BASEDIR
) + strlen(tmpc
) + strlen(cg
) + 3;
596 dirnam
= alloca(len
);
597 snprintf(dirnam
, len
, "%s/%s/%s", BASEDIR
,tmpc
, cg
);
598 return recursive_rmdir(dirnam
);
601 bool cgfs_chmod_file(const char *controller
, const char *file
, mode_t mode
)
605 char *pathname
, *tmpc
= find_mounted_controller(controller
, &cfd
);
609 /* BASEDIR / tmpc / file \0 */
610 len
= strlen(BASEDIR
) + strlen(tmpc
) + strlen(file
) + 3;
611 pathname
= alloca(len
);
612 snprintf(pathname
, len
, "%s/%s/%s", BASEDIR
, tmpc
, file
);
613 if (chmod(pathname
, mode
) < 0)
618 static int chown_tasks_files(const char *dirname
, uid_t uid
, gid_t gid
)
623 len
= strlen(dirname
) + strlen("/cgroup.procs") + 1;
625 snprintf(fname
, len
, "%s/tasks", dirname
);
626 if (chown(fname
, uid
, gid
) != 0)
628 snprintf(fname
, len
, "%s/cgroup.procs", dirname
);
629 if (chown(fname
, uid
, gid
) != 0)
634 int cgfs_chown_file(const char *controller
, const char *file
, uid_t uid
, gid_t gid
)
638 char *pathname
, *tmpc
= find_mounted_controller(controller
, &cfd
);
642 /* BASEDIR / tmpc / file \0 */
643 len
= strlen(BASEDIR
) + strlen(tmpc
) + strlen(file
) + 3;
644 pathname
= alloca(len
);
645 snprintf(pathname
, len
, "%s/%s/%s", BASEDIR
, tmpc
, file
);
646 if (chown(pathname
, uid
, gid
) < 0)
649 if (is_dir(pathname
))
650 // like cgmanager did, we want to chown the tasks file as well
651 return chown_tasks_files(pathname
, uid
, gid
);
656 FILE *open_pids_file(const char *controller
, const char *cgroup
)
660 char *pathname
, *tmpc
= find_mounted_controller(controller
, &cfd
);
664 /* BASEDIR / tmpc / cgroup / "cgroup.procs" \0 */
665 len
= strlen(BASEDIR
) + strlen(tmpc
) + strlen(cgroup
) + 4 + strlen("cgroup.procs");
666 pathname
= alloca(len
);
667 snprintf(pathname
, len
, "%s/%s/%s/cgroup.procs", BASEDIR
, tmpc
, cgroup
);
668 return fopen(pathname
, "w");
671 static bool cgfs_iterate_cgroup(const char *controller
, const char *cgroup
, bool directories
,
672 void ***list
, size_t typesize
,
673 void* (*iterator
)(const char*, const char*, const char*))
678 char pathname
[MAXPATHLEN
];
679 size_t sz
= 0, asz
= 0;
680 struct dirent
*dirent
;
683 tmpc
= find_mounted_controller(controller
, &cfd
);
688 /* Make sure we pass a relative path to openat(). */
689 len
= strlen(cgroup
) + 1 /* . */ + 1 /* \0 */;
691 ret
= snprintf(cg
, len
, "%s%s", *cgroup
== '/' ? "." : "", cgroup
);
692 if (ret
< 0 || (size_t)ret
>= len
) {
693 fprintf(stderr
, "%s: pathname too long under %s\n", __func__
, cgroup
);
697 fd
= openat(cfd
, cg
, O_DIRECTORY
);
705 while ((dirent
= readdir(dir
))) {
708 if (!strcmp(dirent
->d_name
, ".") ||
709 !strcmp(dirent
->d_name
, ".."))
712 ret
= snprintf(pathname
, MAXPATHLEN
, "%s/%s", cg
, dirent
->d_name
);
713 if (ret
< 0 || ret
>= MAXPATHLEN
) {
714 fprintf(stderr
, "%s: pathname too long under %s\n", __func__
, cg
);
718 ret
= fstatat(cfd
, pathname
, &mystat
, AT_SYMLINK_NOFOLLOW
);
720 fprintf(stderr
, "%s: failed to stat %s: %s\n", __func__
, pathname
, strerror(errno
));
723 if ((!directories
&& !S_ISREG(mystat
.st_mode
)) ||
724 (directories
&& !S_ISDIR(mystat
.st_mode
)))
731 tmp
= realloc(*list
, asz
* typesize
);
735 (*list
)[sz
] = (*iterator
)(controller
, cg
, dirent
->d_name
);
736 (*list
)[sz
+1] = NULL
;
739 if (closedir(dir
) < 0) {
740 fprintf(stderr
, "%s: failed closedir for %s: %s\n", __func__
, cgroup
, strerror(errno
));
746 static void *make_children_list_entry(const char *controller
, const char *cgroup
, const char *dir_entry
)
750 dup
= strdup(dir_entry
);
755 bool cgfs_list_children(const char *controller
, const char *cgroup
, char ***list
)
757 return cgfs_iterate_cgroup(controller
, cgroup
, true, (void***)list
, sizeof(*list
), &make_children_list_entry
);
760 void free_key(struct cgfs_files
*k
)
768 void free_keys(struct cgfs_files
**keys
)
774 for (i
= 0; keys
[i
]; i
++) {
780 bool cgfs_get_value(const char *controller
, const char *cgroup
, const char *file
, char **value
)
784 char *fnam
, *tmpc
= find_mounted_controller(controller
, &cfd
);
788 /* . + /cgroup + / + file + \0 */
789 len
= strlen(cgroup
) + strlen(file
) + 3;
791 ret
= snprintf(fnam
, len
, "%s%s/%s", *cgroup
== '/' ? "." : "", cgroup
, file
);
792 if (ret
< 0 || (size_t)ret
>= len
)
795 fd
= openat(cfd
, fnam
, O_RDONLY
);
799 *value
= slurp_file(fnam
, fd
);
800 return *value
!= NULL
;
803 struct cgfs_files
*cgfs_get_key(const char *controller
, const char *cgroup
, const char *file
)
807 char *fnam
, *tmpc
= find_mounted_controller(controller
, &cfd
);
809 struct cgfs_files
*newkey
;
814 if (file
&& *file
== '/')
817 if (file
&& index(file
, '/'))
820 /* . + /cgroup + / + file + \0 */
821 len
= strlen(cgroup
) + 3;
823 len
+= strlen(file
) + 1;
825 snprintf(fnam
, len
, "%s%s%s%s", *cgroup
== '/' ? "." : "", cgroup
,
826 file
? "/" : "", file
? file
: "");
828 ret
= fstatat(cfd
, fnam
, &sb
, 0);
833 newkey
= malloc(sizeof(struct cgfs_files
));
836 newkey
->name
= must_copy_string(file
);
837 else if (rindex(cgroup
, '/'))
838 newkey
->name
= must_copy_string(rindex(cgroup
, '/'));
840 newkey
->name
= must_copy_string(cgroup
);
841 newkey
->uid
= sb
.st_uid
;
842 newkey
->gid
= sb
.st_gid
;
843 newkey
->mode
= sb
.st_mode
;
848 static void *make_key_list_entry(const char *controller
, const char *cgroup
, const char *dir_entry
)
850 struct cgfs_files
*entry
= cgfs_get_key(controller
, cgroup
, dir_entry
);
852 fprintf(stderr
, "%s: Error getting files under %s:%s\n",
853 __func__
, controller
, cgroup
);
858 bool cgfs_list_keys(const char *controller
, const char *cgroup
, struct cgfs_files
***keys
)
860 return cgfs_iterate_cgroup(controller
, cgroup
, false, (void***)keys
, sizeof(*keys
), &make_key_list_entry
);
863 bool is_child_cgroup(const char *controller
, const char *cgroup
, const char *f
)
867 char *fnam
, *tmpc
= find_mounted_controller(controller
, &cfd
);
873 /* . + /cgroup + / + f + \0 */
874 len
= strlen(cgroup
) + strlen(f
) + 3;
876 ret
= snprintf(fnam
, len
, "%s%s/%s", *cgroup
== '/' ? "." : "", cgroup
, f
);
877 if (ret
< 0 || (size_t)ret
>= len
)
880 ret
= fstatat(cfd
, fnam
, &sb
, 0);
881 if (ret
< 0 || !S_ISDIR(sb
.st_mode
))
886 #define SEND_CREDS_OK 0
887 #define SEND_CREDS_NOTSK 1
888 #define SEND_CREDS_FAIL 2
889 static bool recv_creds(int sock
, struct ucred
*cred
, char *v
);
890 static int wait_for_pid(pid_t pid
);
891 static int send_creds(int sock
, struct ucred
*cred
, char v
, bool pingfirst
);
892 static int send_creds_clone_wrapper(void *arg
);
895 * clone a task which switches to @task's namespace and writes '1'.
896 * over a unix sock so we can read the task's reaper's pid in our
899 * Note: glibc's fork() does not respect pidns, which can lead to failed
900 * assertions inside glibc (and thus failed forks) if the child's pid in
901 * the pidns and the parent pid outside are identical. Using clone prevents
904 static void write_task_init_pid_exit(int sock
, pid_t target
)
909 size_t stack_size
= sysconf(_SC_PAGESIZE
);
910 void *stack
= alloca(stack_size
);
912 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", (int)target
);
913 if (ret
< 0 || ret
>= sizeof(fnam
))
916 fd
= open(fnam
, O_RDONLY
);
918 perror("write_task_init_pid_exit open of ns/pid");
922 perror("write_task_init_pid_exit setns 1");
926 pid
= clone(send_creds_clone_wrapper
, stack
+ stack_size
, SIGCHLD
, &sock
);
930 if (!wait_for_pid(pid
))
936 static int send_creds_clone_wrapper(void *arg
) {
939 int sock
= *(int *)arg
;
941 /* we are the child */
946 if (send_creds(sock
, &cred
, v
, true) != SEND_CREDS_OK
)
951 static pid_t
get_init_pid_for_task(pid_t task
)
959 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
960 perror("socketpair");
969 write_task_init_pid_exit(sock
[0], task
);
973 if (!recv_creds(sock
[1], &cred
, &v
))
985 static pid_t
lookup_initpid_in_store(pid_t qpid
)
989 struct pidns_init_store
*e
;
992 snprintf(fnam
, 100, "/proc/%d/ns/pid", qpid
);
994 if (stat(fnam
, &sb
) < 0)
996 e
= lookup_verify_initpid(&sb
);
1001 answer
= get_init_pid_for_task(qpid
);
1003 save_initpid(&sb
, answer
);
1006 /* we prune at end in case we are returning
1007 * the value we were about to return */
1008 prune_initpid_store();
1013 static int wait_for_pid(pid_t pid
)
1021 ret
= waitpid(pid
, &status
, 0);
1029 if (!WIFEXITED(status
) || WEXITSTATUS(status
) != 0)
1036 * append pid to *src.
1037 * src: a pointer to a char* in which ot append the pid.
1038 * sz: the number of characters printed so far, minus trailing \0.
1039 * asz: the allocated size so far
1040 * pid: the pid to append
1042 static void must_strcat_pid(char **src
, size_t *sz
, size_t *asz
, pid_t pid
)
1046 int tmplen
= sprintf(tmp
, "%d\n", (int)pid
);
1048 if (!*src
|| tmplen
+ *sz
+ 1 >= *asz
) {
1051 tmp
= realloc(*src
, *asz
+ BUF_RESERVE_SIZE
);
1054 *asz
+= BUF_RESERVE_SIZE
;
1056 memcpy((*src
) +*sz
, tmp
, tmplen
+1); /* include the \0 */
1061 * Given a open file * to /proc/pid/{u,g}id_map, and an id
1062 * valid in the caller's namespace, return the id mapped into
1064 * Returns the mapped id, or -1 on error.
1067 convert_id_to_ns(FILE *idfile
, unsigned int in_id
)
1069 unsigned int nsuid
, // base id for a range in the idfile's namespace
1070 hostuid
, // base id for a range in the caller's namespace
1071 count
; // number of ids in this range
1075 fseek(idfile
, 0L, SEEK_SET
);
1076 while (fgets(line
, 400, idfile
)) {
1077 ret
= sscanf(line
, "%u %u %u\n", &nsuid
, &hostuid
, &count
);
1080 if (hostuid
+ count
< hostuid
|| nsuid
+ count
< nsuid
) {
1082 * uids wrapped around - unexpected as this is a procfile,
1085 fprintf(stderr
, "pid wrapparound at entry %u %u %u in %s\n",
1086 nsuid
, hostuid
, count
, line
);
1089 if (hostuid
<= in_id
&& hostuid
+count
> in_id
) {
1091 * now since hostuid <= in_id < hostuid+count, and
1092 * hostuid+count and nsuid+count do not wrap around,
1093 * we know that nsuid+(in_id-hostuid) which must be
1094 * less that nsuid+(count) must not wrap around
1096 return (in_id
- hostuid
) + nsuid
;
1105 * for is_privileged_over,
1106 * specify whether we require the calling uid to be root in his
1109 #define NS_ROOT_REQD true
1110 #define NS_ROOT_OPT false
1114 static bool is_privileged_over(pid_t pid
, uid_t uid
, uid_t victim
, bool req_ns_root
)
1116 char fpath
[PROCLEN
];
1118 bool answer
= false;
1121 if (victim
== -1 || uid
== -1)
1125 * If the request is one not requiring root in the namespace,
1126 * then having the same uid suffices. (i.e. uid 1000 has write
1127 * access to files owned by uid 1000
1129 if (!req_ns_root
&& uid
== victim
)
1132 ret
= snprintf(fpath
, PROCLEN
, "/proc/%d/uid_map", pid
);
1133 if (ret
< 0 || ret
>= PROCLEN
)
1135 FILE *f
= fopen(fpath
, "r");
1139 /* if caller's not root in his namespace, reject */
1140 nsuid
= convert_id_to_ns(f
, uid
);
1145 * If victim is not mapped into caller's ns, reject.
1146 * XXX I'm not sure this check is needed given that fuse
1147 * will be sending requests where the vfs has converted
1149 nsuid
= convert_id_to_ns(f
, victim
);
1160 static bool perms_include(int fmode
, mode_t req_mode
)
1164 switch (req_mode
& O_ACCMODE
) {
1172 r
= S_IROTH
| S_IWOTH
;
1177 return ((fmode
& r
) == r
);
1183 * querycg is /a/b/c/d/e
1186 static char *get_next_cgroup_dir(const char *taskcg
, const char *querycg
)
1190 if (strlen(taskcg
) <= strlen(querycg
)) {
1191 fprintf(stderr
, "%s: I was fed bad input\n", __func__
);
1195 if (strcmp(querycg
, "/") == 0)
1196 start
= strdup(taskcg
+ 1);
1198 start
= strdup(taskcg
+ strlen(querycg
) + 1);
1201 end
= strchr(start
, '/');
1207 static void stripnewline(char *x
)
1209 size_t l
= strlen(x
);
1210 if (l
&& x
[l
-1] == '\n')
1214 static char *get_pid_cgroup(pid_t pid
, const char *contrl
)
1219 char *answer
= NULL
;
1223 const char *h
= find_mounted_controller(contrl
, &cfd
);
1227 ret
= snprintf(fnam
, PROCLEN
, "/proc/%d/cgroup", pid
);
1228 if (ret
< 0 || ret
>= PROCLEN
)
1230 if (!(f
= fopen(fnam
, "r")))
1233 while (getline(&line
, &len
, f
) != -1) {
1237 c1
= strchr(line
, ':');
1241 c2
= strchr(c1
, ':');
1245 if (strcmp(c1
, h
) != 0)
1250 answer
= strdup(c2
);
1262 * check whether a fuse context may access a cgroup dir or file
1264 * If file is not null, it is a cgroup file to check under cg.
1265 * If file is null, then we are checking perms on cg itself.
1267 * For files we can check the mode of the list_keys result.
1268 * For cgroups, we must make assumptions based on the files under the
1269 * cgroup, because cgmanager doesn't tell us ownership/perms of cgroups
1272 static bool fc_may_access(struct fuse_context
*fc
, const char *contrl
, const char *cg
, const char *file
, mode_t mode
)
1274 struct cgfs_files
*k
= NULL
;
1277 k
= cgfs_get_key(contrl
, cg
, file
);
1281 if (is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
)) {
1282 if (perms_include(k
->mode
>> 6, mode
)) {
1287 if (fc
->gid
== k
->gid
) {
1288 if (perms_include(k
->mode
>> 3, mode
)) {
1293 ret
= perms_include(k
->mode
, mode
);
1300 #define INITSCOPE "/init.scope"
1301 static void prune_init_slice(char *cg
)
1304 size_t cg_len
= strlen(cg
), initscope_len
= strlen(INITSCOPE
);
1306 if (cg_len
< initscope_len
)
1309 point
= cg
+ cg_len
- initscope_len
;
1310 if (strcmp(point
, INITSCOPE
) == 0) {
1319 * If pid is in /a/b/c/d, he may only act on things under cg=/a/b/c/d.
1320 * If pid is in /a, he may act on /a/b, but not on /b.
1321 * if the answer is false and nextcg is not NULL, then *nextcg will point
1322 * to a string containing the next cgroup directory under cg, which must be
1323 * freed by the caller.
1325 static bool caller_is_in_ancestor(pid_t pid
, const char *contrl
, const char *cg
, char **nextcg
)
1327 bool answer
= false;
1328 char *c2
= get_pid_cgroup(pid
, contrl
);
1333 prune_init_slice(c2
);
1336 * callers pass in '/' or './' (openat()) for root cgroup, otherwise
1337 * they pass in a cgroup without leading '/'
1339 * The original line here was:
1340 * linecmp = *cg == '/' ? c2 : c2+1;
1341 * TODO: I'm not sure why you'd want to increment when *cg != '/'?
1342 * Serge, do you know?
1344 if (*cg
== '/' || !strncmp(cg
, "./", 2))
1348 if (strncmp(linecmp
, cg
, strlen(linecmp
)) != 0) {
1350 *nextcg
= get_next_cgroup_dir(linecmp
, cg
);
1362 * If pid is in /a/b/c, he may see that /a exists, but not /b or /a/c.
1364 static bool caller_may_see_dir(pid_t pid
, const char *contrl
, const char *cg
)
1366 bool answer
= false;
1368 size_t target_len
, task_len
;
1370 if (strcmp(cg
, "/") == 0 || strcmp(cg
, "./") == 0)
1373 c2
= get_pid_cgroup(pid
, contrl
);
1376 prune_init_slice(c2
);
1379 target_len
= strlen(cg
);
1380 task_len
= strlen(task_cg
);
1381 if (task_len
== 0) {
1382 /* Task is in the root cg, it can see everything. This case is
1383 * not handled by the strmcps below, since they test for the
1384 * last /, but that is the first / that we've chopped off
1390 if (strcmp(cg
, task_cg
) == 0) {
1394 if (target_len
< task_len
) {
1395 /* looking up a parent dir */
1396 if (strncmp(task_cg
, cg
, target_len
) == 0 && task_cg
[target_len
] == '/')
1400 if (target_len
> task_len
) {
1401 /* looking up a child dir */
1402 if (strncmp(task_cg
, cg
, task_len
) == 0 && cg
[task_len
] == '/')
1413 * given /cgroup/freezer/a/b, return "freezer".
1414 * the returned char* should NOT be freed.
1416 static char *pick_controller_from_path(struct fuse_context
*fc
, const char *path
)
1419 char *contr
, *slash
;
1421 if (strlen(path
) < 9)
1423 if (*(path
+7) != '/')
1426 contr
= strdupa(p1
);
1429 slash
= strstr(contr
, "/");
1434 for (i
= 0; i
< num_hierarchies
; i
++) {
1435 if (hierarchies
[i
] && strcmp(hierarchies
[i
], contr
) == 0)
1436 return hierarchies
[i
];
1442 * Find the start of cgroup in /cgroup/controller/the/cgroup/path
1443 * Note that the returned value may include files (keynames) etc
1445 static const char *find_cgroup_in_path(const char *path
)
1449 if (strlen(path
) < 9)
1451 p1
= strstr(path
+8, "/");
1458 * split the last path element from the path in @cg.
1459 * @dir is newly allocated and should be freed, @last not
1461 static void get_cgdir_and_path(const char *cg
, char **dir
, char **last
)
1468 *last
= strrchr(cg
, '/');
1473 p
= strrchr(*dir
, '/');
1478 * FUSE ops for /cgroup
1481 int cg_getattr(const char *path
, struct stat
*sb
)
1483 struct timespec now
;
1484 struct fuse_context
*fc
= fuse_get_context();
1485 char * cgdir
= NULL
;
1486 char *last
= NULL
, *path1
, *path2
;
1487 struct cgfs_files
*k
= NULL
;
1489 const char *controller
= NULL
;
1496 memset(sb
, 0, sizeof(struct stat
));
1498 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
1501 sb
->st_uid
= sb
->st_gid
= 0;
1502 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
1505 if (strcmp(path
, "/cgroup") == 0) {
1506 sb
->st_mode
= S_IFDIR
| 00755;
1511 controller
= pick_controller_from_path(fc
, path
);
1514 cgroup
= find_cgroup_in_path(path
);
1516 /* this is just /cgroup/controller, return it as a dir */
1517 sb
->st_mode
= S_IFDIR
| 00755;
1522 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
1532 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
1535 /* check that cgcopy is either a child cgroup of cgdir, or listed in its keys.
1536 * Then check that caller's cgroup is under path if last is a child
1537 * cgroup, or cgdir if last is a file */
1539 if (is_child_cgroup(controller
, path1
, path2
)) {
1540 if (!caller_may_see_dir(initpid
, controller
, cgroup
)) {
1544 if (!caller_is_in_ancestor(initpid
, controller
, cgroup
, NULL
)) {
1545 /* this is just /cgroup/controller, return it as a dir */
1546 sb
->st_mode
= S_IFDIR
| 00555;
1551 if (!fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
)) {
1556 // get uid, gid, from '/tasks' file and make up a mode
1557 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1558 sb
->st_mode
= S_IFDIR
| 00755;
1559 k
= cgfs_get_key(controller
, cgroup
, NULL
);
1561 sb
->st_uid
= sb
->st_gid
= 0;
1563 sb
->st_uid
= k
->uid
;
1564 sb
->st_gid
= k
->gid
;
1572 if ((k
= cgfs_get_key(controller
, path1
, path2
)) != NULL
) {
1573 sb
->st_mode
= S_IFREG
| k
->mode
;
1575 sb
->st_uid
= k
->uid
;
1576 sb
->st_gid
= k
->gid
;
1579 if (!caller_is_in_ancestor(initpid
, controller
, path1
, NULL
)) {
1583 if (!fc_may_access(fc
, controller
, path1
, path2
, O_RDONLY
)) {
1596 int cg_opendir(const char *path
, struct fuse_file_info
*fi
)
1598 struct fuse_context
*fc
= fuse_get_context();
1600 struct file_info
*dir_info
;
1601 char *controller
= NULL
;
1606 if (strcmp(path
, "/cgroup") == 0) {
1610 // return list of keys for the controller, and list of child cgroups
1611 controller
= pick_controller_from_path(fc
, path
);
1615 cgroup
= find_cgroup_in_path(path
);
1617 /* this is just /cgroup/controller, return its contents */
1622 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
1626 if (!caller_may_see_dir(initpid
, controller
, cgroup
))
1628 if (!fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
))
1632 /* we'll free this at cg_releasedir */
1633 dir_info
= malloc(sizeof(*dir_info
));
1636 dir_info
->controller
= must_copy_string(controller
);
1637 dir_info
->cgroup
= must_copy_string(cgroup
);
1638 dir_info
->type
= LXC_TYPE_CGDIR
;
1639 dir_info
->buf
= NULL
;
1640 dir_info
->file
= NULL
;
1641 dir_info
->buflen
= 0;
1643 fi
->fh
= (unsigned long)dir_info
;
1647 int cg_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
1648 struct fuse_file_info
*fi
)
1650 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1651 struct cgfs_files
**list
= NULL
;
1653 char *nextcg
= NULL
;
1654 struct fuse_context
*fc
= fuse_get_context();
1655 char **clist
= NULL
;
1657 if (d
->type
!= LXC_TYPE_CGDIR
) {
1658 fprintf(stderr
, "Internal error: file cache info used in readdir\n");
1661 if (!d
->cgroup
&& !d
->controller
) {
1662 // ls /var/lib/lxcfs/cgroup - just show list of controllers
1665 for (i
= 0; i
< num_hierarchies
; i
++) {
1666 if (hierarchies
[i
] && filler(buf
, hierarchies
[i
], NULL
, 0) != 0) {
1673 if (!cgfs_list_keys(d
->controller
, d
->cgroup
, &list
)) {
1674 // not a valid cgroup
1679 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
1682 if (!caller_is_in_ancestor(initpid
, d
->controller
, d
->cgroup
, &nextcg
)) {
1684 ret
= filler(buf
, nextcg
, NULL
, 0);
1695 for (i
= 0; list
[i
]; i
++) {
1696 if (filler(buf
, list
[i
]->name
, NULL
, 0) != 0) {
1702 // now get the list of child cgroups
1704 if (!cgfs_list_children(d
->controller
, d
->cgroup
, &clist
)) {
1709 for (i
= 0; clist
[i
]; i
++) {
1710 if (filler(buf
, clist
[i
], NULL
, 0) != 0) {
1721 for (i
= 0; clist
[i
]; i
++)
1728 static void do_release_file_info(struct fuse_file_info
*fi
)
1730 struct file_info
*f
= (struct file_info
*)fi
->fh
;
1737 free(f
->controller
);
1738 f
->controller
= NULL
;
1748 int cg_releasedir(const char *path
, struct fuse_file_info
*fi
)
1750 do_release_file_info(fi
);
1754 int cg_open(const char *path
, struct fuse_file_info
*fi
)
1757 char *last
= NULL
, *path1
, *path2
, * cgdir
= NULL
, *controller
;
1758 struct cgfs_files
*k
= NULL
;
1759 struct file_info
*file_info
;
1760 struct fuse_context
*fc
= fuse_get_context();
1766 controller
= pick_controller_from_path(fc
, path
);
1769 cgroup
= find_cgroup_in_path(path
);
1773 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
1782 k
= cgfs_get_key(controller
, path1
, path2
);
1789 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
1792 if (!caller_may_see_dir(initpid
, controller
, path1
)) {
1796 if (!fc_may_access(fc
, controller
, path1
, path2
, fi
->flags
)) {
1801 /* we'll free this at cg_release */
1802 file_info
= malloc(sizeof(*file_info
));
1807 file_info
->controller
= must_copy_string(controller
);
1808 file_info
->cgroup
= must_copy_string(path1
);
1809 file_info
->file
= must_copy_string(path2
);
1810 file_info
->type
= LXC_TYPE_CGFILE
;
1811 file_info
->buf
= NULL
;
1812 file_info
->buflen
= 0;
1814 fi
->fh
= (unsigned long)file_info
;
1822 int cg_access(const char *path
, int mode
)
1825 char *last
= NULL
, *path1
, *path2
, * cgdir
= NULL
, *controller
;
1826 struct cgfs_files
*k
= NULL
;
1827 struct fuse_context
*fc
= fuse_get_context();
1833 controller
= pick_controller_from_path(fc
, path
);
1836 cgroup
= find_cgroup_in_path(path
);
1838 // access("/sys/fs/cgroup/systemd", mode) - rx allowed, w not
1839 if ((mode
& W_OK
) == 0)
1844 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
1853 k
= cgfs_get_key(controller
, path1
, path2
);
1855 if ((mode
& W_OK
) == 0)
1863 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
1866 if (!caller_may_see_dir(initpid
, controller
, path1
)) {
1870 if (!fc_may_access(fc
, controller
, path1
, path2
, mode
)) {
1882 int cg_release(const char *path
, struct fuse_file_info
*fi
)
1884 do_release_file_info(fi
);
1888 #define POLLIN_SET ( EPOLLIN | EPOLLHUP | EPOLLRDHUP )
1890 static bool wait_for_sock(int sock
, int timeout
)
1892 struct epoll_event ev
;
1893 int epfd
, ret
, now
, starttime
, deltatime
, saved_errno
;
1895 if ((starttime
= time(NULL
)) < 0)
1898 if ((epfd
= epoll_create(1)) < 0) {
1899 fprintf(stderr
, "Failed to create epoll socket: %m\n");
1903 ev
.events
= POLLIN_SET
;
1905 if (epoll_ctl(epfd
, EPOLL_CTL_ADD
, sock
, &ev
) < 0) {
1906 fprintf(stderr
, "Failed adding socket to epoll: %m\n");
1912 if ((now
= time(NULL
)) < 0) {
1917 deltatime
= (starttime
+ timeout
) - now
;
1918 if (deltatime
< 0) { // timeout
1923 ret
= epoll_wait(epfd
, &ev
, 1, 1000*deltatime
+ 1);
1924 if (ret
< 0 && errno
== EINTR
)
1926 saved_errno
= errno
;
1930 errno
= saved_errno
;
1936 static int msgrecv(int sockfd
, void *buf
, size_t len
)
1938 if (!wait_for_sock(sockfd
, 2))
1940 return recv(sockfd
, buf
, len
, MSG_DONTWAIT
);
1943 static int send_creds(int sock
, struct ucred
*cred
, char v
, bool pingfirst
)
1945 struct msghdr msg
= { 0 };
1947 struct cmsghdr
*cmsg
;
1948 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
1953 if (msgrecv(sock
, buf
, 1) != 1) {
1954 fprintf(stderr
, "%s: Error getting reply from server over socketpair\n",
1956 return SEND_CREDS_FAIL
;
1960 msg
.msg_control
= cmsgbuf
;
1961 msg
.msg_controllen
= sizeof(cmsgbuf
);
1963 cmsg
= CMSG_FIRSTHDR(&msg
);
1964 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct ucred
));
1965 cmsg
->cmsg_level
= SOL_SOCKET
;
1966 cmsg
->cmsg_type
= SCM_CREDENTIALS
;
1967 memcpy(CMSG_DATA(cmsg
), cred
, sizeof(*cred
));
1969 msg
.msg_name
= NULL
;
1970 msg
.msg_namelen
= 0;
1974 iov
.iov_len
= sizeof(buf
);
1978 if (sendmsg(sock
, &msg
, 0) < 0) {
1979 fprintf(stderr
, "%s: failed at sendmsg: %s\n", __func__
,
1982 return SEND_CREDS_NOTSK
;
1983 return SEND_CREDS_FAIL
;
1986 return SEND_CREDS_OK
;
1989 static bool recv_creds(int sock
, struct ucred
*cred
, char *v
)
1991 struct msghdr msg
= { 0 };
1993 struct cmsghdr
*cmsg
;
1994 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
2005 if (setsockopt(sock
, SOL_SOCKET
, SO_PASSCRED
, &optval
, sizeof(optval
)) == -1) {
2006 fprintf(stderr
, "Failed to set passcred: %s\n", strerror(errno
));
2010 if (write(sock
, buf
, 1) != 1) {
2011 fprintf(stderr
, "Failed to start write on scm fd: %s\n", strerror(errno
));
2015 msg
.msg_name
= NULL
;
2016 msg
.msg_namelen
= 0;
2017 msg
.msg_control
= cmsgbuf
;
2018 msg
.msg_controllen
= sizeof(cmsgbuf
);
2021 iov
.iov_len
= sizeof(buf
);
2025 if (!wait_for_sock(sock
, 2)) {
2026 fprintf(stderr
, "Timed out waiting for scm_cred: %s\n",
2030 ret
= recvmsg(sock
, &msg
, MSG_DONTWAIT
);
2032 fprintf(stderr
, "Failed to receive scm_cred: %s\n",
2037 cmsg
= CMSG_FIRSTHDR(&msg
);
2039 if (cmsg
&& cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
)) &&
2040 cmsg
->cmsg_level
== SOL_SOCKET
&&
2041 cmsg
->cmsg_type
== SCM_CREDENTIALS
) {
2042 memcpy(cred
, CMSG_DATA(cmsg
), sizeof(*cred
));
2049 struct pid_ns_clone_args
{
2053 int (*wrapped
) (int, pid_t
); // pid_from_ns or pid_to_ns
2057 * pid_ns_clone_wrapper - wraps pid_to_ns or pid_from_ns for usage
2058 * with clone(). This simply writes '1' as ACK back to the parent
2059 * before calling the actual wrapped function.
2061 static int pid_ns_clone_wrapper(void *arg
) {
2062 struct pid_ns_clone_args
* args
= (struct pid_ns_clone_args
*) arg
;
2065 close(args
->cpipe
[0]);
2066 if (write(args
->cpipe
[1], &b
, sizeof(char)) < 0) {
2067 fprintf(stderr
, "%s (child): error on write: %s\n",
2068 __func__
, strerror(errno
));
2070 close(args
->cpipe
[1]);
2071 return args
->wrapped(args
->sock
, args
->tpid
);
2075 * pid_to_ns - reads pids from a ucred over a socket, then writes the
2076 * int value back over the socket. This shifts the pid from the
2077 * sender's pidns into tpid's pidns.
2079 static int pid_to_ns(int sock
, pid_t tpid
)
2084 while (recv_creds(sock
, &cred
, &v
)) {
2087 if (write(sock
, &cred
.pid
, sizeof(pid_t
)) != sizeof(pid_t
))
2095 * pid_to_ns_wrapper: when you setns into a pidns, you yourself remain
2096 * in your old pidns. Only children which you clone will be in the target
2097 * pidns. So the pid_to_ns_wrapper does the setns, then clones a child to
2098 * actually convert pids.
2100 * Note: glibc's fork() does not respect pidns, which can lead to failed
2101 * assertions inside glibc (and thus failed forks) if the child's pid in
2102 * the pidns and the parent pid outside are identical. Using clone prevents
2105 static void pid_to_ns_wrapper(int sock
, pid_t tpid
)
2107 int newnsfd
= -1, ret
, cpipe
[2];
2112 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", tpid
);
2113 if (ret
< 0 || ret
>= sizeof(fnam
))
2115 newnsfd
= open(fnam
, O_RDONLY
);
2118 if (setns(newnsfd
, 0) < 0)
2122 if (pipe(cpipe
) < 0)
2125 struct pid_ns_clone_args args
= {
2129 .wrapped
= &pid_to_ns
2131 size_t stack_size
= sysconf(_SC_PAGESIZE
);
2132 void *stack
= alloca(stack_size
);
2134 cpid
= clone(pid_ns_clone_wrapper
, stack
+ stack_size
, SIGCHLD
, &args
);
2138 // give the child 1 second to be done forking and
2140 if (!wait_for_sock(cpipe
[0], 1))
2142 ret
= read(cpipe
[0], &v
, 1);
2143 if (ret
!= sizeof(char) || v
!= '1')
2146 if (!wait_for_pid(cpid
))
2152 * To read cgroup files with a particular pid, we will setns into the child
2153 * pidns, open a pipe, fork a child - which will be the first to really be in
2154 * the child ns - which does the cgfs_get_value and writes the data to the pipe.
2156 bool do_read_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, char **d
)
2158 int sock
[2] = {-1, -1};
2159 char *tmpdata
= NULL
;
2161 pid_t qpid
, cpid
= -1;
2162 bool answer
= false;
2165 size_t sz
= 0, asz
= 0;
2167 if (!cgfs_get_value(contrl
, cg
, file
, &tmpdata
))
2171 * Now we read the pids from returned data one by one, pass
2172 * them into a child in the target namespace, read back the
2173 * translated pids, and put them into our to-return data
2176 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
2177 perror("socketpair");
2186 if (!cpid
) // child - exits when done
2187 pid_to_ns_wrapper(sock
[1], tpid
);
2189 char *ptr
= tmpdata
;
2192 while (sscanf(ptr
, "%d\n", &qpid
) == 1) {
2194 ret
= send_creds(sock
[0], &cred
, v
, true);
2196 if (ret
== SEND_CREDS_NOTSK
)
2198 if (ret
== SEND_CREDS_FAIL
)
2201 // read converted results
2202 if (!wait_for_sock(sock
[0], 2)) {
2203 fprintf(stderr
, "%s: timed out waiting for pid from child: %s\n",
2204 __func__
, strerror(errno
));
2207 if (read(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
2208 fprintf(stderr
, "%s: error reading pid from child: %s\n",
2209 __func__
, strerror(errno
));
2212 must_strcat_pid(d
, &sz
, &asz
, qpid
);
2214 ptr
= strchr(ptr
, '\n');
2220 cred
.pid
= getpid();
2222 if (send_creds(sock
[0], &cred
, v
, true) != SEND_CREDS_OK
) {
2223 // failed to ask child to exit
2224 fprintf(stderr
, "%s: failed to ask child to exit: %s\n",
2225 __func__
, strerror(errno
));
2235 if (sock
[0] != -1) {
2242 int cg_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2243 struct fuse_file_info
*fi
)
2245 struct fuse_context
*fc
= fuse_get_context();
2246 struct file_info
*f
= (struct file_info
*)fi
->fh
;
2247 struct cgfs_files
*k
= NULL
;
2252 if (f
->type
!= LXC_TYPE_CGFILE
) {
2253 fprintf(stderr
, "Internal error: directory cache info used in cg_read\n");
2266 if ((k
= cgfs_get_key(f
->controller
, f
->cgroup
, f
->file
)) == NULL
) {
2272 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_RDONLY
)) {
2277 if (strcmp(f
->file
, "tasks") == 0 ||
2278 strcmp(f
->file
, "/tasks") == 0 ||
2279 strcmp(f
->file
, "/cgroup.procs") == 0 ||
2280 strcmp(f
->file
, "cgroup.procs") == 0)
2281 // special case - we have to translate the pids
2282 r
= do_read_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, &data
);
2284 r
= cgfs_get_value(f
->controller
, f
->cgroup
, f
->file
, &data
);
2298 memcpy(buf
, data
, s
);
2299 if (s
> 0 && s
< size
&& data
[s
-1] != '\n')
2309 static int pid_from_ns(int sock
, pid_t tpid
)
2319 if (!wait_for_sock(sock
, 2)) {
2320 fprintf(stderr
, "%s: timeout reading from parent\n", __func__
);
2323 if ((ret
= read(sock
, &vpid
, sizeof(pid_t
))) != sizeof(pid_t
)) {
2324 fprintf(stderr
, "%s: bad read from parent: %s\n",
2325 __func__
, strerror(errno
));
2328 if (vpid
== -1) // done
2332 if (send_creds(sock
, &cred
, v
, true) != SEND_CREDS_OK
) {
2334 cred
.pid
= getpid();
2335 if (send_creds(sock
, &cred
, v
, false) != SEND_CREDS_OK
)
2342 static void pid_from_ns_wrapper(int sock
, pid_t tpid
)
2344 int newnsfd
= -1, ret
, cpipe
[2];
2349 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", tpid
);
2350 if (ret
< 0 || ret
>= sizeof(fnam
))
2352 newnsfd
= open(fnam
, O_RDONLY
);
2355 if (setns(newnsfd
, 0) < 0)
2359 if (pipe(cpipe
) < 0)
2362 struct pid_ns_clone_args args
= {
2366 .wrapped
= &pid_from_ns
2368 size_t stack_size
= sysconf(_SC_PAGESIZE
);
2369 void *stack
= alloca(stack_size
);
2371 cpid
= clone(pid_ns_clone_wrapper
, stack
+ stack_size
, SIGCHLD
, &args
);
2375 // give the child 1 second to be done forking and
2377 if (!wait_for_sock(cpipe
[0], 1))
2379 ret
= read(cpipe
[0], &v
, 1);
2380 if (ret
!= sizeof(char) || v
!= '1')
2383 if (!wait_for_pid(cpid
))
2389 * Given host @uid, return the uid to which it maps in
2390 * @pid's user namespace, or -1 if none.
2392 bool hostuid_to_ns(uid_t uid
, pid_t pid
, uid_t
*answer
)
2397 sprintf(line
, "/proc/%d/uid_map", pid
);
2398 if ((f
= fopen(line
, "r")) == NULL
) {
2402 *answer
= convert_id_to_ns(f
, uid
);
2411 * get_pid_creds: get the real uid and gid of @pid from
2413 * (XXX should we use euid here?)
2415 void get_pid_creds(pid_t pid
, uid_t
*uid
, gid_t
*gid
)
2424 sprintf(line
, "/proc/%d/status", pid
);
2425 if ((f
= fopen(line
, "r")) == NULL
) {
2426 fprintf(stderr
, "Error opening %s: %s\n", line
, strerror(errno
));
2429 while (fgets(line
, 400, f
)) {
2430 if (strncmp(line
, "Uid:", 4) == 0) {
2431 if (sscanf(line
+4, "%u", &u
) != 1) {
2432 fprintf(stderr
, "bad uid line for pid %u\n", pid
);
2437 } else if (strncmp(line
, "Gid:", 4) == 0) {
2438 if (sscanf(line
+4, "%u", &g
) != 1) {
2439 fprintf(stderr
, "bad gid line for pid %u\n", pid
);
2450 * May the requestor @r move victim @v to a new cgroup?
2451 * This is allowed if
2452 * . they are the same task
2453 * . they are ownedy by the same uid
2454 * . @r is root on the host, or
2455 * . @v's uid is mapped into @r's where @r is root.
2457 bool may_move_pid(pid_t r
, uid_t r_uid
, pid_t v
)
2459 uid_t v_uid
, tmpuid
;
2466 get_pid_creds(v
, &v_uid
, &v_gid
);
2469 if (hostuid_to_ns(r_uid
, r
, &tmpuid
) && tmpuid
== 0
2470 && hostuid_to_ns(v_uid
, r
, &tmpuid
))
2475 static bool do_write_pids(pid_t tpid
, uid_t tuid
, const char *contrl
, const char *cg
,
2476 const char *file
, const char *buf
)
2478 int sock
[2] = {-1, -1};
2479 pid_t qpid
, cpid
= -1;
2480 FILE *pids_file
= NULL
;
2481 bool answer
= false, fail
= false;
2483 pids_file
= open_pids_file(contrl
, cg
);
2488 * write the pids to a socket, have helper in writer's pidns
2489 * call movepid for us
2491 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
2492 perror("socketpair");
2500 if (!cpid
) { // child
2502 pid_from_ns_wrapper(sock
[1], tpid
);
2505 const char *ptr
= buf
;
2506 while (sscanf(ptr
, "%d", &qpid
) == 1) {
2510 if (write(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
2511 fprintf(stderr
, "%s: error writing pid to child: %s\n",
2512 __func__
, strerror(errno
));
2516 if (recv_creds(sock
[0], &cred
, &v
)) {
2518 if (!may_move_pid(tpid
, tuid
, cred
.pid
)) {
2522 if (fprintf(pids_file
, "%d", (int) cred
.pid
) < 0)
2527 ptr
= strchr(ptr
, '\n');
2533 /* All good, write the value */
2535 if (write(sock
[0], &qpid
,sizeof(qpid
)) != sizeof(qpid
))
2536 fprintf(stderr
, "Warning: failed to ask child to exit\n");
2544 if (sock
[0] != -1) {
2549 if (fclose(pids_file
) != 0)
2555 int cg_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
2556 struct fuse_file_info
*fi
)
2558 struct fuse_context
*fc
= fuse_get_context();
2559 char *localbuf
= NULL
;
2560 struct cgfs_files
*k
= NULL
;
2561 struct file_info
*f
= (struct file_info
*)fi
->fh
;
2564 if (f
->type
!= LXC_TYPE_CGFILE
) {
2565 fprintf(stderr
, "Internal error: directory cache info used in cg_write\n");
2575 localbuf
= alloca(size
+1);
2576 localbuf
[size
] = '\0';
2577 memcpy(localbuf
, buf
, size
);
2579 if ((k
= cgfs_get_key(f
->controller
, f
->cgroup
, f
->file
)) == NULL
) {
2584 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_WRONLY
)) {
2589 if (strcmp(f
->file
, "tasks") == 0 ||
2590 strcmp(f
->file
, "/tasks") == 0 ||
2591 strcmp(f
->file
, "/cgroup.procs") == 0 ||
2592 strcmp(f
->file
, "cgroup.procs") == 0)
2593 // special case - we have to translate the pids
2594 r
= do_write_pids(fc
->pid
, fc
->uid
, f
->controller
, f
->cgroup
, f
->file
, localbuf
);
2596 r
= cgfs_set_value(f
->controller
, f
->cgroup
, f
->file
, localbuf
);
2606 int cg_chown(const char *path
, uid_t uid
, gid_t gid
)
2608 struct fuse_context
*fc
= fuse_get_context();
2609 char *cgdir
= NULL
, *last
= NULL
, *path1
, *path2
, *controller
;
2610 struct cgfs_files
*k
= NULL
;
2617 if (strcmp(path
, "/cgroup") == 0)
2620 controller
= pick_controller_from_path(fc
, path
);
2623 cgroup
= find_cgroup_in_path(path
);
2625 /* this is just /cgroup/controller */
2628 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
2638 if (is_child_cgroup(controller
, path1
, path2
)) {
2639 // get uid, gid, from '/tasks' file and make up a mode
2640 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
2641 k
= cgfs_get_key(controller
, cgroup
, "tasks");
2644 k
= cgfs_get_key(controller
, path1
, path2
);
2652 * This being a fuse request, the uid and gid must be valid
2653 * in the caller's namespace. So we can just check to make
2654 * sure that the caller is root in his uid, and privileged
2655 * over the file's current owner.
2657 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_REQD
)) {
2662 ret
= cgfs_chown_file(controller
, cgroup
, uid
, gid
);
2671 int cg_chmod(const char *path
, mode_t mode
)
2673 struct fuse_context
*fc
= fuse_get_context();
2674 char * cgdir
= NULL
, *last
= NULL
, *path1
, *path2
, *controller
;
2675 struct cgfs_files
*k
= NULL
;
2682 if (strcmp(path
, "/cgroup") == 0)
2685 controller
= pick_controller_from_path(fc
, path
);
2688 cgroup
= find_cgroup_in_path(path
);
2690 /* this is just /cgroup/controller */
2693 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
2703 if (is_child_cgroup(controller
, path1
, path2
)) {
2704 // get uid, gid, from '/tasks' file and make up a mode
2705 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
2706 k
= cgfs_get_key(controller
, cgroup
, "tasks");
2709 k
= cgfs_get_key(controller
, path1
, path2
);
2717 * This being a fuse request, the uid and gid must be valid
2718 * in the caller's namespace. So we can just check to make
2719 * sure that the caller is root in his uid, and privileged
2720 * over the file's current owner.
2722 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
)) {
2727 if (!cgfs_chmod_file(controller
, cgroup
, mode
)) {
2739 int cg_mkdir(const char *path
, mode_t mode
)
2741 struct fuse_context
*fc
= fuse_get_context();
2742 char *last
= NULL
, *path1
, *cgdir
= NULL
, *controller
, *next
= NULL
;
2750 controller
= pick_controller_from_path(fc
, path
);
2754 cgroup
= find_cgroup_in_path(path
);
2758 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
2764 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
2767 if (!caller_is_in_ancestor(initpid
, controller
, path1
, &next
)) {
2770 else if (last
&& strcmp(next
, last
) == 0)
2777 if (!fc_may_access(fc
, controller
, path1
, NULL
, O_RDWR
)) {
2781 if (!caller_is_in_ancestor(initpid
, controller
, path1
, NULL
)) {
2786 ret
= cgfs_create(controller
, cgroup
, fc
->uid
, fc
->gid
);
2794 int cg_rmdir(const char *path
)
2796 struct fuse_context
*fc
= fuse_get_context();
2797 char *last
= NULL
, *cgdir
= NULL
, *controller
, *next
= NULL
;
2804 controller
= pick_controller_from_path(fc
, path
);
2808 cgroup
= find_cgroup_in_path(path
);
2812 get_cgdir_and_path(cgroup
, &cgdir
, &last
);
2818 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
2821 if (!caller_is_in_ancestor(initpid
, controller
, cgroup
, &next
)) {
2822 if (!last
|| strcmp(next
, last
) == 0)
2829 if (!fc_may_access(fc
, controller
, cgdir
, NULL
, O_WRONLY
)) {
2833 if (!caller_is_in_ancestor(initpid
, controller
, cgroup
, NULL
)) {
2838 if (!cgfs_remove(controller
, cgroup
)) {
2851 static bool startswith(const char *line
, const char *pref
)
2853 if (strncmp(line
, pref
, strlen(pref
)) == 0)
2858 static void get_mem_cached(char *memstat
, unsigned long *v
)
2864 if (startswith(memstat
, "total_cache")) {
2865 sscanf(memstat
+ 11, "%lu", v
);
2869 eol
= strchr(memstat
, '\n');
2876 static void get_blkio_io_value(char *str
, unsigned major
, unsigned minor
, char *iotype
, unsigned long *v
)
2882 snprintf(key
, 32, "%u:%u %s", major
, minor
, iotype
);
2884 size_t len
= strlen(key
);
2888 if (startswith(str
, key
)) {
2889 sscanf(str
+ len
, "%lu", v
);
2892 eol
= strchr(str
, '\n');
2899 static int read_file(const char *path
, char *buf
, size_t size
,
2900 struct file_info
*d
)
2902 size_t linelen
= 0, total_len
= 0, rv
= 0;
2904 char *cache
= d
->buf
;
2905 size_t cache_size
= d
->buflen
;
2906 FILE *f
= fopen(path
, "r");
2910 while (getline(&line
, &linelen
, f
) != -1) {
2911 ssize_t l
= snprintf(cache
, cache_size
, "%s", line
);
2913 perror("Error writing to cache");
2917 if (l
>= cache_size
) {
2918 fprintf(stderr
, "Internal error: truncated write to cache\n");
2927 d
->size
= total_len
;
2928 if (total_len
> size
)
2931 /* read from off 0 */
2932 memcpy(buf
, d
->buf
, total_len
);
2941 * FUSE ops for /proc
2944 static unsigned long get_memlimit(const char *cgroup
)
2946 char *memlimit_str
= NULL
;
2947 unsigned long memlimit
= -1;
2949 if (cgfs_get_value("memory", cgroup
, "memory.limit_in_bytes", &memlimit_str
))
2950 memlimit
= strtoul(memlimit_str
, NULL
, 10);
2957 static unsigned long get_min_memlimit(const char *cgroup
)
2959 char *copy
= strdupa(cgroup
);
2960 unsigned long memlimit
= 0, retlimit
;
2962 retlimit
= get_memlimit(copy
);
2964 while (strcmp(copy
, "/") != 0) {
2965 copy
= dirname(copy
);
2966 memlimit
= get_memlimit(copy
);
2967 if (memlimit
!= -1 && memlimit
< retlimit
)
2968 retlimit
= memlimit
;
2974 static int proc_meminfo_read(char *buf
, size_t size
, off_t offset
,
2975 struct fuse_file_info
*fi
)
2977 struct fuse_context
*fc
= fuse_get_context();
2978 struct file_info
*d
= (struct file_info
*)fi
->fh
;
2980 char *memusage_str
= NULL
, *memstat_str
= NULL
,
2981 *memswlimit_str
= NULL
, *memswusage_str
= NULL
,
2982 *memswlimit_default_str
= NULL
, *memswusage_default_str
= NULL
;
2983 unsigned long memlimit
= 0, memusage
= 0, memswlimit
= 0, memswusage
= 0,
2984 cached
= 0, hosttotal
= 0;
2986 size_t linelen
= 0, total_len
= 0, rv
= 0;
2987 char *cache
= d
->buf
;
2988 size_t cache_size
= d
->buflen
;
2992 if (offset
> d
->size
)
2996 int left
= d
->size
- offset
;
2997 total_len
= left
> size
? size
: left
;
2998 memcpy(buf
, cache
+ offset
, total_len
);
3002 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
3005 cg
= get_pid_cgroup(initpid
, "memory");
3007 return read_file("/proc/meminfo", buf
, size
, d
);
3008 prune_init_slice(cg
);
3010 memlimit
= get_min_memlimit(cg
);
3011 if (!cgfs_get_value("memory", cg
, "memory.usage_in_bytes", &memusage_str
))
3013 if (!cgfs_get_value("memory", cg
, "memory.stat", &memstat_str
))
3016 // Following values are allowed to fail, because swapaccount might be turned
3017 // off for current kernel
3018 if(cgfs_get_value("memory", cg
, "memory.memsw.limit_in_bytes", &memswlimit_str
) &&
3019 cgfs_get_value("memory", cg
, "memory.memsw.usage_in_bytes", &memswusage_str
))
3021 /* If swapaccounting is turned on, then default value is assumed to be that of cgroup / */
3022 if (!cgfs_get_value("memory", "/", "memory.memsw.limit_in_bytes", &memswlimit_default_str
))
3024 if (!cgfs_get_value("memory", "/", "memory.memsw.usage_in_bytes", &memswusage_default_str
))
3027 memswlimit
= strtoul(memswlimit_str
, NULL
, 10);
3028 memswusage
= strtoul(memswusage_str
, NULL
, 10);
3030 if (!strcmp(memswlimit_str
, memswlimit_default_str
))
3032 if (!strcmp(memswusage_str
, memswusage_default_str
))
3035 memswlimit
= memswlimit
/ 1024;
3036 memswusage
= memswusage
/ 1024;
3039 memusage
= strtoul(memusage_str
, NULL
, 10);
3043 get_mem_cached(memstat_str
, &cached
);
3045 f
= fopen("/proc/meminfo", "r");
3049 while (getline(&line
, &linelen
, f
) != -1) {
3051 char *printme
, lbuf
[100];
3053 memset(lbuf
, 0, 100);
3054 if (startswith(line
, "MemTotal:")) {
3055 sscanf(line
+14, "%lu", &hosttotal
);
3056 if (hosttotal
< memlimit
)
3057 memlimit
= hosttotal
;
3058 snprintf(lbuf
, 100, "MemTotal: %8lu kB\n", memlimit
);
3060 } else if (startswith(line
, "MemFree:")) {
3061 snprintf(lbuf
, 100, "MemFree: %8lu kB\n", memlimit
- memusage
);
3063 } else if (startswith(line
, "MemAvailable:")) {
3064 snprintf(lbuf
, 100, "MemAvailable: %8lu kB\n", memlimit
- memusage
);
3066 } else if (startswith(line
, "SwapTotal:") && memswlimit
> 0) {
3067 snprintf(lbuf
, 100, "SwapTotal: %8lu kB\n", memswlimit
- memlimit
);
3069 } else if (startswith(line
, "SwapFree:") && memswlimit
> 0 && memswusage
> 0) {
3070 snprintf(lbuf
, 100, "SwapFree: %8lu kB\n",
3071 (memswlimit
- memlimit
) - (memswusage
- memusage
));
3073 } else if (startswith(line
, "Slab:")) {
3074 snprintf(lbuf
, 100, "Slab: %8lu kB\n", 0UL);
3076 } else if (startswith(line
, "Buffers:")) {
3077 snprintf(lbuf
, 100, "Buffers: %8lu kB\n", 0UL);
3079 } else if (startswith(line
, "Cached:")) {
3080 snprintf(lbuf
, 100, "Cached: %8lu kB\n", cached
);
3082 } else if (startswith(line
, "SwapCached:")) {
3083 snprintf(lbuf
, 100, "SwapCached: %8lu kB\n", 0UL);
3088 l
= snprintf(cache
, cache_size
, "%s", printme
);
3090 perror("Error writing to cache");
3095 if (l
>= cache_size
) {
3096 fprintf(stderr
, "Internal error: truncated write to cache\n");
3107 d
->size
= total_len
;
3108 if (total_len
> size
) total_len
= size
;
3109 memcpy(buf
, d
->buf
, total_len
);
3118 free(memswlimit_str
);
3119 free(memswusage_str
);
3121 free(memswlimit_default_str
);
3122 free(memswusage_default_str
);
3127 * Read the cpuset.cpus for cg
3128 * Return the answer in a newly allocated string which must be freed
3130 static char *get_cpuset(const char *cg
)
3134 if (!cgfs_get_value("cpuset", cg
, "cpuset.cpus", &answer
))
3139 bool cpu_in_cpuset(int cpu
, const char *cpuset
);
3141 static bool cpuline_in_cpuset(const char *line
, const char *cpuset
)
3145 if (sscanf(line
, "processor : %d", &cpu
) != 1)
3147 return cpu_in_cpuset(cpu
, cpuset
);
3151 * check whether this is a '^processor" line in /proc/cpuinfo
3153 static bool is_processor_line(const char *line
)
3157 if (sscanf(line
, "processor : %d", &cpu
) == 1)
3162 static int proc_cpuinfo_read(char *buf
, size_t size
, off_t offset
,
3163 struct fuse_file_info
*fi
)
3165 struct fuse_context
*fc
= fuse_get_context();
3166 struct file_info
*d
= (struct file_info
*)fi
->fh
;
3168 char *cpuset
= NULL
;
3170 size_t linelen
= 0, total_len
= 0, rv
= 0;
3171 bool am_printing
= false, firstline
= true, is_s390x
= false;
3172 int curcpu
= -1, cpu
;
3173 char *cache
= d
->buf
;
3174 size_t cache_size
= d
->buflen
;
3178 if (offset
> d
->size
)
3182 int left
= d
->size
- offset
;
3183 total_len
= left
> size
? size
: left
;
3184 memcpy(buf
, cache
+ offset
, total_len
);
3188 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
3191 cg
= get_pid_cgroup(initpid
, "cpuset");
3193 return read_file("proc/cpuinfo", buf
, size
, d
);
3194 prune_init_slice(cg
);
3196 cpuset
= get_cpuset(cg
);
3200 f
= fopen("/proc/cpuinfo", "r");
3204 while (getline(&line
, &linelen
, f
) != -1) {
3208 if (strstr(line
, "IBM/S390") != NULL
) {
3214 if (strncmp(line
, "# processors:", 12) == 0)
3216 if (is_processor_line(line
)) {
3217 am_printing
= cpuline_in_cpuset(line
, cpuset
);
3220 l
= snprintf(cache
, cache_size
, "processor : %d\n", curcpu
);
3222 perror("Error writing to cache");
3226 if (l
>= cache_size
) {
3227 fprintf(stderr
, "Internal error: truncated write to cache\n");
3236 } else if (is_s390x
&& sscanf(line
, "processor %d:", &cpu
) == 1) {
3238 if (!cpu_in_cpuset(cpu
, cpuset
))
3241 p
= strchr(line
, ':');
3245 l
= snprintf(cache
, cache_size
, "processor %d:%s", curcpu
, p
);
3247 perror("Error writing to cache");
3251 if (l
>= cache_size
) {
3252 fprintf(stderr
, "Internal error: truncated write to cache\n");
3263 l
= snprintf(cache
, cache_size
, "%s", line
);
3265 perror("Error writing to cache");
3269 if (l
>= cache_size
) {
3270 fprintf(stderr
, "Internal error: truncated write to cache\n");
3281 char *origcache
= d
->buf
;
3284 d
->buf
= malloc(d
->buflen
);
3287 cache_size
= d
->buflen
;
3289 l
= snprintf(cache
, cache_size
, "vendor_id : IBM/S390\n");
3290 if (l
< 0 || l
>= cache_size
) {
3297 l
= snprintf(cache
, cache_size
, "# processors : %d\n", curcpu
+ 1);
3298 if (l
< 0 || l
>= cache_size
) {
3305 l
= snprintf(cache
, cache_size
, "%s", origcache
);
3307 if (l
< 0 || l
>= cache_size
)
3313 d
->size
= total_len
;
3314 if (total_len
> size
) total_len
= size
;
3316 /* read from off 0 */
3317 memcpy(buf
, d
->buf
, total_len
);
3328 static int proc_stat_read(char *buf
, size_t size
, off_t offset
,
3329 struct fuse_file_info
*fi
)
3331 struct fuse_context
*fc
= fuse_get_context();
3332 struct file_info
*d
= (struct file_info
*)fi
->fh
;
3334 char *cpuset
= NULL
;
3336 size_t linelen
= 0, total_len
= 0, rv
= 0;
3337 int curcpu
= -1; /* cpu numbering starts at 0 */
3338 unsigned long user
= 0, nice
= 0, system
= 0, idle
= 0, iowait
= 0, irq
= 0, softirq
= 0, steal
= 0, guest
= 0;
3339 unsigned long user_sum
= 0, nice_sum
= 0, system_sum
= 0, idle_sum
= 0, iowait_sum
= 0,
3340 irq_sum
= 0, softirq_sum
= 0, steal_sum
= 0, guest_sum
= 0;
3341 #define CPUALL_MAX_SIZE BUF_RESERVE_SIZE
3342 char cpuall
[CPUALL_MAX_SIZE
];
3343 /* reserve for cpu all */
3344 char *cache
= d
->buf
+ CPUALL_MAX_SIZE
;
3345 size_t cache_size
= d
->buflen
- CPUALL_MAX_SIZE
;
3349 if (offset
> d
->size
)
3353 int left
= d
->size
- offset
;
3354 total_len
= left
> size
? size
: left
;
3355 memcpy(buf
, d
->buf
+ offset
, total_len
);
3359 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
3362 cg
= get_pid_cgroup(initpid
, "cpuset");
3364 return read_file("/proc/stat", buf
, size
, d
);
3365 prune_init_slice(cg
);
3367 cpuset
= get_cpuset(cg
);
3371 f
= fopen("/proc/stat", "r");
3376 if (getline(&line
, &linelen
, f
) < 0) {
3377 fprintf(stderr
, "proc_stat_read read first line failed\n");
3381 while (getline(&line
, &linelen
, f
) != -1) {
3384 char cpu_char
[10]; /* That's a lot of cores */
3387 if (sscanf(line
, "cpu%9[^ ]", cpu_char
) != 1) {
3388 /* not a ^cpuN line containing a number N, just print it */
3389 l
= snprintf(cache
, cache_size
, "%s", line
);
3391 perror("Error writing to cache");
3395 if (l
>= cache_size
) {
3396 fprintf(stderr
, "Internal error: truncated write to cache\n");
3406 if (sscanf(cpu_char
, "%d", &cpu
) != 1)
3408 if (!cpu_in_cpuset(cpu
, cpuset
))
3412 c
= strchr(line
, ' ');
3415 l
= snprintf(cache
, cache_size
, "cpu%d%s", curcpu
, c
);
3417 perror("Error writing to cache");
3422 if (l
>= cache_size
) {
3423 fprintf(stderr
, "Internal error: truncated write to cache\n");
3432 if (sscanf(line
, "%*s %lu %lu %lu %lu %lu %lu %lu %lu %lu", &user
, &nice
, &system
, &idle
, &iowait
, &irq
,
3433 &softirq
, &steal
, &guest
) != 9)
3437 system_sum
+= system
;
3439 iowait_sum
+= iowait
;
3441 softirq_sum
+= softirq
;
3448 int cpuall_len
= snprintf(cpuall
, CPUALL_MAX_SIZE
, "%s %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
3449 "cpu ", user_sum
, nice_sum
, system_sum
, idle_sum
, iowait_sum
, irq_sum
, softirq_sum
, steal_sum
, guest_sum
);
3450 if (cpuall_len
> 0 && cpuall_len
< CPUALL_MAX_SIZE
){
3451 memcpy(cache
, cpuall
, cpuall_len
);
3452 cache
+= cpuall_len
;
3454 /* shouldn't happen */
3455 fprintf(stderr
, "proc_stat_read copy cpuall failed, cpuall_len=%d\n", cpuall_len
);
3459 memmove(cache
, d
->buf
+ CPUALL_MAX_SIZE
, total_len
);
3460 total_len
+= cpuall_len
;
3462 d
->size
= total_len
;
3463 if (total_len
> size
) total_len
= size
;
3465 memcpy(buf
, d
->buf
, total_len
);
3477 static long int getreaperage(pid_t pid
)
3484 qpid
= lookup_initpid_in_store(pid
);
3488 ret
= snprintf(fnam
, 100, "/proc/%d", qpid
);
3489 if (ret
< 0 || ret
>= 100)
3492 if (lstat(fnam
, &sb
) < 0)
3495 return time(NULL
) - sb
.st_ctime
;
3498 static unsigned long get_reaper_busy(pid_t task
)
3500 pid_t initpid
= lookup_initpid_in_store(task
);
3501 char *cgroup
= NULL
, *usage_str
= NULL
;
3502 unsigned long usage
= 0;
3507 cgroup
= get_pid_cgroup(initpid
, "cpuacct");
3510 prune_init_slice(cgroup
);
3511 if (!cgfs_get_value("cpuacct", cgroup
, "cpuacct.usage", &usage_str
))
3513 usage
= strtoul(usage_str
, NULL
, 10);
3514 usage
/= 1000000000;
3525 char *name
, *cwd
= get_current_dir_name();
3531 len
= strlen(cwd
) + strlen("/iwashere") + 1;
3533 snprintf(name
, len
, "%s/iwashere", cwd
);
3535 fd
= creat(name
, 0755);
3542 * We read /proc/uptime and reuse its second field.
3543 * For the first field, we use the mtime for the reaper for
3544 * the calling pid as returned by getreaperage
3546 static int proc_uptime_read(char *buf
, size_t size
, off_t offset
,
3547 struct fuse_file_info
*fi
)
3549 struct fuse_context
*fc
= fuse_get_context();
3550 struct file_info
*d
= (struct file_info
*)fi
->fh
;
3551 long int reaperage
= getreaperage(fc
->pid
);
3552 unsigned long int busytime
= get_reaper_busy(fc
->pid
), idletime
;
3553 char *cache
= d
->buf
;
3554 ssize_t total_len
= 0;
3561 if (offset
> d
->size
)
3565 int left
= d
->size
- offset
;
3566 total_len
= left
> size
? size
: left
;
3567 memcpy(buf
, cache
+ offset
, total_len
);
3571 idletime
= reaperage
- busytime
;
3572 if (idletime
> reaperage
)
3573 idletime
= reaperage
;
3575 total_len
= snprintf(d
->buf
, d
->size
, "%ld.0 %lu.0\n", reaperage
, idletime
);
3577 perror("Error writing to cache");
3581 d
->size
= (int)total_len
;
3584 if (total_len
> size
) total_len
= size
;
3586 memcpy(buf
, d
->buf
, total_len
);
3590 static int proc_diskstats_read(char *buf
, size_t size
, off_t offset
,
3591 struct fuse_file_info
*fi
)
3594 struct fuse_context
*fc
= fuse_get_context();
3595 struct file_info
*d
= (struct file_info
*)fi
->fh
;
3597 char *io_serviced_str
= NULL
, *io_merged_str
= NULL
, *io_service_bytes_str
= NULL
,
3598 *io_wait_time_str
= NULL
, *io_service_time_str
= NULL
;
3599 unsigned long read
= 0, write
= 0;
3600 unsigned long read_merged
= 0, write_merged
= 0;
3601 unsigned long read_sectors
= 0, write_sectors
= 0;
3602 unsigned long read_ticks
= 0, write_ticks
= 0;
3603 unsigned long ios_pgr
= 0, tot_ticks
= 0, rq_ticks
= 0;
3604 unsigned long rd_svctm
= 0, wr_svctm
= 0, rd_wait
= 0, wr_wait
= 0;
3605 char *cache
= d
->buf
;
3606 size_t cache_size
= d
->buflen
;
3608 size_t linelen
= 0, total_len
= 0, rv
= 0;
3609 unsigned int major
= 0, minor
= 0;
3614 if (offset
> d
->size
)
3618 int left
= d
->size
- offset
;
3619 total_len
= left
> size
? size
: left
;
3620 memcpy(buf
, cache
+ offset
, total_len
);
3624 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
3627 cg
= get_pid_cgroup(initpid
, "blkio");
3629 return read_file("/proc/diskstats", buf
, size
, d
);
3630 prune_init_slice(cg
);
3632 if (!cgfs_get_value("blkio", cg
, "blkio.io_serviced_recursive", &io_serviced_str
))
3634 if (!cgfs_get_value("blkio", cg
, "blkio.io_merged_recursive", &io_merged_str
))
3636 if (!cgfs_get_value("blkio", cg
, "blkio.io_service_bytes_recursive", &io_service_bytes_str
))
3638 if (!cgfs_get_value("blkio", cg
, "blkio.io_wait_time_recursive", &io_wait_time_str
))
3640 if (!cgfs_get_value("blkio", cg
, "blkio.io_service_time_recursive", &io_service_time_str
))
3644 f
= fopen("/proc/diskstats", "r");
3648 while (getline(&line
, &linelen
, f
) != -1) {
3652 i
= sscanf(line
, "%u %u %71s", &major
, &minor
, dev_name
);
3656 get_blkio_io_value(io_serviced_str
, major
, minor
, "Read", &read
);
3657 get_blkio_io_value(io_serviced_str
, major
, minor
, "Write", &write
);
3658 get_blkio_io_value(io_merged_str
, major
, minor
, "Read", &read_merged
);
3659 get_blkio_io_value(io_merged_str
, major
, minor
, "Write", &write_merged
);
3660 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Read", &read_sectors
);
3661 read_sectors
= read_sectors
/512;
3662 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Write", &write_sectors
);
3663 write_sectors
= write_sectors
/512;
3665 get_blkio_io_value(io_service_time_str
, major
, minor
, "Read", &rd_svctm
);
3666 rd_svctm
= rd_svctm
/1000000;
3667 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Read", &rd_wait
);
3668 rd_wait
= rd_wait
/1000000;
3669 read_ticks
= rd_svctm
+ rd_wait
;
3671 get_blkio_io_value(io_service_time_str
, major
, minor
, "Write", &wr_svctm
);
3672 wr_svctm
= wr_svctm
/1000000;
3673 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Write", &wr_wait
);
3674 wr_wait
= wr_wait
/1000000;
3675 write_ticks
= wr_svctm
+ wr_wait
;
3677 get_blkio_io_value(io_service_time_str
, major
, minor
, "Total", &tot_ticks
);
3678 tot_ticks
= tot_ticks
/1000000;
3680 memset(lbuf
, 0, 256);
3681 if (read
|| write
|| read_merged
|| write_merged
|| read_sectors
|| write_sectors
|| read_ticks
|| write_ticks
)
3682 snprintf(lbuf
, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
3683 major
, minor
, dev_name
, read
, read_merged
, read_sectors
, read_ticks
,
3684 write
, write_merged
, write_sectors
, write_ticks
, ios_pgr
, tot_ticks
, rq_ticks
);
3688 l
= snprintf(cache
, cache_size
, "%s", lbuf
);
3690 perror("Error writing to fuse buf");
3694 if (l
>= cache_size
) {
3695 fprintf(stderr
, "Internal error: truncated write to cache\n");
3705 d
->size
= total_len
;
3706 if (total_len
> size
) total_len
= size
;
3707 memcpy(buf
, d
->buf
, total_len
);
3715 free(io_serviced_str
);
3716 free(io_merged_str
);
3717 free(io_service_bytes_str
);
3718 free(io_wait_time_str
);
3719 free(io_service_time_str
);
3723 static int proc_swaps_read(char *buf
, size_t size
, off_t offset
,
3724 struct fuse_file_info
*fi
)
3726 struct fuse_context
*fc
= fuse_get_context();
3727 struct file_info
*d
= (struct file_info
*)fi
->fh
;
3729 char *memswlimit_str
= NULL
, *memlimit_str
= NULL
, *memusage_str
= NULL
, *memswusage_str
= NULL
,
3730 *memswlimit_default_str
= NULL
, *memswusage_default_str
= NULL
;
3731 unsigned long memswlimit
= 0, memlimit
= 0, memusage
= 0, memswusage
= 0, swap_total
= 0, swap_free
= 0;
3732 ssize_t total_len
= 0, rv
= 0;
3734 char *cache
= d
->buf
;
3737 if (offset
> d
->size
)
3741 int left
= d
->size
- offset
;
3742 total_len
= left
> size
? size
: left
;
3743 memcpy(buf
, cache
+ offset
, total_len
);
3747 pid_t initpid
= lookup_initpid_in_store(fc
->pid
);
3750 cg
= get_pid_cgroup(initpid
, "memory");
3752 return read_file("/proc/swaps", buf
, size
, d
);
3753 prune_init_slice(cg
);
3755 if (!cgfs_get_value("memory", cg
, "memory.limit_in_bytes", &memlimit_str
))
3758 if (!cgfs_get_value("memory", cg
, "memory.usage_in_bytes", &memusage_str
))
3761 memlimit
= strtoul(memlimit_str
, NULL
, 10);
3762 memusage
= strtoul(memusage_str
, NULL
, 10);
3764 if (cgfs_get_value("memory", cg
, "memory.memsw.usage_in_bytes", &memswusage_str
) &&
3765 cgfs_get_value("memory", cg
, "memory.memsw.limit_in_bytes", &memswlimit_str
)) {
3767 /* If swap accounting is turned on, then default value is assumed to be that of cgroup / */
3768 if (!cgfs_get_value("memory", "/", "memory.memsw.limit_in_bytes", &memswlimit_default_str
))
3770 if (!cgfs_get_value("memory", "/", "memory.memsw.usage_in_bytes", &memswusage_default_str
))
3773 memswlimit
= strtoul(memswlimit_str
, NULL
, 10);
3774 memswusage
= strtoul(memswusage_str
, NULL
, 10);
3776 if (!strcmp(memswlimit_str
, memswlimit_default_str
))
3778 if (!strcmp(memswusage_str
, memswusage_default_str
))
3781 swap_total
= (memswlimit
- memlimit
) / 1024;
3782 swap_free
= (memswusage
- memusage
) / 1024;
3785 total_len
= snprintf(d
->buf
, d
->size
, "Filename\t\t\t\tType\t\tSize\tUsed\tPriority\n");
3787 /* When no mem + swap limit is specified or swapaccount=0*/
3791 FILE *f
= fopen("/proc/meminfo", "r");
3796 while (getline(&line
, &linelen
, f
) != -1) {
3797 if (startswith(line
, "SwapTotal:")) {
3798 sscanf(line
, "SwapTotal: %8lu kB", &swap_total
);
3799 } else if (startswith(line
, "SwapFree:")) {
3800 sscanf(line
, "SwapFree: %8lu kB", &swap_free
);
3808 if (swap_total
> 0) {
3809 l
= snprintf(d
->buf
+ total_len
, d
->size
- total_len
,
3810 "none%*svirtual\t\t%lu\t%lu\t0\n", 36, " ",
3811 swap_total
, swap_free
);
3815 if (total_len
< 0 || l
< 0) {
3816 perror("Error writing to cache");
3822 d
->size
= (int)total_len
;
3824 if (total_len
> size
) total_len
= size
;
3825 memcpy(buf
, d
->buf
, total_len
);
3830 free(memswlimit_str
);
3833 free(memswusage_str
);
3834 free(memswusage_default_str
);
3835 free(memswlimit_default_str
);
3839 static off_t
get_procfile_size(const char *which
)
3841 FILE *f
= fopen(which
, "r");
3844 ssize_t sz
, answer
= 0;
3848 while ((sz
= getline(&line
, &len
, f
)) != -1)
3856 int proc_getattr(const char *path
, struct stat
*sb
)
3858 struct timespec now
;
3860 memset(sb
, 0, sizeof(struct stat
));
3861 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
3863 sb
->st_uid
= sb
->st_gid
= 0;
3864 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
3865 if (strcmp(path
, "/proc") == 0) {
3866 sb
->st_mode
= S_IFDIR
| 00555;
3870 if (strcmp(path
, "/proc/meminfo") == 0 ||
3871 strcmp(path
, "/proc/cpuinfo") == 0 ||
3872 strcmp(path
, "/proc/uptime") == 0 ||
3873 strcmp(path
, "/proc/stat") == 0 ||
3874 strcmp(path
, "/proc/diskstats") == 0 ||
3875 strcmp(path
, "/proc/swaps") == 0) {
3877 sb
->st_mode
= S_IFREG
| 00444;
3885 int proc_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
3886 struct fuse_file_info
*fi
)
3888 if (filler(buf
, "cpuinfo", NULL
, 0) != 0 ||
3889 filler(buf
, "meminfo", NULL
, 0) != 0 ||
3890 filler(buf
, "stat", NULL
, 0) != 0 ||
3891 filler(buf
, "uptime", NULL
, 0) != 0 ||
3892 filler(buf
, "diskstats", NULL
, 0) != 0 ||
3893 filler(buf
, "swaps", NULL
, 0) != 0)
3898 int proc_open(const char *path
, struct fuse_file_info
*fi
)
3901 struct file_info
*info
;
3903 if (strcmp(path
, "/proc/meminfo") == 0)
3904 type
= LXC_TYPE_PROC_MEMINFO
;
3905 else if (strcmp(path
, "/proc/cpuinfo") == 0)
3906 type
= LXC_TYPE_PROC_CPUINFO
;
3907 else if (strcmp(path
, "/proc/uptime") == 0)
3908 type
= LXC_TYPE_PROC_UPTIME
;
3909 else if (strcmp(path
, "/proc/stat") == 0)
3910 type
= LXC_TYPE_PROC_STAT
;
3911 else if (strcmp(path
, "/proc/diskstats") == 0)
3912 type
= LXC_TYPE_PROC_DISKSTATS
;
3913 else if (strcmp(path
, "/proc/swaps") == 0)
3914 type
= LXC_TYPE_PROC_SWAPS
;
3918 info
= malloc(sizeof(*info
));
3922 memset(info
, 0, sizeof(*info
));
3925 info
->buflen
= get_procfile_size(path
) + BUF_RESERVE_SIZE
;
3927 info
->buf
= malloc(info
->buflen
);
3928 } while (!info
->buf
);
3929 memset(info
->buf
, 0, info
->buflen
);
3930 /* set actual size to buffer size */
3931 info
->size
= info
->buflen
;
3933 fi
->fh
= (unsigned long)info
;
3937 int proc_access(const char *path
, int mask
)
3939 /* these are all read-only */
3940 if ((mask
& ~R_OK
) != 0)
3945 int proc_release(const char *path
, struct fuse_file_info
*fi
)
3947 do_release_file_info(fi
);
3951 int proc_read(const char *path
, char *buf
, size_t size
, off_t offset
,
3952 struct fuse_file_info
*fi
)
3954 struct file_info
*f
= (struct file_info
*) fi
->fh
;
3957 case LXC_TYPE_PROC_MEMINFO
:
3958 return proc_meminfo_read(buf
, size
, offset
, fi
);
3959 case LXC_TYPE_PROC_CPUINFO
:
3960 return proc_cpuinfo_read(buf
, size
, offset
, fi
);
3961 case LXC_TYPE_PROC_UPTIME
:
3962 return proc_uptime_read(buf
, size
, offset
, fi
);
3963 case LXC_TYPE_PROC_STAT
:
3964 return proc_stat_read(buf
, size
, offset
, fi
);
3965 case LXC_TYPE_PROC_DISKSTATS
:
3966 return proc_diskstats_read(buf
, size
, offset
, fi
);
3967 case LXC_TYPE_PROC_SWAPS
:
3968 return proc_swaps_read(buf
, size
, offset
, fi
);
3974 static void __attribute__((constructor
)) collect_subsystems(void)
3980 if ((f
= fopen("/proc/self/cgroup", "r")) == NULL
) {
3981 fprintf(stderr
, "Error opening /proc/self/cgroup: %s\n", strerror(errno
));
3984 while (getline(&line
, &len
, f
) != -1) {
3987 p
= strchr(line
, ':');
3992 p2
= strrchr(p
, ':');
3997 /* With cgroupv2 /proc/self/cgroup can contain entries of the
3998 * form: 0::/ This will cause lxcfs to fail the cgroup mounts
3999 * because it parses out the empty string "" and later on passes
4000 * it to mount(). Let's skip such entries.
4005 if (!store_hierarchy(line
, p
))
4016 static void __attribute__((destructor
)) free_subsystems(void)
4020 for (i
= 0; i
< num_hierarchies
; i
++)
4022 free(hierarchies
[i
]);