3 * Copyright © 2014 Canonical, Inc
4 * Author: Serge Hallyn <serge.hallyn@ubuntu.com>
6 * See COPYING file for details.
10 * NOTES - make sure to run this as -s to avoid threading.
11 * TODO - can we enforce that here from the code?
13 #define FUSE_USE_VERSION 26
27 #include <linux/sched.h>
28 #include <sys/socket.h>
29 #include <sys/mount.h>
32 #include <nih/alloc.h>
33 #include <nih/string.h>
35 #include "cgmanager.h"
39 * a null-terminated, nih-allocated list of the mounted subsystems. We
40 * detect this at startup.
44 #define LXCFS_DATA ((struct lxcfs_state *) fuse_get_context()->private_data)
49 LXC_TYPE_PROC_MEMINFO
,
50 LXC_TYPE_PROC_CPUINFO
,
53 LXC_TYPE_PROC_DISKSTATS
,
61 char *buf
; // unused as of yet
63 int size
; //actual data size
66 /* reserve buffer size, for cpuall in /proc/stat */
67 #define BUF_RESERVE_SIZE 256
69 static char *must_copy_string(void *parent
, const char *str
)
73 return NIH_MUST( nih_strdup(parent
, str
) );
77 * TODO - return value should denote whether child exited with failure
78 * so callers can return errors. Esp read/write of tasks and cgroup.procs
80 static int wait_for_pid(pid_t pid
)
85 ret
= waitpid(pid
, &status
, 0);
93 if (!WIFEXITED(status
) || WEXITSTATUS(status
) != 0)
99 * Given a open file * to /proc/pid/{u,g}id_map, and an id
100 * valid in the caller's namespace, return the id mapped into
102 * Returns the mapped id, or -1 on error.
105 convert_id_to_ns(FILE *idfile
, unsigned int in_id
)
107 unsigned int nsuid
, // base id for a range in the idfile's namespace
108 hostuid
, // base id for a range in the caller's namespace
109 count
; // number of ids in this range
113 fseek(idfile
, 0L, SEEK_SET
);
114 while (fgets(line
, 400, idfile
)) {
115 ret
= sscanf(line
, "%u %u %u\n", &nsuid
, &hostuid
, &count
);
118 if (hostuid
+ count
< hostuid
|| nsuid
+ count
< nsuid
) {
120 * uids wrapped around - unexpected as this is a procfile,
123 fprintf(stderr
, "pid wrapparound at entry %u %u %u in %s\n",
124 nsuid
, hostuid
, count
, line
);
127 if (hostuid
<= in_id
&& hostuid
+count
> in_id
) {
129 * now since hostuid <= in_id < hostuid+count, and
130 * hostuid+count and nsuid+count do not wrap around,
131 * we know that nsuid+(in_id-hostuid) which must be
132 * less that nsuid+(count) must not wrap around
134 return (in_id
- hostuid
) + nsuid
;
143 * for is_privileged_over,
144 * specify whether we require the calling uid to be root in his
147 #define NS_ROOT_REQD true
148 #define NS_ROOT_OPT false
150 static bool is_privileged_over(pid_t pid
, uid_t uid
, uid_t victim
, bool req_ns_root
)
152 nih_local
char *fpath
= NULL
;
156 if (victim
== -1 || uid
== -1)
160 * If the request is one not requiring root in the namespace,
161 * then having the same uid suffices. (i.e. uid 1000 has write
162 * access to files owned by uid 1000
164 if (!req_ns_root
&& uid
== victim
)
167 fpath
= NIH_MUST( nih_sprintf(NULL
, "/proc/%d/uid_map", pid
) );
168 FILE *f
= fopen(fpath
, "r");
172 /* if caller's not root in his namespace, reject */
173 nsuid
= convert_id_to_ns(f
, uid
);
178 * If victim is not mapped into caller's ns, reject.
179 * XXX I'm not sure this check is needed given that fuse
180 * will be sending requests where the vfs has converted
182 nsuid
= convert_id_to_ns(f
, victim
);
193 static bool perms_include(int fmode
, mode_t req_mode
)
197 switch (req_mode
& O_ACCMODE
) {
205 r
= S_IROTH
| S_IWOTH
;
210 return ((fmode
& r
) == r
);
213 static char *get_next_cgroup_dir(const char *taskcg
, const char *querycg
)
217 if (strlen(taskcg
) <= strlen(querycg
)) {
218 fprintf(stderr
, "%s: I was fed bad input\n", __func__
);
222 if (strcmp(querycg
, "/") == 0)
223 start
= NIH_MUST( nih_strdup(NULL
, taskcg
+ 1) );
225 start
= NIH_MUST( nih_strdup(NULL
, taskcg
+ strlen(querycg
) + 1) );
226 end
= strchr(start
, '/');
233 * check whether a fuse context may access a cgroup dir or file
235 * If file is not null, it is a cgroup file to check under cg.
236 * If file is null, then we are checking perms on cg itself.
238 * For files we can check the mode of the list_keys result.
239 * For cgroups, we must make assumptions based on the files under the
240 * cgroup, because cgmanager doesn't tell us ownership/perms of cgroups
243 static bool fc_may_access(struct fuse_context
*fc
, const char *contrl
, const char *cg
, const char *file
, mode_t mode
)
245 nih_local
struct cgm_keys
**list
= NULL
;
254 if (!cgm_list_keys(contrl
, cg
, &list
))
256 for (i
= 0; list
[i
]; i
++) {
257 if (strcmp(list
[i
]->name
, file
) == 0) {
258 struct cgm_keys
*k
= list
[i
];
259 if (is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
)) {
260 if (perms_include(k
->mode
>> 6, mode
))
263 if (fc
->gid
== k
->gid
) {
264 if (perms_include(k
->mode
>> 3, mode
))
267 return perms_include(k
->mode
, mode
);
274 static void stripnewline(char *x
)
276 size_t l
= strlen(x
);
277 if (l
&& x
[l
-1] == '\n')
282 * If caller is in /a/b/c/d, he may only act on things under cg=/a/b/c/d.
283 * If caller is in /a, he may act on /a/b, but not on /b.
284 * if the answer is false and nextcg is not NULL, then *nextcg will point
285 * to a nih_alloc'd string containing the next cgroup directory under cg
287 static bool caller_is_in_ancestor(pid_t pid
, const char *contrl
, const char *cg
, char **nextcg
)
289 nih_local
char *fnam
= NULL
;
295 fnam
= NIH_MUST( nih_sprintf(NULL
, "/proc/%d/cgroup", pid
) );
296 if (!(f
= fopen(fnam
, "r")))
299 while (getline(&line
, &len
, f
) != -1) {
300 char *c1
, *c2
, *linecmp
;
303 c1
= strchr(line
, ':');
307 c2
= strchr(c1
, ':');
311 if (strcmp(c1
, contrl
) != 0)
316 * callers pass in '/' for root cgroup, otherwise they pass
317 * in a cgroup without leading '/'
319 linecmp
= *cg
== '/' ? c2
: c2
+1;
320 if (strncmp(linecmp
, cg
, strlen(linecmp
)) != 0) {
322 *nextcg
= get_next_cgroup_dir(linecmp
, cg
);
336 * given /cgroup/freezer/a/b, return "freezer". this will be nih-allocated
337 * and needs to be nih_freed.
339 static char *pick_controller_from_path(struct fuse_context
*fc
, const char *path
)
344 if (strlen(path
) < 9)
347 ret
= nih_strdup(NULL
, p1
);
350 slash
= strstr(ret
, "/");
354 /* verify that it is a subsystem */
355 char **list
= LXCFS_DATA
? LXCFS_DATA
->subsystems
: NULL
;
361 for (i
= 0; list
[i
]; i
++) {
362 if (strcmp(list
[i
], ret
) == 0)
370 * Find the start of cgroup in /cgroup/controller/the/cgroup/path
371 * Note that the returned value may include files (keynames) etc
373 static const char *find_cgroup_in_path(const char *path
)
377 if (strlen(path
) < 9)
379 p1
= strstr(path
+8, "/");
385 static bool is_child_cgroup(const char *contr
, const char *dir
, const char *f
)
387 nih_local
char **list
= NULL
;
395 if (!cgm_list_children(contr
, dir
, &list
))
397 for (i
= 0; list
[i
]; i
++) {
398 if (strcmp(list
[i
], f
) == 0)
405 static struct cgm_keys
*get_cgroup_key(const char *contr
, const char *dir
, const char *f
)
407 nih_local
struct cgm_keys
**list
= NULL
;
415 if (!cgm_list_keys(contr
, dir
, &list
))
417 for (i
= 0; list
[i
]; i
++) {
418 if (strcmp(list
[i
]->name
, f
) == 0) {
419 k
= NIH_MUST( nih_alloc(NULL
, (sizeof(*k
))) );
420 k
->name
= NIH_MUST( nih_strdup(k
, list
[i
]->name
) );
421 k
->uid
= list
[i
]->uid
;
422 k
->gid
= list
[i
]->gid
;
423 k
->mode
= list
[i
]->mode
;
431 static void get_cgdir_and_path(const char *cg
, char **dir
, char **file
)
435 *dir
= NIH_MUST( nih_strdup(NULL
, cg
) );
436 *file
= strrchr(cg
, '/');
441 p
= strrchr(*dir
, '/');
445 static size_t get_file_size(const char *contrl
, const char *cg
, const char *f
)
447 nih_local
char *data
= NULL
;
449 if (!cgm_get_value(contrl
, cg
, f
, &data
))
456 * FUSE ops for /cgroup
459 static int cg_getattr(const char *path
, struct stat
*sb
)
462 struct fuse_context
*fc
= fuse_get_context();
463 nih_local
char * cgdir
= NULL
;
464 char *fpath
= NULL
, *path1
, *path2
;
465 nih_local
struct cgm_keys
*k
= NULL
;
467 nih_local
char *controller
= NULL
;
473 memset(sb
, 0, sizeof(struct stat
));
475 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
478 sb
->st_uid
= sb
->st_gid
= 0;
479 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
482 if (strcmp(path
, "/cgroup") == 0) {
483 sb
->st_mode
= S_IFDIR
| 00755;
488 controller
= pick_controller_from_path(fc
, path
);
491 cgroup
= find_cgroup_in_path(path
);
493 /* this is just /cgroup/controller, return it as a dir */
494 sb
->st_mode
= S_IFDIR
| 00755;
499 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
509 /* check that cgcopy is either a child cgroup of cgdir, or listed in its keys.
510 * Then check that caller's cgroup is under path if fpath is a child
511 * cgroup, or cgdir if fpath is a file */
513 if (is_child_cgroup(controller
, path1
, path2
)) {
514 if (!caller_is_in_ancestor(fc
->pid
, controller
, cgroup
, NULL
)) {
515 /* this is just /cgroup/controller, return it as a dir */
516 sb
->st_mode
= S_IFDIR
| 00555;
520 if (!fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
))
523 // get uid, gid, from '/tasks' file and make up a mode
524 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
525 sb
->st_mode
= S_IFDIR
| 00755;
526 k
= get_cgroup_key(controller
, cgroup
, "tasks");
528 sb
->st_uid
= sb
->st_gid
= 0;
537 if ((k
= get_cgroup_key(controller
, path1
, path2
)) != NULL
) {
538 if (!caller_is_in_ancestor(fc
->pid
, controller
, path1
, NULL
))
540 if (!fc_may_access(fc
, controller
, path1
, path2
, O_RDONLY
))
543 sb
->st_mode
= S_IFREG
| k
->mode
;
547 sb
->st_size
= get_file_size(controller
, path1
, path2
);
555 * TODO - cache these results in a table for use in opendir, free
558 static int cg_opendir(const char *path
, struct fuse_file_info
*fi
)
560 struct fuse_context
*fc
= fuse_get_context();
561 nih_local
struct cgm_keys
**list
= NULL
;
563 struct file_info
*dir_info
;
564 nih_local
char *controller
= NULL
;
569 if (strcmp(path
, "/cgroup") == 0) {
573 // return list of keys for the controller, and list of child cgroups
574 controller
= pick_controller_from_path(fc
, path
);
578 cgroup
= find_cgroup_in_path(path
);
580 /* this is just /cgroup/controller, return its contents */
585 if (cgroup
&& !fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
))
588 /* we'll free this at cg_releasedir */
589 dir_info
= NIH_MUST( nih_alloc(NULL
, sizeof(*dir_info
)) );
590 dir_info
->controller
= must_copy_string(dir_info
, controller
);
591 dir_info
->cgroup
= must_copy_string(dir_info
, cgroup
);
592 dir_info
->type
= LXC_TYPE_CGDIR
;
593 dir_info
->buf
= NULL
;
594 dir_info
->file
= NULL
;
595 dir_info
->buflen
= 0;
597 fi
->fh
= (unsigned long)dir_info
;
601 static int cg_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
602 struct fuse_file_info
*fi
)
604 struct file_info
*d
= (struct file_info
*)fi
->fh
;
605 nih_local
struct cgm_keys
**list
= NULL
;
607 nih_local
char *nextcg
= NULL
;
608 struct fuse_context
*fc
= fuse_get_context();
610 if (d
->type
!= LXC_TYPE_CGDIR
) {
611 fprintf(stderr
, "Internal error: file cache info used in readdir\n");
614 if (!d
->cgroup
&& !d
->controller
) {
615 // ls /var/lib/lxcfs/cgroup - just show list of controllers
616 char **list
= LXCFS_DATA
? LXCFS_DATA
->subsystems
: NULL
;
622 for (i
= 0; list
[i
]; i
++) {
623 if (filler(buf
, list
[i
], NULL
, 0) != 0) {
630 if (!cgm_list_keys(d
->controller
, d
->cgroup
, &list
))
631 // not a valid cgroup
634 if (!caller_is_in_ancestor(fc
->pid
, d
->controller
, d
->cgroup
, &nextcg
)) {
637 ret
= filler(buf
, nextcg
, NULL
, 0);
644 for (i
= 0; list
[i
]; i
++) {
645 if (filler(buf
, list
[i
]->name
, NULL
, 0) != 0) {
650 // now get the list of child cgroups
651 nih_local
char **clist
= NULL
;
653 if (!cgm_list_children(d
->controller
, d
->cgroup
, &clist
))
655 for (i
= 0; clist
[i
]; i
++) {
656 if (filler(buf
, clist
[i
], NULL
, 0) != 0) {
663 static void do_release_file_info(struct file_info
*f
)
666 * all file_info fields which are nih_alloc()d with f as parent
667 * will be automatically freed
676 static int cg_releasedir(const char *path
, struct fuse_file_info
*fi
)
678 struct file_info
*d
= (struct file_info
*)fi
->fh
;
680 do_release_file_info(d
);
684 static int cg_open(const char *path
, struct fuse_file_info
*fi
)
686 nih_local
char *controller
= NULL
;
688 char *fpath
= NULL
, *path1
, *path2
;
689 nih_local
char * cgdir
= NULL
;
690 nih_local
struct cgm_keys
*k
= NULL
;
691 struct file_info
*file_info
;
692 struct fuse_context
*fc
= fuse_get_context();
697 controller
= pick_controller_from_path(fc
, path
);
700 cgroup
= find_cgroup_in_path(path
);
704 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
713 k
= get_cgroup_key(controller
, path1
, path2
);
717 if (!fc_may_access(fc
, controller
, path1
, path2
, fi
->flags
))
718 // should never get here
721 /* we'll free this at cg_release */
722 file_info
= NIH_MUST( nih_alloc(NULL
, sizeof(*file_info
)) );
723 file_info
->controller
= must_copy_string(file_info
, controller
);
724 file_info
->cgroup
= must_copy_string(file_info
, path1
);
725 file_info
->file
= must_copy_string(file_info
, path2
);
726 file_info
->type
= LXC_TYPE_CGFILE
;
727 file_info
->buf
= NULL
;
728 file_info
->buflen
= 0;
730 fi
->fh
= (unsigned long)file_info
;
734 static int cg_release(const char *path
, struct fuse_file_info
*fi
)
736 struct file_info
*f
= (struct file_info
*)fi
->fh
;
738 do_release_file_info(f
);
742 static int msgrecv(int sockfd
, void *buf
, size_t len
)
748 FD_SET(sockfd
, &rfds
);
752 if (select(sockfd
+1, &rfds
, NULL
, NULL
, &tv
) <= 0)
754 return recv(sockfd
, buf
, len
, MSG_DONTWAIT
);
757 #define SEND_CREDS_OK 0
758 #define SEND_CREDS_NOTSK 1
759 #define SEND_CREDS_FAIL 2
760 static int send_creds(int sock
, struct ucred
*cred
, char v
, bool pingfirst
)
762 struct msghdr msg
= { 0 };
764 struct cmsghdr
*cmsg
;
765 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
770 if (msgrecv(sock
, buf
, 1) != 1) {
771 fprintf(stderr
, "%s: Error getting reply from server over socketpair\n",
773 return SEND_CREDS_FAIL
;
777 msg
.msg_control
= cmsgbuf
;
778 msg
.msg_controllen
= sizeof(cmsgbuf
);
780 cmsg
= CMSG_FIRSTHDR(&msg
);
781 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct ucred
));
782 cmsg
->cmsg_level
= SOL_SOCKET
;
783 cmsg
->cmsg_type
= SCM_CREDENTIALS
;
784 memcpy(CMSG_DATA(cmsg
), cred
, sizeof(*cred
));
791 iov
.iov_len
= sizeof(buf
);
795 if (sendmsg(sock
, &msg
, 0) < 0) {
796 fprintf(stderr
, "%s: failed at sendmsg: %s\n", __func__
,
799 return SEND_CREDS_NOTSK
;
800 return SEND_CREDS_FAIL
;
803 return SEND_CREDS_OK
;
806 static bool recv_creds(int sock
, struct ucred
*cred
, char *v
)
808 struct msghdr msg
= { 0 };
810 struct cmsghdr
*cmsg
;
811 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
824 if (setsockopt(sock
, SOL_SOCKET
, SO_PASSCRED
, &optval
, sizeof(optval
)) == -1) {
825 fprintf(stderr
, "Failed to set passcred: %s\n", strerror(errno
));
829 if (write(sock
, buf
, 1) != 1) {
830 fprintf(stderr
, "Failed to start write on scm fd: %s\n", strerror(errno
));
836 msg
.msg_control
= cmsgbuf
;
837 msg
.msg_controllen
= sizeof(cmsgbuf
);
840 iov
.iov_len
= sizeof(buf
);
848 if (select(sock
+1, &rfds
, NULL
, NULL
, &tv
) <= 0) {
849 fprintf(stderr
, "Failed to select for scm_cred: %s\n",
853 ret
= recvmsg(sock
, &msg
, MSG_DONTWAIT
);
855 fprintf(stderr
, "Failed to receive scm_cred: %s\n",
860 cmsg
= CMSG_FIRSTHDR(&msg
);
862 if (cmsg
&& cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
)) &&
863 cmsg
->cmsg_level
== SOL_SOCKET
&&
864 cmsg
->cmsg_type
== SCM_CREDENTIALS
) {
865 memcpy(cred
, CMSG_DATA(cmsg
), sizeof(*cred
));
874 * pid_to_ns - reads pids from a ucred over a socket, then writes the
875 * int value back over the socket. This shifts the pid from the
876 * sender's pidns into tpid's pidns.
878 static void pid_to_ns(int sock
, pid_t tpid
)
883 while (recv_creds(sock
, &cred
, &v
)) {
886 if (write(sock
, &cred
.pid
, sizeof(pid_t
)) != sizeof(pid_t
))
893 * pid_to_ns_wrapper: when you setns into a pidns, you yourself remain
894 * in your old pidns. Only children which you fork will be in the target
895 * pidns. So the pid_to_ns_wrapper does the setns, then forks a child to
896 * actually convert pids
898 static void pid_to_ns_wrapper(int sock
, pid_t tpid
)
900 int newnsfd
= -1, ret
, cpipe
[2];
907 sprintf(fnam
, "/proc/%d/ns/pid", tpid
);
908 newnsfd
= open(fnam
, O_RDONLY
);
911 if (setns(newnsfd
, 0) < 0)
926 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
927 fprintf(stderr
, "%s (child): erorr on write: %s\n",
928 __func__
, strerror(errno
));
931 pid_to_ns(sock
, tpid
);
933 // give the child 1 second to be done forking and
936 FD_SET(cpipe
[0], &s
);
939 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
942 ret
= read(cpipe
[0], &v
, 1);
943 if (ret
!= sizeof(char) || v
!= '1') {
947 if (!wait_for_pid(cpid
))
958 * To read cgroup files with a particular pid, we will setns into the child
959 * pidns, open a pipe, fork a child - which will be the first to really be in
960 * the child ns - which does the cgm_get_value and writes the data to the pipe.
962 static bool do_read_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, char **d
)
964 int sock
[2] = {-1, -1};
965 nih_local
char *tmpdata
= NULL
;
967 pid_t qpid
, cpid
= -1;
974 if (!cgm_get_value(contrl
, cg
, file
, &tmpdata
))
978 * Now we read the pids from returned data one by one, pass
979 * them into a child in the target namespace, read back the
980 * translated pids, and put them into our to-return data
983 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
984 perror("socketpair");
993 pid_to_ns_wrapper(sock
[1], tpid
);
998 while (sscanf(ptr
, "%d\n", &qpid
) == 1) {
1000 ret
= send_creds(sock
[0], &cred
, v
, true);
1002 if (ret
== SEND_CREDS_NOTSK
)
1004 if (ret
== SEND_CREDS_FAIL
)
1007 // read converted results
1009 FD_SET(sock
[0], &s
);
1012 ret
= select(sock
[0]+1, &s
, NULL
, NULL
, &tv
);
1014 fprintf(stderr
, "%s: select error waiting for pid from child: %s\n",
1015 __func__
, strerror(errno
));
1018 if (read(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
1019 fprintf(stderr
, "%s: error reading pid from child: %s\n",
1020 __func__
, strerror(errno
));
1023 NIH_MUST( nih_strcat_sprintf(d
, NULL
, "%d\n", qpid
) );
1025 ptr
= strchr(ptr
, '\n');
1031 cred
.pid
= getpid();
1033 if (send_creds(sock
[0], &cred
, v
, true) != SEND_CREDS_OK
) {
1034 // failed to ask child to exit
1035 fprintf(stderr
, "%s: failed to ask child to exit: %s\n",
1036 __func__
, strerror(errno
));
1045 if (sock
[0] != -1) {
1052 static int cg_read(const char *path
, char *buf
, size_t size
, off_t offset
,
1053 struct fuse_file_info
*fi
)
1055 struct fuse_context
*fc
= fuse_get_context();
1056 struct file_info
*f
= (struct file_info
*)fi
->fh
;
1057 nih_local
struct cgm_keys
*k
= NULL
;
1059 if (f
->type
!= LXC_TYPE_CGFILE
) {
1060 fprintf(stderr
, "Internal error: directory cache info used in cg_read\n");
1073 if ((k
= get_cgroup_key(f
->controller
, f
->cgroup
, f
->file
)) != NULL
) {
1074 nih_local
char *data
= NULL
;
1078 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_RDONLY
))
1079 // should never get here
1082 if (strcmp(f
->file
, "tasks") == 0 ||
1083 strcmp(f
->file
, "/tasks") == 0 ||
1084 strcmp(f
->file
, "/cgroup.procs") == 0 ||
1085 strcmp(f
->file
, "cgroup.procs") == 0)
1086 // special case - we have to translate the pids
1087 r
= do_read_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, &data
);
1089 r
= cgm_get_value(f
->controller
, f
->cgroup
, f
->file
, &data
);
1099 memcpy(buf
, data
, s
);
1107 static void pid_from_ns(int sock
, pid_t tpid
)
1123 ret
= select(sock
+1, &s
, NULL
, NULL
, &tv
);
1125 fprintf(stderr
, "%s: bad select before read from parent: %s\n",
1126 __func__
, strerror(errno
));
1129 if ((ret
= read(sock
, &vpid
, sizeof(pid_t
))) != sizeof(pid_t
)) {
1130 fprintf(stderr
, "%s: bad read from parent: %s\n",
1131 __func__
, strerror(errno
));
1134 if (vpid
== -1) // done
1138 if (send_creds(sock
, &cred
, v
, true) != SEND_CREDS_OK
) {
1140 cred
.pid
= getpid();
1141 if (send_creds(sock
, &cred
, v
, false) != SEND_CREDS_OK
)
1148 static void pid_from_ns_wrapper(int sock
, pid_t tpid
)
1150 int newnsfd
= -1, ret
, cpipe
[2];
1157 sprintf(fnam
, "/proc/%d/ns/pid", tpid
);
1158 newnsfd
= open(fnam
, O_RDONLY
);
1161 if (setns(newnsfd
, 0) < 0)
1165 if (pipe(cpipe
) < 0)
1177 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
1178 fprintf(stderr
, "%s (child): erorr on write: %s\n",
1179 __func__
, strerror(errno
));
1182 pid_from_ns(sock
, tpid
);
1185 // give the child 1 second to be done forking and
1188 FD_SET(cpipe
[0], &s
);
1191 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
1194 ret
= read(cpipe
[0], &v
, 1);
1195 if (ret
!= sizeof(char) || v
!= '1') {
1199 if (!wait_for_pid(cpid
))
1204 kill(cpid
, SIGKILL
);
1209 static bool do_write_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, const char *buf
)
1211 int sock
[2] = {-1, -1};
1212 pid_t qpid
, cpid
= -1;
1213 bool answer
= false, fail
= false;
1216 * write the pids to a socket, have helper in writer's pidns
1217 * call movepid for us
1219 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
1220 perror("socketpair");
1229 pid_from_ns_wrapper(sock
[1], tpid
);
1231 const char *ptr
= buf
;
1232 while (sscanf(ptr
, "%d", &qpid
) == 1) {
1236 if (write(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
1237 fprintf(stderr
, "%s: error writing pid to child: %s\n",
1238 __func__
, strerror(errno
));
1242 if (recv_creds(sock
[0], &cred
, &v
)) {
1244 if (!cgm_move_pid(contrl
, cg
, cred
.pid
))
1249 ptr
= strchr(ptr
, '\n');
1255 /* All good, write the value */
1257 if (write(sock
[0], &qpid
,sizeof(qpid
)) != sizeof(qpid
))
1258 fprintf(stderr
, "Warning: failed to ask child to exit\n");
1266 if (sock
[0] != -1) {
1273 int cg_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
1274 struct fuse_file_info
*fi
)
1276 struct fuse_context
*fc
= fuse_get_context();
1277 nih_local
char *localbuf
= NULL
;
1278 nih_local
struct cgm_keys
*k
= NULL
;
1279 struct file_info
*f
= (struct file_info
*)fi
->fh
;
1281 if (f
->type
!= LXC_TYPE_CGFILE
) {
1282 fprintf(stderr
, "Internal error: directory cache info used in cg_write\n");
1292 localbuf
= NIH_MUST( nih_alloc(NULL
, size
+1) );
1293 localbuf
[size
] = '\0';
1294 memcpy(localbuf
, buf
, size
);
1296 if ((k
= get_cgroup_key(f
->controller
, f
->cgroup
, f
->file
)) != NULL
) {
1299 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_WRONLY
))
1302 if (strcmp(f
->file
, "tasks") == 0 ||
1303 strcmp(f
->file
, "/tasks") == 0 ||
1304 strcmp(f
->file
, "/cgroup.procs") == 0 ||
1305 strcmp(f
->file
, "cgroup.procs") == 0)
1306 // special case - we have to translate the pids
1307 r
= do_write_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, localbuf
);
1309 r
= cgm_set_value(f
->controller
, f
->cgroup
, f
->file
, localbuf
);
1320 int cg_chown(const char *path
, uid_t uid
, gid_t gid
)
1322 struct fuse_context
*fc
= fuse_get_context();
1323 nih_local
char * cgdir
= NULL
;
1324 char *fpath
= NULL
, *path1
, *path2
;
1325 nih_local
struct cgm_keys
*k
= NULL
;
1327 nih_local
char *controller
= NULL
;
1333 if (strcmp(path
, "/cgroup") == 0)
1336 controller
= pick_controller_from_path(fc
, path
);
1339 cgroup
= find_cgroup_in_path(path
);
1341 /* this is just /cgroup/controller */
1344 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1354 if (is_child_cgroup(controller
, path1
, path2
)) {
1355 // get uid, gid, from '/tasks' file and make up a mode
1356 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1357 k
= get_cgroup_key(controller
, cgroup
, "tasks");
1360 k
= get_cgroup_key(controller
, path1
, path2
);
1366 * This being a fuse request, the uid and gid must be valid
1367 * in the caller's namespace. So we can just check to make
1368 * sure that the caller is root in his uid, and privileged
1369 * over the file's current owner.
1371 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_REQD
))
1374 if (!cgm_chown_file(controller
, cgroup
, uid
, gid
))
1379 int cg_chmod(const char *path
, mode_t mode
)
1381 struct fuse_context
*fc
= fuse_get_context();
1382 nih_local
char * cgdir
= NULL
;
1383 char *fpath
= NULL
, *path1
, *path2
;
1384 nih_local
struct cgm_keys
*k
= NULL
;
1386 nih_local
char *controller
= NULL
;
1391 if (strcmp(path
, "/cgroup") == 0)
1394 controller
= pick_controller_from_path(fc
, path
);
1397 cgroup
= find_cgroup_in_path(path
);
1399 /* this is just /cgroup/controller */
1402 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1412 if (is_child_cgroup(controller
, path1
, path2
)) {
1413 // get uid, gid, from '/tasks' file and make up a mode
1414 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1415 k
= get_cgroup_key(controller
, cgroup
, "tasks");
1418 k
= get_cgroup_key(controller
, path1
, path2
);
1424 * This being a fuse request, the uid and gid must be valid
1425 * in the caller's namespace. So we can just check to make
1426 * sure that the caller is root in his uid, and privileged
1427 * over the file's current owner.
1429 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
))
1432 if (!cgm_chmod_file(controller
, cgroup
, mode
))
1437 int cg_mkdir(const char *path
, mode_t mode
)
1439 struct fuse_context
*fc
= fuse_get_context();
1440 nih_local
struct cgm_keys
**list
= NULL
;
1441 char *fpath
= NULL
, *path1
;
1442 nih_local
char * cgdir
= NULL
;
1444 nih_local
char *controller
= NULL
;
1450 controller
= pick_controller_from_path(fc
, path
);
1454 cgroup
= find_cgroup_in_path(path
);
1458 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1464 if (!fc_may_access(fc
, controller
, path1
, NULL
, O_RDWR
))
1468 if (!cgm_create(controller
, cgroup
, fc
->uid
, fc
->gid
))
1474 static int cg_rmdir(const char *path
)
1476 struct fuse_context
*fc
= fuse_get_context();
1477 nih_local
struct cgm_keys
**list
= NULL
;
1479 nih_local
char * cgdir
= NULL
;
1481 nih_local
char *controller
= NULL
;
1487 controller
= pick_controller_from_path(fc
, path
);
1491 cgroup
= find_cgroup_in_path(path
);
1495 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1499 if (!fc_may_access(fc
, controller
, cgdir
, NULL
, O_WRONLY
))
1502 if (!cgm_remove(controller
, cgroup
))
1508 static bool startswith(const char *line
, const char *pref
)
1510 if (strncmp(line
, pref
, strlen(pref
)) == 0)
1515 static void get_mem_cached(char *memstat
, unsigned long *v
)
1521 if (startswith(memstat
, "total_cache")) {
1522 sscanf(memstat
+ 11, "%lu", v
);
1526 eol
= strchr(memstat
, '\n');
1533 static void get_blkio_io_value(char *str
, unsigned major
, unsigned minor
, char *iotype
, unsigned long *v
)
1539 snprintf(key
, 32, "%u:%u %s", major
, minor
, iotype
);
1541 size_t len
= strlen(key
);
1545 if (startswith(str
, key
)) {
1546 sscanf(str
+ len
, "%lu", v
);
1549 eol
= strchr(str
, '\n');
1556 static char *get_pid_cgroup(pid_t pid
, const char *contrl
)
1558 nih_local
char *fnam
= NULL
;
1560 char *answer
= NULL
;
1564 fnam
= NIH_MUST( nih_sprintf(NULL
, "/proc/%d/cgroup", pid
) );
1565 if (!(f
= fopen(fnam
, "r")))
1568 while (getline(&line
, &len
, f
) != -1) {
1572 c1
= strchr(line
, ':');
1576 c2
= strchr(c1
, ':');
1580 if (strcmp(c1
, contrl
) != 0)
1584 answer
= NIH_MUST( nih_strdup(NULL
, c2
) );
1595 * FUSE ops for /proc
1598 static int proc_meminfo_read(char *buf
, size_t size
, off_t offset
,
1599 struct fuse_file_info
*fi
)
1601 struct fuse_context
*fc
= fuse_get_context();
1602 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1603 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "memory");
1604 nih_local
char *memlimit_str
= NULL
, *memusage_str
= NULL
, *memstat_str
= NULL
;
1605 unsigned long memlimit
= 0, memusage
= 0, cached
= 0, hosttotal
= 0;
1607 size_t linelen
= 0, total_len
= 0;
1608 char *cache
= d
->buf
;
1609 size_t cache_size
= d
->buflen
;
1613 if (offset
> d
->size
)
1615 int left
= d
->size
- offset
;
1616 total_len
= left
> size
? size
: left
;
1617 memcpy(buf
, cache
+ offset
, total_len
);
1624 if (!cgm_get_value("memory", cg
, "memory.limit_in_bytes", &memlimit_str
))
1626 if (!cgm_get_value("memory", cg
, "memory.usage_in_bytes", &memusage_str
))
1628 if (!cgm_get_value("memory", cg
, "memory.stat", &memstat_str
))
1630 memlimit
= strtoul(memlimit_str
, NULL
, 10);
1631 memusage
= strtoul(memusage_str
, NULL
, 10);
1634 get_mem_cached(memstat_str
, &cached
);
1636 f
= fopen("/proc/meminfo", "r");
1640 while (getline(&line
, &linelen
, f
) != -1) {
1642 char *printme
, lbuf
[100];
1644 memset(lbuf
, 0, 100);
1645 if (startswith(line
, "MemTotal:")) {
1646 sscanf(line
+14, "%lu", &hosttotal
);
1647 if (hosttotal
< memlimit
)
1648 memlimit
= hosttotal
;
1649 snprintf(lbuf
, 100, "MemTotal: %8lu kB\n", memlimit
);
1651 } else if (startswith(line
, "MemFree:")) {
1652 snprintf(lbuf
, 100, "MemFree: %8lu kB\n", memlimit
- memusage
);
1654 } else if (startswith(line
, "MemAvailable:")) {
1655 snprintf(lbuf
, 100, "MemAvailable: %8lu kB\n", memlimit
- memusage
);
1657 } else if (startswith(line
, "Buffers:")) {
1658 snprintf(lbuf
, 100, "Buffers: %8lu kB\n", 0UL);
1660 } else if (startswith(line
, "Cached:")) {
1661 snprintf(lbuf
, 100, "Cached: %8lu kB\n", cached
);
1663 } else if (startswith(line
, "SwapCached:")) {
1664 snprintf(lbuf
, 100, "SwapCached: %8lu kB\n", 0UL);
1669 l
= snprintf(cache
, cache_size
, "%s", printme
);
1675 d
->size
= total_len
;
1676 if (total_len
> size
) total_len
= size
;
1677 memcpy(buf
, d
->buf
, total_len
);
1685 * Read the cpuset.cpus for cg
1686 * Return the answer in a nih_alloced string
1688 static char *get_cpuset(const char *cg
)
1692 if (!cgm_get_value("cpuset", cg
, "cpuset.cpus", &answer
))
1698 * Helper functions for cpuset_in-set
1700 char *cpuset_nexttok(const char *c
)
1702 char *r
= strchr(c
+1, ',');
1708 int cpuset_getrange(const char *c
, int *a
, int *b
)
1712 ret
= sscanf(c
, "%d-%d", a
, b
);
1717 * cpusets are in format "1,2-3,4"
1718 * iow, comma-delimited ranges
1720 static bool cpu_in_cpuset(int cpu
, const char *cpuset
)
1724 for (c
= cpuset
; c
; c
= cpuset_nexttok(c
)) {
1727 ret
= cpuset_getrange(c
, &a
, &b
);
1728 if (ret
== 1 && cpu
== a
)
1730 if (ret
!= 2) // bad cpuset!
1732 if (cpu
>= a
&& cpu
<= b
)
1739 static bool cpuline_in_cpuset(const char *line
, const char *cpuset
)
1743 if (sscanf(line
, "processor : %d", &cpu
) != 1)
1745 return cpu_in_cpuset(cpu
, cpuset
);
1749 * check whether this is a '^processor" line in /proc/cpuinfo
1751 static bool is_processor_line(const char *line
)
1755 if (sscanf(line
, "processor : %d", &cpu
) == 1)
1760 static int proc_cpuinfo_read(char *buf
, size_t size
, off_t offset
,
1761 struct fuse_file_info
*fi
)
1763 struct fuse_context
*fc
= fuse_get_context();
1764 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1765 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "cpuset");
1766 nih_local
char *cpuset
= NULL
;
1768 size_t linelen
= 0, total_len
= 0;
1769 bool am_printing
= false;
1771 char *cache
= d
->buf
;
1772 size_t cache_size
= d
->buflen
;
1776 if (offset
> d
->size
)
1778 int left
= d
->size
- offset
;
1779 total_len
= left
> size
? size
: left
;
1780 memcpy(buf
, cache
+ offset
, total_len
);
1787 cpuset
= get_cpuset(cg
);
1791 f
= fopen("/proc/cpuinfo", "r");
1795 while (getline(&line
, &linelen
, f
) != -1) {
1797 if (is_processor_line(line
)) {
1798 am_printing
= cpuline_in_cpuset(line
, cpuset
);
1801 l
= snprintf(cache
, cache_size
, "processor : %d\n", curcpu
);
1802 if (l
< cache_size
){
1807 cache
+= cache_size
;
1808 total_len
+= cache_size
;
1816 l
= snprintf(cache
, cache_size
, "%s", line
);
1817 if (l
< cache_size
) {
1822 cache
+= cache_size
;
1823 total_len
+= cache_size
;
1830 d
->size
= total_len
;
1831 if (total_len
> size
) total_len
= size
;
1833 /* read from off 0 */
1834 memcpy(buf
, d
->buf
, total_len
);
1841 static int proc_stat_read(char *buf
, size_t size
, off_t offset
,
1842 struct fuse_file_info
*fi
)
1844 struct fuse_context
*fc
= fuse_get_context();
1845 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1846 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "cpuset");
1847 nih_local
char *cpuset
= NULL
;
1849 size_t linelen
= 0, total_len
= 0;
1850 int curcpu
= -1; /* cpu numbering starts at 0 */
1851 unsigned long user
= 0, nice
= 0, system
= 0, idle
= 0, iowait
= 0, irq
= 0, softirq
= 0, steal
= 0, guest
= 0;
1852 unsigned long user_sum
= 0, nice_sum
= 0, system_sum
= 0, idle_sum
= 0, iowait_sum
= 0,
1853 irq_sum
= 0, softirq_sum
= 0, steal_sum
= 0, guest_sum
= 0;
1854 #define CPUALL_MAX_SIZE BUF_RESERVE_SIZE
1855 char cpuall
[CPUALL_MAX_SIZE
];
1856 /* reserve for cpu all */
1857 char *cache
= d
->buf
+ CPUALL_MAX_SIZE
;
1858 size_t cache_size
= d
->buflen
- CPUALL_MAX_SIZE
;
1862 if (offset
> d
->size
)
1864 int left
= d
->size
- offset
;
1865 total_len
= left
> size
? size
: left
;
1866 memcpy(buf
, d
->buf
+ offset
, total_len
);
1873 cpuset
= get_cpuset(cg
);
1877 f
= fopen("/proc/stat", "r");
1882 if (getline(&line
, &linelen
, f
) < 0) {
1883 fprintf(stderr
, "proc_stat_read read first line failed\n");
1887 while (getline(&line
, &linelen
, f
) != -1) {
1890 char cpu_char
[10]; /* That's a lot of cores */
1893 if (sscanf(line
, "cpu%9[^ ]", cpu_char
) != 1) {
1894 /* not a ^cpuN line containing a number N, just print it */
1895 l
= snprintf(cache
, cache_size
, "%s", line
);
1896 if (l
< cache_size
){
1902 //no more space, break it
1903 cache
+= cache_size
;
1904 total_len
+= cache_size
;
1910 if (sscanf(cpu_char
, "%d", &cpu
) != 1)
1912 if (!cpu_in_cpuset(cpu
, cpuset
))
1916 c
= strchr(line
, ' ');
1919 l
= snprintf(cache
, cache_size
, "cpu%d %s", curcpu
, c
);
1924 if (sscanf(line
, "%*s %lu %lu %lu %lu %lu %lu %lu %lu %lu", &user
, &nice
, &system
, &idle
, &iowait
, &irq
,
1925 &softirq
, &steal
, &guest
) != 9)
1929 system_sum
+= system
;
1931 iowait_sum
+= iowait
;
1933 softirq_sum
+= softirq
;
1940 int cpuall_len
= snprintf(cpuall
, CPUALL_MAX_SIZE
, "%s %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
1941 "cpu ", user_sum
, nice_sum
, system_sum
, idle_sum
, iowait_sum
, irq_sum
, softirq_sum
, steal_sum
, guest_sum
);
1942 if (cpuall_len
> 0 && cpuall_len
< CPUALL_MAX_SIZE
){
1943 memcpy(cache
, cpuall
, cpuall_len
);
1944 cache
+= cpuall_len
;
1946 /* shouldn't happen */
1947 fprintf(stderr
, "proc_stat_read copy cpuall failed, cpuall_len=%d\n", cpuall_len
);
1951 memmove(cache
, d
->buf
+ CPUALL_MAX_SIZE
, total_len
);
1952 total_len
+= cpuall_len
;
1953 d
->size
= total_len
;
1954 if (total_len
> size
) total_len
= size
;
1956 memcpy(buf
, d
->buf
, total_len
);
1957 fprintf(stderr
, "total_len = %d, buflen = %d\n", d
->size
, d
->buflen
);
1965 * How to guess what to present for uptime?
1966 * One thing we could do would be to take the date on the caller's
1967 * memory.usage_in_bytes file, which should equal the time of creation
1968 * of his cgroup. However, a task could be in a sub-cgroup of the
1969 * container. The same problem exists if we try to look at the ages
1970 * of processes in the caller's cgroup.
1972 * So we'll fork a task that will enter the caller's pidns, mount a
1973 * fresh procfs, get the age of /proc/1, and pass that back over a pipe.
1975 * For the second uptime #, we'll do as Stéphane had done, just copy
1976 * the number from /proc/uptime. Not sure how to best emulate 'idle'
1977 * time. Maybe someone can come up with a good algorithm and submit a
1978 * patch. Maybe something based on cpushare info?
1981 /* return age of the reaper for $pid, taken from ctime of its procdir */
1982 static long int get_pid1_time(pid_t pid
)
1985 int fd
, cpipe
[2], ret
;
1992 if (unshare(CLONE_NEWNS
))
1995 if (mount(NULL
, "/", NULL
, MS_SLAVE
|MS_REC
, NULL
)) {
1996 perror("rslave mount failed");
2000 sprintf(fnam
, "/proc/%d/ns/pid", pid
);
2001 fd
= open(fnam
, O_RDONLY
);
2003 perror("get_pid1_time open of ns/pid");
2007 perror("get_pid1_time setns 1");
2013 if (pipe(cpipe
) < 0)
2024 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
2025 fprintf(stderr
, "%s (child): erorr on write: %s\n",
2026 __func__
, strerror(errno
));
2029 umount2("/proc", MNT_DETACH
);
2030 if (mount("proc", "/proc", "proc", 0, NULL
)) {
2031 perror("get_pid1_time mount");
2034 ret
= lstat("/proc/1", &sb
);
2036 perror("get_pid1_time lstat");
2039 return time(NULL
) - sb
.st_ctime
;
2042 // give the child 1 second to be done forking and
2045 FD_SET(cpipe
[0], &s
);
2048 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
2051 ret
= read(cpipe
[0], &v
, 1);
2052 if (ret
!= sizeof(char) || v
!= '1') {
2060 kill(cpid
, SIGKILL
);
2065 static long int getreaperage(pid_t qpid
)
2067 int pid
, mypipe
[2], ret
;
2070 long int mtime
, answer
= 0;
2078 if (!pid
) { // child
2079 mtime
= get_pid1_time(qpid
);
2080 if (write(mypipe
[1], &mtime
, sizeof(mtime
)) != sizeof(mtime
))
2081 fprintf(stderr
, "Warning: bad write from getreaperage\n");
2087 FD_SET(mypipe
[0], &s
);
2090 ret
= select(mypipe
[0]+1, &s
, NULL
, NULL
, &tv
);
2096 fprintf(stderr
, "timed out\n");
2099 if (read(mypipe
[0], &mtime
, sizeof(mtime
)) != sizeof(mtime
)) {
2111 static long int getprocidle(void)
2113 FILE *f
= fopen("/proc/uptime", "r");
2118 ret
= fscanf(f
, "%ld %ld", &age
, &idle
);
2126 * We read /proc/uptime and reuse its second field.
2127 * For the first field, we use the mtime for the reaper for
2128 * the calling pid as returned by getreaperage
2130 static int proc_uptime_read(char *buf
, size_t size
, off_t offset
,
2131 struct fuse_file_info
*fi
)
2133 struct fuse_context
*fc
= fuse_get_context();
2134 struct file_info
*d
= (struct file_info
*)fi
->fh
;
2135 long int reaperage
= getreaperage(fc
->pid
);;
2136 long int idletime
= getprocidle();
2137 size_t total_len
= 0;
2140 if (offset
> d
->size
)
2145 total_len
= snprintf(buf
, size
, "%ld %ld\n", reaperage
, idletime
);
2146 d
->size
= total_len
;
2150 static int proc_diskstats_read(char *buf
, size_t size
, off_t offset
,
2151 struct fuse_file_info
*fi
)
2154 struct fuse_context
*fc
= fuse_get_context();
2155 struct file_info
*d
= (struct file_info
*)fi
->fh
;
2156 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "blkio");
2157 nih_local
char *io_serviced_str
= NULL
, *io_merged_str
= NULL
, *io_service_bytes_str
= NULL
,
2158 *io_wait_time_str
= NULL
, *io_service_time_str
= NULL
;
2159 unsigned long read
= 0, write
= 0;
2160 unsigned long read_merged
= 0, write_merged
= 0;
2161 unsigned long read_sectors
= 0, write_sectors
= 0;
2162 unsigned long read_ticks
= 0, write_ticks
= 0;
2163 unsigned long ios_pgr
= 0, tot_ticks
= 0, rq_ticks
= 0;
2164 unsigned long rd_svctm
= 0, wr_svctm
= 0, rd_wait
= 0, wr_wait
= 0;
2166 size_t linelen
= 0, total_len
= 0;
2167 unsigned int major
= 0, minor
= 0;
2172 if (offset
> d
->size
)
2180 if (!cgm_get_value("blkio", cg
, "blkio.io_serviced", &io_serviced_str
))
2182 if (!cgm_get_value("blkio", cg
, "blkio.io_merged", &io_merged_str
))
2184 if (!cgm_get_value("blkio", cg
, "blkio.io_service_bytes", &io_service_bytes_str
))
2186 if (!cgm_get_value("blkio", cg
, "blkio.io_wait_time", &io_wait_time_str
))
2188 if (!cgm_get_value("blkio", cg
, "blkio.io_service_time", &io_service_time_str
))
2192 f
= fopen("/proc/diskstats", "r");
2196 while (getline(&line
, &linelen
, f
) != -1) {
2198 char *printme
, lbuf
[256];
2200 i
= sscanf(line
, "%u %u %s", &major
, &minor
, dev_name
);
2202 get_blkio_io_value(io_serviced_str
, major
, minor
, "Read", &read
);
2203 get_blkio_io_value(io_serviced_str
, major
, minor
, "Write", &write
);
2204 get_blkio_io_value(io_merged_str
, major
, minor
, "Read", &read_merged
);
2205 get_blkio_io_value(io_merged_str
, major
, minor
, "Write", &write_merged
);
2206 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Read", &read_sectors
);
2207 read_sectors
= read_sectors
/512;
2208 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Write", &write_sectors
);
2209 write_sectors
= write_sectors
/512;
2211 get_blkio_io_value(io_service_time_str
, major
, minor
, "Read", &rd_svctm
);
2212 rd_svctm
= rd_svctm
/1000000;
2213 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Read", &rd_wait
);
2214 rd_wait
= rd_wait
/1000000;
2215 read_ticks
= rd_svctm
+ rd_wait
;
2217 get_blkio_io_value(io_service_time_str
, major
, minor
, "Write", &wr_svctm
);
2218 wr_svctm
= wr_svctm
/1000000;
2219 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Write", &wr_wait
);
2220 wr_wait
= wr_wait
/1000000;
2221 write_ticks
= wr_svctm
+ wr_wait
;
2223 get_blkio_io_value(io_service_time_str
, major
, minor
, "Total", &tot_ticks
);
2224 tot_ticks
= tot_ticks
/1000000;
2229 memset(lbuf
, 0, 256);
2230 if (read
|| write
|| read_merged
|| write_merged
|| read_sectors
|| write_sectors
|| read_ticks
|| write_ticks
) {
2231 snprintf(lbuf
, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
2232 major
, minor
, dev_name
, read
, read_merged
, read_sectors
, read_ticks
,
2233 write
, write_merged
, write_sectors
, write_ticks
, ios_pgr
, tot_ticks
, rq_ticks
);
2238 l
= snprintf(buf
, size
, "%s", printme
);
2244 d
->size
= total_len
;
2251 static off_t
get_procfile_size(const char *which
)
2253 FILE *f
= fopen(which
, "r");
2256 ssize_t sz
, answer
= 0;
2260 while ((sz
= getline(&line
, &len
, f
)) != -1)
2268 static int proc_getattr(const char *path
, struct stat
*sb
)
2270 struct timespec now
;
2272 memset(sb
, 0, sizeof(struct stat
));
2273 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
2275 sb
->st_uid
= sb
->st_gid
= 0;
2276 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
2277 if (strcmp(path
, "/proc") == 0) {
2278 sb
->st_mode
= S_IFDIR
| 00555;
2282 if (strcmp(path
, "/proc/meminfo") == 0 ||
2283 strcmp(path
, "/proc/cpuinfo") == 0 ||
2284 strcmp(path
, "/proc/uptime") == 0 ||
2285 strcmp(path
, "/proc/stat") == 0 ||
2286 strcmp(path
, "/proc/diskstats") == 0) {
2287 sb
->st_size
= get_procfile_size(path
);
2288 sb
->st_mode
= S_IFREG
| 00444;
2296 static int proc_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
2297 struct fuse_file_info
*fi
)
2299 if (filler(buf
, "cpuinfo", NULL
, 0) != 0 ||
2300 filler(buf
, "meminfo", NULL
, 0) != 0 ||
2301 filler(buf
, "stat", NULL
, 0) != 0 ||
2302 filler(buf
, "uptime", NULL
, 0) != 0 ||
2303 filler(buf
, "diskstats", NULL
, 0) != 0)
2308 static int proc_open(const char *path
, struct fuse_file_info
*fi
)
2311 struct file_info
*info
;
2313 if (strcmp(path
, "/proc/meminfo") == 0)
2314 type
= LXC_TYPE_PROC_MEMINFO
;
2315 else if (strcmp(path
, "/proc/cpuinfo") == 0)
2316 type
= LXC_TYPE_PROC_CPUINFO
;
2317 else if (strcmp(path
, "/proc/uptime") == 0)
2318 type
= LXC_TYPE_PROC_UPTIME
;
2319 else if (strcmp(path
, "/proc/stat") == 0)
2320 type
= LXC_TYPE_PROC_STAT
;
2321 else if (strcmp(path
, "/proc/diskstats") == 0)
2322 type
= LXC_TYPE_PROC_DISKSTATS
;
2326 info
= NIH_MUST( nih_alloc(NULL
, sizeof(*info
)) );
2327 memset(info
, 0, sizeof(*info
));
2330 info
->buflen
= get_procfile_size(path
) + BUF_RESERVE_SIZE
;
2331 info
->buf
= NIH_MUST( nih_alloc(NULL
, info
->buflen
) );
2332 memset(info
->buf
, 0, info
->buflen
);
2333 /* set actual size to buffer size */
2334 info
->size
= info
->buflen
;
2336 fi
->fh
= (unsigned long)info
;
2340 static int proc_release(const char *path
, struct fuse_file_info
*fi
)
2342 struct file_info
*f
= (struct file_info
*)fi
->fh
;
2344 do_release_file_info(f
);
2348 static int proc_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2349 struct fuse_file_info
*fi
)
2351 struct file_info
*f
= (struct file_info
*) fi
->fh
;
2354 case LXC_TYPE_PROC_MEMINFO
:
2355 return proc_meminfo_read(buf
, size
, offset
, fi
);
2356 case LXC_TYPE_PROC_CPUINFO
:
2357 return proc_cpuinfo_read(buf
, size
, offset
, fi
);
2358 case LXC_TYPE_PROC_UPTIME
:
2359 return proc_uptime_read(buf
, size
, offset
, fi
);
2360 case LXC_TYPE_PROC_STAT
:
2361 return proc_stat_read(buf
, size
, offset
, fi
);
2362 case LXC_TYPE_PROC_DISKSTATS
:
2363 return proc_diskstats_read(buf
, size
, offset
, fi
);
2371 * these just delegate to the /proc and /cgroup ops as
2375 static int lxcfs_getattr(const char *path
, struct stat
*sb
)
2377 if (strcmp(path
, "/") == 0) {
2378 sb
->st_mode
= S_IFDIR
| 00755;
2382 if (strncmp(path
, "/cgroup", 7) == 0) {
2383 return cg_getattr(path
, sb
);
2385 if (strncmp(path
, "/proc", 5) == 0) {
2386 return proc_getattr(path
, sb
);
2391 static int lxcfs_opendir(const char *path
, struct fuse_file_info
*fi
)
2393 if (strcmp(path
, "/") == 0)
2396 if (strncmp(path
, "/cgroup", 7) == 0) {
2397 return cg_opendir(path
, fi
);
2399 if (strcmp(path
, "/proc") == 0)
2404 static int lxcfs_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
2405 struct fuse_file_info
*fi
)
2407 if (strcmp(path
, "/") == 0) {
2408 if (filler(buf
, "proc", NULL
, 0) != 0 ||
2409 filler(buf
, "cgroup", NULL
, 0) != 0)
2413 if (strncmp(path
, "/cgroup", 7) == 0)
2414 return cg_readdir(path
, buf
, filler
, offset
, fi
);
2415 if (strcmp(path
, "/proc") == 0)
2416 return proc_readdir(path
, buf
, filler
, offset
, fi
);
2420 static int lxcfs_releasedir(const char *path
, struct fuse_file_info
*fi
)
2422 if (strcmp(path
, "/") == 0)
2424 if (strncmp(path
, "/cgroup", 7) == 0) {
2425 return cg_releasedir(path
, fi
);
2427 if (strcmp(path
, "/proc") == 0)
2432 static int lxcfs_open(const char *path
, struct fuse_file_info
*fi
)
2434 if (strncmp(path
, "/cgroup", 7) == 0)
2435 return cg_open(path
, fi
);
2436 if (strncmp(path
, "/proc", 5) == 0)
2437 return proc_open(path
, fi
);
2442 static int lxcfs_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2443 struct fuse_file_info
*fi
)
2445 if (strncmp(path
, "/cgroup", 7) == 0)
2446 return cg_read(path
, buf
, size
, offset
, fi
);
2447 if (strncmp(path
, "/proc", 5) == 0)
2448 return proc_read(path
, buf
, size
, offset
, fi
);
2453 int lxcfs_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
2454 struct fuse_file_info
*fi
)
2456 if (strncmp(path
, "/cgroup", 7) == 0) {
2457 return cg_write(path
, buf
, size
, offset
, fi
);
2463 static int lxcfs_flush(const char *path
, struct fuse_file_info
*fi
)
2468 static int lxcfs_release(const char *path
, struct fuse_file_info
*fi
)
2470 if (strncmp(path
, "/cgroup", 7) == 0)
2471 return cg_release(path
, fi
);
2472 if (strncmp(path
, "/proc", 5) == 0)
2473 return proc_release(path
, fi
);
2478 static int lxcfs_fsync(const char *path
, int datasync
, struct fuse_file_info
*fi
)
2483 int lxcfs_mkdir(const char *path
, mode_t mode
)
2485 if (strncmp(path
, "/cgroup", 7) == 0)
2486 return cg_mkdir(path
, mode
);
2491 int lxcfs_chown(const char *path
, uid_t uid
, gid_t gid
)
2493 if (strncmp(path
, "/cgroup", 7) == 0)
2494 return cg_chown(path
, uid
, gid
);
2500 * cat first does a truncate before doing ops->write. This doesn't
2501 * really make sense for cgroups. So just return 0 always but do
2504 int lxcfs_truncate(const char *path
, off_t newsize
)
2506 if (strncmp(path
, "/cgroup", 7) == 0)
2511 int lxcfs_rmdir(const char *path
)
2513 if (strncmp(path
, "/cgroup", 7) == 0)
2514 return cg_rmdir(path
);
2518 int lxcfs_chmod(const char *path
, mode_t mode
)
2520 if (strncmp(path
, "/cgroup", 7) == 0)
2521 return cg_chmod(path
, mode
);
2525 const struct fuse_operations lxcfs_ops
= {
2526 .getattr
= lxcfs_getattr
,
2530 .mkdir
= lxcfs_mkdir
,
2532 .rmdir
= lxcfs_rmdir
,
2536 .chmod
= lxcfs_chmod
,
2537 .chown
= lxcfs_chown
,
2538 .truncate
= lxcfs_truncate
,
2543 .release
= lxcfs_release
,
2544 .write
= lxcfs_write
,
2547 .flush
= lxcfs_flush
,
2548 .fsync
= lxcfs_fsync
,
2553 .removexattr
= NULL
,
2555 .opendir
= lxcfs_opendir
,
2556 .readdir
= lxcfs_readdir
,
2557 .releasedir
= lxcfs_releasedir
,
2568 static void usage(const char *me
)
2570 fprintf(stderr
, "Usage:\n");
2571 fprintf(stderr
, "\n");
2572 fprintf(stderr
, "%s [FUSE and mount options] mountpoint\n", me
);
2576 static bool is_help(char *w
)
2578 if (strcmp(w
, "-h") == 0 ||
2579 strcmp(w
, "--help") == 0 ||
2580 strcmp(w
, "-help") == 0 ||
2581 strcmp(w
, "help") == 0)
2586 int main(int argc
, char *argv
[])
2589 struct lxcfs_state
*d
;
2591 if (argc
< 2 || is_help(argv
[1]))
2594 d
= malloc(sizeof(*d
));
2598 if (!cgm_escape_cgroup())
2599 fprintf(stderr
, "WARNING: failed to escape to root cgroup\n");
2601 if (!cgm_get_controllers(&d
->subsystems
))
2604 ret
= fuse_main(argc
, argv
, &lxcfs_ops
, d
);