3 * Copyright © 2014,2015 Canonical, Inc
4 * Author: Serge Hallyn <serge.hallyn@ubuntu.com>
6 * See COPYING file for details.
11 * sanitize paths for '..', cgmanager's not doing that for us any more
13 * Surely there are more paths we'll need to sanitize - look back through
14 * cgmanager's sources.
17 #define FUSE_USE_VERSION 26
31 #include <linux/sched.h>
32 #include <sys/socket.h>
33 #include <sys/mount.h>
37 #define GLIB_DISABLE_DEPRECATION_WARNINGS
38 #include <glib-object.h>
42 #include "config.h" // for VERSION
47 LXC_TYPE_PROC_MEMINFO
,
48 LXC_TYPE_PROC_CPUINFO
,
51 LXC_TYPE_PROC_DISKSTATS
,
59 char *buf
; // unused as of yet
61 int size
; //actual data size
65 /* reserve buffer size, for cpuall in /proc/stat */
66 #define BUF_RESERVE_SIZE 256
70 * src: a pointer to a char* in which ot append the pid.
71 * sz: the number of characters printed so far, minus trailing \0.
72 * asz: the allocated size so far
73 * pid: the pid to append
75 static void must_strcat_pid(char **src
, size_t *sz
, size_t *asz
, pid_t pid
)
80 sprintf(tmp
, "%d\n", (int)pid
);
84 d
= malloc(BUF_RESERVE_SIZE
);
87 *asz
= BUF_RESERVE_SIZE
;
88 } else if (strlen(tmp
) + sz
+ 1 >= asz
) {
90 d
= realloc(d
, *asz
+ BUF_RESERVE_SIZE
);
93 *asz
+= BUF_RESERVE_SIZE
;
95 memcpy(d
+*sz
, tmp
, strlen(tmp
));
100 static int wait_for_pid(pid_t pid
)
105 ret
= waitpid(pid
, &status
, 0);
113 if (!WIFEXITED(status
) || WEXITSTATUS(status
) != 0)
119 * Given a open file * to /proc/pid/{u,g}id_map, and an id
120 * valid in the caller's namespace, return the id mapped into
122 * Returns the mapped id, or -1 on error.
125 convert_id_to_ns(FILE *idfile
, unsigned int in_id
)
127 unsigned int nsuid
, // base id for a range in the idfile's namespace
128 hostuid
, // base id for a range in the caller's namespace
129 count
; // number of ids in this range
133 fseek(idfile
, 0L, SEEK_SET
);
134 while (fgets(line
, 400, idfile
)) {
135 ret
= sscanf(line
, "%u %u %u\n", &nsuid
, &hostuid
, &count
);
138 if (hostuid
+ count
< hostuid
|| nsuid
+ count
< nsuid
) {
140 * uids wrapped around - unexpected as this is a procfile,
143 fprintf(stderr
, "pid wrapparound at entry %u %u %u in %s\n",
144 nsuid
, hostuid
, count
, line
);
147 if (hostuid
<= in_id
&& hostuid
+count
> in_id
) {
149 * now since hostuid <= in_id < hostuid+count, and
150 * hostuid+count and nsuid+count do not wrap around,
151 * we know that nsuid+(in_id-hostuid) which must be
152 * less that nsuid+(count) must not wrap around
154 return (in_id
- hostuid
) + nsuid
;
163 * for is_privileged_over,
164 * specify whether we require the calling uid to be root in his
167 #define NS_ROOT_REQD true
168 #define NS_ROOT_OPT false
172 static bool is_privileged_over(pid_t pid
, uid_t uid
, uid_t victim
, bool req_ns_root
)
179 if (victim
== -1 || uid
== -1)
183 * If the request is one not requiring root in the namespace,
184 * then having the same uid suffices. (i.e. uid 1000 has write
185 * access to files owned by uid 1000
187 if (!req_ns_root
&& uid
== victim
)
190 ret
= snprintf(fpath
, PROCLEN
, "/proc/%d/uid_map", pid
);
191 if (ret
< 0 || ret
>= PROCLEN
)
193 FILE *f
= fopen(fpath
, "r");
197 /* if caller's not root in his namespace, reject */
198 nsuid
= convert_id_to_ns(f
, uid
);
203 * If victim is not mapped into caller's ns, reject.
204 * XXX I'm not sure this check is needed given that fuse
205 * will be sending requests where the vfs has converted
207 nsuid
= convert_id_to_ns(f
, victim
);
218 static bool perms_include(int fmode
, mode_t req_mode
)
222 switch (req_mode
& O_ACCMODE
) {
230 r
= S_IROTH
| S_IWOTH
;
235 return ((fmode
& r
) == r
);
238 static char *get_next_cgroup_dir(const char *taskcg
, const char *querycg
)
242 if (strlen(taskcg
) <= strlen(querycg
)) {
243 fprintf(stderr
, "%s: I was fed bad input\n", __func__
);
247 if (strcmp(querycg
, "/") == 0)
248 start
= strdup(taskcg
+ 1);
250 start
= strdup(taskcg
+ strlen(querycg
) + 1);
253 end
= strchr(start
, '/');
259 static void stripnewline(char *x
)
261 size_t l
= strlen(x
);
262 if (l
&& x
[l
-1] == '\n')
266 static char *get_pid_cgroup(pid_t pid
, const char *contrl
)
274 const char *h
= find_mounted_controller(contrl
);
278 ret
= snprintf(fnam
, PROCLEN
, "/proc/%d/cgroup", pid
);
279 if (ret
< 0 || ret
>= PROCLEN
)
281 if (!(f
= fopen(fnam
, "r")))
284 while (getline(&line
, &len
, f
) != -1) {
288 c1
= strchr(line
, ':');
292 c2
= strchr(c1
, ':');
296 if (strcmp(c1
, h
) != 0)
313 * check whether a fuse context may access a cgroup dir or file
315 * If file is not null, it is a cgroup file to check under cg.
316 * If file is null, then we are checking perms on cg itself.
318 * For files we can check the mode of the list_keys result.
319 * For cgroups, we must make assumptions based on the files under the
320 * cgroup, because cgmanager doesn't tell us ownership/perms of cgroups
323 static bool fc_may_access(struct fuse_context
*fc
, const char *contrl
, const char *cg
, const char *file
, mode_t mode
)
325 struct cgfs_files
*k
= NULL
;
334 k
= cgfs_get_key(contrl
, cg
, file
);
338 if (is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
)) {
339 if (perms_include(k
->mode
>> 6, mode
)) {
344 if (fc
->gid
== k
->gid
) {
345 if (perms_include(k
->mode
>> 3, mode
)) {
350 ret
= perms_include(k
->mode
, mode
);
357 #define INITSCOPE "/init.scope"
358 static void prune_init_slice(char *cg
)
361 point
= cg
+ strlen(cg
) - strlen(INITSCOPE
);
364 if (strcmp(point
, INITSCOPE
) == 0) {
373 * If caller is in /a/b/c/d, he may only act on things under cg=/a/b/c/d.
374 * If caller is in /a, he may act on /a/b, but not on /b.
375 * if the answer is false and nextcg is not NULL, then *nextcg will point
376 * to a string containing the next cgroup directory under cg, which must be
377 * freed by the caller.
379 static bool caller_is_in_ancestor(pid_t pid
, const char *contrl
, const char *cg
, char **nextcg
)
388 ret
= snprintf(fnam
, PROCLEN
, "/proc/%d/cgroup", pid
);
389 if (ret
< 0 || ret
>= PROCLEN
)
391 if (!(f
= fopen(fnam
, "r")))
394 while (getline(&line
, &len
, f
) != -1) {
395 char *c1
, *c2
, *linecmp
;
398 c1
= strchr(line
, ':');
402 c2
= strchr(c1
, ':');
406 if (strcmp(c1
, contrl
) != 0)
410 prune_init_slice(c2
);
412 * callers pass in '/' for root cgroup, otherwise they pass
413 * in a cgroup without leading '/'
415 linecmp
= *cg
== '/' ? c2
: c2
+1;
416 if (strncmp(linecmp
, cg
, strlen(linecmp
)) != 0) {
418 *nextcg
= get_next_cgroup_dir(linecmp
, cg
);
432 * given /cgroup/freezer/a/b, return "freezer".
433 * the returned char* should NOT be freed.
435 static char *pick_controller_from_path(struct fuse_context
*fc
, const char *path
)
440 if (strlen(path
) < 9)
442 if (*(path
+7) != '/')
448 slash
= strstr(contr
, "/");
453 for (i
= 0; i
< num_hierarchies
; i
++) {
454 if (hierarchies
[i
] && strcmp(hierarchies
[i
], contr
) == 0)
455 return hierarchies
[i
];
461 * Find the start of cgroup in /cgroup/controller/the/cgroup/path
462 * Note that the returned value may include files (keynames) etc
464 static const char *find_cgroup_in_path(const char *path
)
468 if (strlen(path
) < 9)
470 p1
= strstr(path
+8, "/");
477 * dir should be freed, file not
479 static void get_cgdir_and_path(const char *cg
, char **dir
, char **file
)
486 *file
= strrchr(cg
, '/');
491 p
= strrchr(*dir
, '/');
496 * FUSE ops for /cgroup
499 static int cg_getattr(const char *path
, struct stat
*sb
)
502 struct fuse_context
*fc
= fuse_get_context();
504 char *fpath
= NULL
, *path1
, *path2
;
505 struct cgfs_files
*k
= NULL
;
507 const char *controller
= NULL
;
514 memset(sb
, 0, sizeof(struct stat
));
516 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
519 sb
->st_uid
= sb
->st_gid
= 0;
520 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
523 if (strcmp(path
, "/cgroup") == 0) {
524 sb
->st_mode
= S_IFDIR
| 00755;
529 controller
= pick_controller_from_path(fc
, path
);
532 cgroup
= find_cgroup_in_path(path
);
534 /* this is just /cgroup/controller, return it as a dir */
535 sb
->st_mode
= S_IFDIR
| 00755;
540 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
550 /* check that cgcopy is either a child cgroup of cgdir, or listed in its keys.
551 * Then check that caller's cgroup is under path if fpath is a child
552 * cgroup, or cgdir if fpath is a file */
554 if (is_child_cgroup(controller
, path1
, path2
)) {
555 if (!caller_is_in_ancestor(fc
->pid
, controller
, cgroup
, NULL
)) {
556 /* this is just /cgroup/controller, return it as a dir */
557 sb
->st_mode
= S_IFDIR
| 00555;
562 if (!fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
)) {
567 // get uid, gid, from '/tasks' file and make up a mode
568 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
569 sb
->st_mode
= S_IFDIR
| 00755;
570 k
= cgfs_get_key(controller
, cgroup
, "tasks");
572 sb
->st_uid
= sb
->st_gid
= 0;
583 if ((k
= cgfs_get_key(controller
, path1
, path2
)) != NULL
) {
584 sb
->st_mode
= S_IFREG
| k
->mode
;
590 if (!caller_is_in_ancestor(fc
->pid
, controller
, path1
, NULL
)) {
594 if (!fc_may_access(fc
, controller
, path1
, path2
, O_RDONLY
)) {
607 static int cg_opendir(const char *path
, struct fuse_file_info
*fi
)
609 struct fuse_context
*fc
= fuse_get_context();
611 struct file_info
*dir_info
;
612 char *controller
= NULL
;
617 if (strcmp(path
, "/cgroup") == 0) {
621 // return list of keys for the controller, and list of child cgroups
622 controller
= pick_controller_from_path(fc
, path
);
626 cgroup
= find_cgroup_in_path(path
);
628 /* this is just /cgroup/controller, return its contents */
633 if (cgroup
&& !fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
)) {
637 /* we'll free this at cg_releasedir */
638 dir_info
= malloc(sizeof(*dir_info
));
641 dir_info
->controller
= must_copy_string(controller
);
642 dir_info
->cgroup
= must_copy_string(cgroup
);
643 dir_info
->type
= LXC_TYPE_CGDIR
;
644 dir_info
->buf
= NULL
;
645 dir_info
->file
= NULL
;
646 dir_info
->buflen
= 0;
648 fi
->fh
= (unsigned long)dir_info
;
652 static int cg_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
653 struct fuse_file_info
*fi
)
655 struct file_info
*d
= (struct file_info
*)fi
->fh
;
656 struct cgfs_files
**list
= NULL
;
659 struct fuse_context
*fc
= fuse_get_context();
662 if (d
->type
!= LXC_TYPE_CGDIR
) {
663 fprintf(stderr
, "Internal error: file cache info used in readdir\n");
666 if (!d
->cgroup
&& !d
->controller
) {
667 // ls /var/lib/lxcfs/cgroup - just show list of controllers
670 for (i
= 0; i
< num_hierarchies
; i
++) {
671 if (hierarchies
[i
] && filler(buf
, hierarchies
[i
], NULL
, 0) != 0) {
678 if (!cgfs_list_keys(d
->controller
, d
->cgroup
, &list
)) {
679 // not a valid cgroup
684 if (!caller_is_in_ancestor(fc
->pid
, d
->controller
, d
->cgroup
, &nextcg
)) {
687 ret
= filler(buf
, nextcg
, NULL
, 0);
698 for (i
= 0; list
[i
]; i
++) {
699 if (filler(buf
, list
[i
]->name
, NULL
, 0) != 0) {
705 // now get the list of child cgroups
707 if (!cgfs_list_children(d
->controller
, d
->cgroup
, &clist
)) {
711 for (i
= 0; clist
[i
]; i
++) {
712 if (filler(buf
, clist
[i
], NULL
, 0) != 0) {
722 for (i
= 0; clist
[i
]; i
++)
729 static void do_release_file_info(struct file_info
*f
)
740 static int cg_releasedir(const char *path
, struct fuse_file_info
*fi
)
742 struct file_info
*d
= (struct file_info
*)fi
->fh
;
744 do_release_file_info(d
);
748 static int cg_open(const char *path
, struct fuse_file_info
*fi
)
751 char *fpath
= NULL
, *path1
, *path2
, * cgdir
= NULL
, *controller
;
752 struct cgfs_files
*k
= NULL
;
753 struct file_info
*file_info
;
754 struct fuse_context
*fc
= fuse_get_context();
760 controller
= pick_controller_from_path(fc
, path
);
763 cgroup
= find_cgroup_in_path(path
);
767 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
776 k
= cgfs_get_key(controller
, path1
, path2
);
783 if (!fc_may_access(fc
, controller
, path1
, path2
, fi
->flags
)) {
784 // should never get here
789 /* we'll free this at cg_release */
790 file_info
= malloc(sizeof(*file_info
));
795 file_info
->controller
= must_copy_string(controller
);
796 file_info
->cgroup
= must_copy_string(path1
);
797 file_info
->file
= must_copy_string(path2
);
798 file_info
->type
= LXC_TYPE_CGFILE
;
799 file_info
->buf
= NULL
;
800 file_info
->buflen
= 0;
802 fi
->fh
= (unsigned long)file_info
;
810 static int cg_release(const char *path
, struct fuse_file_info
*fi
)
812 struct file_info
*f
= (struct file_info
*)fi
->fh
;
814 do_release_file_info(f
);
818 static int msgrecv(int sockfd
, void *buf
, size_t len
)
824 FD_SET(sockfd
, &rfds
);
828 if (select(sockfd
+1, &rfds
, NULL
, NULL
, &tv
) <= 0)
830 return recv(sockfd
, buf
, len
, MSG_DONTWAIT
);
833 #define SEND_CREDS_OK 0
834 #define SEND_CREDS_NOTSK 1
835 #define SEND_CREDS_FAIL 2
836 static int send_creds(int sock
, struct ucred
*cred
, char v
, bool pingfirst
)
838 struct msghdr msg
= { 0 };
840 struct cmsghdr
*cmsg
;
841 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
846 if (msgrecv(sock
, buf
, 1) != 1) {
847 fprintf(stderr
, "%s: Error getting reply from server over socketpair\n",
849 return SEND_CREDS_FAIL
;
853 msg
.msg_control
= cmsgbuf
;
854 msg
.msg_controllen
= sizeof(cmsgbuf
);
856 cmsg
= CMSG_FIRSTHDR(&msg
);
857 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct ucred
));
858 cmsg
->cmsg_level
= SOL_SOCKET
;
859 cmsg
->cmsg_type
= SCM_CREDENTIALS
;
860 memcpy(CMSG_DATA(cmsg
), cred
, sizeof(*cred
));
867 iov
.iov_len
= sizeof(buf
);
871 if (sendmsg(sock
, &msg
, 0) < 0) {
872 fprintf(stderr
, "%s: failed at sendmsg: %s\n", __func__
,
875 return SEND_CREDS_NOTSK
;
876 return SEND_CREDS_FAIL
;
879 return SEND_CREDS_OK
;
882 static bool recv_creds(int sock
, struct ucred
*cred
, char *v
)
884 struct msghdr msg
= { 0 };
886 struct cmsghdr
*cmsg
;
887 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
900 if (setsockopt(sock
, SOL_SOCKET
, SO_PASSCRED
, &optval
, sizeof(optval
)) == -1) {
901 fprintf(stderr
, "Failed to set passcred: %s\n", strerror(errno
));
905 if (write(sock
, buf
, 1) != 1) {
906 fprintf(stderr
, "Failed to start write on scm fd: %s\n", strerror(errno
));
912 msg
.msg_control
= cmsgbuf
;
913 msg
.msg_controllen
= sizeof(cmsgbuf
);
916 iov
.iov_len
= sizeof(buf
);
924 if (select(sock
+1, &rfds
, NULL
, NULL
, &tv
) <= 0) {
925 fprintf(stderr
, "Failed to select for scm_cred: %s\n",
929 ret
= recvmsg(sock
, &msg
, MSG_DONTWAIT
);
931 fprintf(stderr
, "Failed to receive scm_cred: %s\n",
936 cmsg
= CMSG_FIRSTHDR(&msg
);
938 if (cmsg
&& cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
)) &&
939 cmsg
->cmsg_level
== SOL_SOCKET
&&
940 cmsg
->cmsg_type
== SCM_CREDENTIALS
) {
941 memcpy(cred
, CMSG_DATA(cmsg
), sizeof(*cred
));
950 * pid_to_ns - reads pids from a ucred over a socket, then writes the
951 * int value back over the socket. This shifts the pid from the
952 * sender's pidns into tpid's pidns.
954 static void pid_to_ns(int sock
, pid_t tpid
)
959 while (recv_creds(sock
, &cred
, &v
)) {
962 if (write(sock
, &cred
.pid
, sizeof(pid_t
)) != sizeof(pid_t
))
969 * pid_to_ns_wrapper: when you setns into a pidns, you yourself remain
970 * in your old pidns. Only children which you fork will be in the target
971 * pidns. So the pid_to_ns_wrapper does the setns, then forks a child to
972 * actually convert pids
974 static void pid_to_ns_wrapper(int sock
, pid_t tpid
)
976 int newnsfd
= -1, ret
, cpipe
[2];
983 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", tpid
);
984 if (ret
< 0 || ret
>= sizeof(fnam
))
986 newnsfd
= open(fnam
, O_RDONLY
);
989 if (setns(newnsfd
, 0) < 0)
1004 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
1005 fprintf(stderr
, "%s (child): erorr on write: %s\n",
1006 __func__
, strerror(errno
));
1009 pid_to_ns(sock
, tpid
);
1011 // give the child 1 second to be done forking and
1014 FD_SET(cpipe
[0], &s
);
1017 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
1020 ret
= read(cpipe
[0], &v
, 1);
1021 if (ret
!= sizeof(char) || v
!= '1') {
1025 if (!wait_for_pid(cpid
))
1030 kill(cpid
, SIGKILL
);
1036 * To read cgroup files with a particular pid, we will setns into the child
1037 * pidns, open a pipe, fork a child - which will be the first to really be in
1038 * the child ns - which does the cgfs_get_value and writes the data to the pipe.
1040 static bool do_read_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, char **d
)
1042 int sock
[2] = {-1, -1};
1043 char *tmpdata
= NULL
;
1045 pid_t qpid
, cpid
= -1;
1046 bool answer
= false;
1050 size_t sz
= 0, asz
= 0;
1053 if (!cgfs_get_value(contrl
, cg
, file
, &tmpdata
))
1057 * Now we read the pids from returned data one by one, pass
1058 * them into a child in the target namespace, read back the
1059 * translated pids, and put them into our to-return data
1062 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
1063 perror("socketpair");
1073 pid_to_ns_wrapper(sock
[1], tpid
);
1075 char *ptr
= tmpdata
;
1078 while (sscanf(ptr
, "%d\n", &qpid
) == 1) {
1080 ret
= send_creds(sock
[0], &cred
, v
, true);
1082 if (ret
== SEND_CREDS_NOTSK
)
1084 if (ret
== SEND_CREDS_FAIL
)
1087 // read converted results
1089 FD_SET(sock
[0], &s
);
1092 ret
= select(sock
[0]+1, &s
, NULL
, NULL
, &tv
);
1094 fprintf(stderr
, "%s: select error waiting for pid from child: %s\n",
1095 __func__
, strerror(errno
));
1098 if (read(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
1099 fprintf(stderr
, "%s: error reading pid from child: %s\n",
1100 __func__
, strerror(errno
));
1103 must_strcat_pid(d
, &sz
, &asz
, qpid
);
1105 ptr
= strchr(ptr
, '\n');
1111 cred
.pid
= getpid();
1113 if (send_creds(sock
[0], &cred
, v
, true) != SEND_CREDS_OK
) {
1114 // failed to ask child to exit
1115 fprintf(stderr
, "%s: failed to ask child to exit: %s\n",
1116 __func__
, strerror(errno
));
1126 if (sock
[0] != -1) {
1133 static int cg_read(const char *path
, char *buf
, size_t size
, off_t offset
,
1134 struct fuse_file_info
*fi
)
1136 struct fuse_context
*fc
= fuse_get_context();
1137 struct file_info
*f
= (struct file_info
*)fi
->fh
;
1138 struct cgfs_files
*k
= NULL
;
1143 if (f
->type
!= LXC_TYPE_CGFILE
) {
1144 fprintf(stderr
, "Internal error: directory cache info used in cg_read\n");
1157 if ((k
= cgfs_get_key(f
->controller
, f
->cgroup
, f
->file
)) == NULL
) {
1163 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_RDONLY
)) { // should never get here
1168 if (strcmp(f
->file
, "tasks") == 0 ||
1169 strcmp(f
->file
, "/tasks") == 0 ||
1170 strcmp(f
->file
, "/cgroup.procs") == 0 ||
1171 strcmp(f
->file
, "cgroup.procs") == 0)
1172 // special case - we have to translate the pids
1173 r
= do_read_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, &data
);
1175 r
= cgfs_get_value(f
->controller
, f
->cgroup
, f
->file
, &data
);
1189 memcpy(buf
, data
, s
);
1190 if (s
> 0 && s
< size
&& data
[s
-1] != '\n')
1200 static void pid_from_ns(int sock
, pid_t tpid
)
1216 ret
= select(sock
+1, &s
, NULL
, NULL
, &tv
);
1218 fprintf(stderr
, "%s: bad select before read from parent: %s\n",
1219 __func__
, strerror(errno
));
1222 if ((ret
= read(sock
, &vpid
, sizeof(pid_t
))) != sizeof(pid_t
)) {
1223 fprintf(stderr
, "%s: bad read from parent: %s\n",
1224 __func__
, strerror(errno
));
1227 if (vpid
== -1) // done
1231 if (send_creds(sock
, &cred
, v
, true) != SEND_CREDS_OK
) {
1233 cred
.pid
= getpid();
1234 if (send_creds(sock
, &cred
, v
, false) != SEND_CREDS_OK
)
1241 static void pid_from_ns_wrapper(int sock
, pid_t tpid
)
1243 int newnsfd
= -1, ret
, cpipe
[2];
1250 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", tpid
);
1251 if (ret
< 0 || ret
>= sizeof(fnam
))
1253 newnsfd
= open(fnam
, O_RDONLY
);
1256 if (setns(newnsfd
, 0) < 0)
1260 if (pipe(cpipe
) < 0)
1272 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
1273 fprintf(stderr
, "%s (child): erorr on write: %s\n",
1274 __func__
, strerror(errno
));
1277 pid_from_ns(sock
, tpid
);
1280 // give the child 1 second to be done forking and
1283 FD_SET(cpipe
[0], &s
);
1286 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
1289 ret
= read(cpipe
[0], &v
, 1);
1290 if (ret
!= sizeof(char) || v
!= '1') {
1294 if (!wait_for_pid(cpid
))
1299 kill(cpid
, SIGKILL
);
1304 static bool do_write_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, const char *buf
)
1306 int sock
[2] = {-1, -1};
1307 pid_t qpid
, cpid
= -1;
1308 FILE *pids_file
= NULL
;
1309 bool answer
= false, fail
= false;
1311 pids_file
= open_pids_file(contrl
, cg
);
1316 * write the pids to a socket, have helper in writer's pidns
1317 * call movepid for us
1319 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
1320 perror("socketpair");
1328 if (!cpid
) { // child
1330 pid_from_ns_wrapper(sock
[1], tpid
);
1333 const char *ptr
= buf
;
1334 while (sscanf(ptr
, "%d", &qpid
) == 1) {
1338 if (write(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
1339 fprintf(stderr
, "%s: error writing pid to child: %s\n",
1340 __func__
, strerror(errno
));
1344 if (recv_creds(sock
[0], &cred
, &v
)) {
1346 if (fprintf(pids_file
, "%d", (int) cred
.pid
) < 0)
1351 ptr
= strchr(ptr
, '\n');
1357 /* All good, write the value */
1359 if (write(sock
[0], &qpid
,sizeof(qpid
)) != sizeof(qpid
))
1360 fprintf(stderr
, "Warning: failed to ask child to exit\n");
1368 if (sock
[0] != -1) {
1373 if (fclose(pids_file
) != 0)
1379 int cg_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
1380 struct fuse_file_info
*fi
)
1382 struct fuse_context
*fc
= fuse_get_context();
1383 char *localbuf
= NULL
;
1384 struct cgfs_files
*k
= NULL
;
1385 struct file_info
*f
= (struct file_info
*)fi
->fh
;
1388 if (f
->type
!= LXC_TYPE_CGFILE
) {
1389 fprintf(stderr
, "Internal error: directory cache info used in cg_write\n");
1399 localbuf
= alloca(size
+1);
1400 localbuf
[size
] = '\0';
1401 memcpy(localbuf
, buf
, size
);
1403 if ((k
= cgfs_get_key(f
->controller
, f
->cgroup
, f
->file
)) == NULL
) {
1408 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_WRONLY
)) {
1413 if (strcmp(f
->file
, "tasks") == 0 ||
1414 strcmp(f
->file
, "/tasks") == 0 ||
1415 strcmp(f
->file
, "/cgroup.procs") == 0 ||
1416 strcmp(f
->file
, "cgroup.procs") == 0)
1417 // special case - we have to translate the pids
1418 r
= do_write_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, localbuf
);
1420 r
= cgfs_set_value(f
->controller
, f
->cgroup
, f
->file
, localbuf
);
1430 int cg_chown(const char *path
, uid_t uid
, gid_t gid
)
1432 struct fuse_context
*fc
= fuse_get_context();
1433 char *cgdir
= NULL
, *fpath
= NULL
, *path1
, *path2
, *controller
;
1434 struct cgfs_files
*k
= NULL
;
1441 if (strcmp(path
, "/cgroup") == 0)
1444 controller
= pick_controller_from_path(fc
, path
);
1447 cgroup
= find_cgroup_in_path(path
);
1449 /* this is just /cgroup/controller */
1452 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1462 if (is_child_cgroup(controller
, path1
, path2
)) {
1463 // get uid, gid, from '/tasks' file and make up a mode
1464 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1465 k
= cgfs_get_key(controller
, cgroup
, "tasks");
1468 k
= cgfs_get_key(controller
, path1
, path2
);
1476 * This being a fuse request, the uid and gid must be valid
1477 * in the caller's namespace. So we can just check to make
1478 * sure that the caller is root in his uid, and privileged
1479 * over the file's current owner.
1481 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_REQD
)) {
1486 if (!cgfs_chown_file(controller
, cgroup
, uid
, gid
)) {
1500 int cg_chmod(const char *path
, mode_t mode
)
1502 struct fuse_context
*fc
= fuse_get_context();
1503 char * cgdir
= NULL
, *fpath
= NULL
, *path1
, *path2
, *controller
;
1504 struct cgfs_files
*k
= NULL
;
1511 if (strcmp(path
, "/cgroup") == 0)
1514 controller
= pick_controller_from_path(fc
, path
);
1517 cgroup
= find_cgroup_in_path(path
);
1519 /* this is just /cgroup/controller */
1522 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1532 if (is_child_cgroup(controller
, path1
, path2
)) {
1533 // get uid, gid, from '/tasks' file and make up a mode
1534 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1535 k
= cgfs_get_key(controller
, cgroup
, "tasks");
1538 k
= cgfs_get_key(controller
, path1
, path2
);
1546 * This being a fuse request, the uid and gid must be valid
1547 * in the caller's namespace. So we can just check to make
1548 * sure that the caller is root in his uid, and privileged
1549 * over the file's current owner.
1551 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
)) {
1556 if (!cgfs_chmod_file(controller
, cgroup
, mode
)) {
1568 int cg_mkdir(const char *path
, mode_t mode
)
1570 struct fuse_context
*fc
= fuse_get_context();
1571 char *fpath
= NULL
, *path1
, *cgdir
= NULL
, *controller
;
1579 controller
= pick_controller_from_path(fc
, path
);
1583 cgroup
= find_cgroup_in_path(path
);
1587 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1593 if (!fc_may_access(fc
, controller
, path1
, NULL
, O_RDWR
)) {
1597 if (!caller_is_in_ancestor(fc
->pid
, controller
, path1
, NULL
)) {
1602 if (fc
->uid
== 0 && fc
->gid
== 0) {
1603 if (!cgfs_create(controller
, cgroup
)) {
1608 if (setresuid(fc
->uid
, fc
->gid
, 0) < 0) { // bail
1609 fprintf(stderr
, "ERROR - DANGER - setresuid failed!\n");
1613 bool bret
= cgfs_create(controller
, cgroup
);
1615 if (setresuid(0, 0, 0) < 0) {
1616 fprintf(stderr
, "ERROR - failed to restore uids!\n");
1632 static int cg_rmdir(const char *path
)
1634 struct fuse_context
*fc
= fuse_get_context();
1635 char *fpath
= NULL
, *cgdir
= NULL
, *controller
;
1642 controller
= pick_controller_from_path(fc
, path
);
1646 cgroup
= find_cgroup_in_path(path
);
1650 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1656 fprintf(stderr
, "rmdir: verifying access to %s:%s (req path %s)\n",
1657 controller
, cgdir
, path
);
1658 if (!fc_may_access(fc
, controller
, cgdir
, NULL
, O_WRONLY
)) {
1662 if (!caller_is_in_ancestor(fc
->pid
, controller
, cgroup
, NULL
)) {
1667 if (!cgfs_remove(controller
, cgroup
)) {
1679 static bool startswith(const char *line
, const char *pref
)
1681 if (strncmp(line
, pref
, strlen(pref
)) == 0)
1686 static void get_mem_cached(char *memstat
, unsigned long *v
)
1692 if (startswith(memstat
, "total_cache")) {
1693 sscanf(memstat
+ 11, "%lu", v
);
1697 eol
= strchr(memstat
, '\n');
1704 static void get_blkio_io_value(char *str
, unsigned major
, unsigned minor
, char *iotype
, unsigned long *v
)
1710 snprintf(key
, 32, "%u:%u %s", major
, minor
, iotype
);
1712 size_t len
= strlen(key
);
1716 if (startswith(str
, key
)) {
1717 sscanf(str
+ len
, "%lu", v
);
1720 eol
= strchr(str
, '\n');
1727 static int read_file(const char *path
, char *buf
, size_t size
,
1728 struct file_info
*d
)
1730 size_t linelen
= 0, total_len
= 0, rv
= 0;
1732 char *cache
= d
->buf
;
1733 size_t cache_size
= d
->buflen
;
1734 FILE *f
= fopen(path
, "r");
1738 while (getline(&line
, &linelen
, f
) != -1) {
1739 size_t l
= snprintf(cache
, cache_size
, "%s", line
);
1741 perror("Error writing to cache");
1745 if (l
>= cache_size
) {
1746 fprintf(stderr
, "Internal error: truncated write to cache\n");
1750 if (l
< cache_size
) {
1755 cache
+= cache_size
;
1756 total_len
+= cache_size
;
1762 d
->size
= total_len
;
1763 if (total_len
> size
) total_len
= size
;
1765 /* read from off 0 */
1766 memcpy(buf
, d
->buf
, total_len
);
1775 * FUSE ops for /proc
1778 static unsigned long get_memlimit(const char *cgroup
)
1780 char *memlimit_str
= NULL
;
1781 unsigned long memlimit
= -1;
1783 if (cgfs_get_value("memory", cgroup
, "memory.limit_in_bytes", &memlimit_str
))
1784 memlimit
= strtoul(memlimit_str
, NULL
, 10);
1791 static unsigned long get_min_memlimit(const char *cgroup
)
1793 char *copy
= strdupa(cgroup
);
1794 unsigned long memlimit
= 0, retlimit
;
1796 retlimit
= get_memlimit(copy
);
1798 while (strcmp(copy
, "/") != 0) {
1799 copy
= dirname(copy
);
1800 memlimit
= get_memlimit(copy
);
1801 if (memlimit
!= -1 && memlimit
< retlimit
)
1802 retlimit
= memlimit
;
1808 static int proc_meminfo_read(char *buf
, size_t size
, off_t offset
,
1809 struct fuse_file_info
*fi
)
1811 struct fuse_context
*fc
= fuse_get_context();
1812 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1814 char *memusage_str
= NULL
, *memstat_str
= NULL
,
1815 *memswlimit_str
= NULL
, *memswusage_str
= NULL
;
1816 unsigned long memlimit
= 0, memusage
= 0, memswlimit
= 0, memswusage
= 0,
1817 cached
= 0, hosttotal
= 0;
1819 size_t linelen
= 0, total_len
= 0, rv
= 0;
1820 char *cache
= d
->buf
;
1821 size_t cache_size
= d
->buflen
;
1825 if (offset
> d
->size
)
1829 int left
= d
->size
- offset
;
1830 total_len
= left
> size
? size
: left
;
1831 memcpy(buf
, cache
+ offset
, total_len
);
1835 cg
= get_pid_cgroup(fc
->pid
, "memory");
1837 return read_file("/proc/meminfo", buf
, size
, d
);
1839 memlimit
= get_min_memlimit(cg
);
1840 if (!cgfs_get_value("memory", cg
, "memory.usage_in_bytes", &memusage_str
))
1842 if (!cgfs_get_value("memory", cg
, "memory.stat", &memstat_str
))
1845 // Following values are allowed to fail, because swapaccount might be turned
1846 // off for current kernel
1847 if(cgfs_get_value("memory", cg
, "memory.memsw.limit_in_bytes", &memswlimit_str
) &&
1848 cgfs_get_value("memory", cg
, "memory.memsw.usage_in_bytes", &memswusage_str
))
1850 memswlimit
= strtoul(memswlimit_str
, NULL
, 10);
1851 memswusage
= strtoul(memswusage_str
, NULL
, 10);
1856 memusage
= strtoul(memusage_str
, NULL
, 10);
1859 get_mem_cached(memstat_str
, &cached
);
1861 f
= fopen("/proc/meminfo", "r");
1865 while (getline(&line
, &linelen
, f
) != -1) {
1867 char *printme
, lbuf
[100];
1869 memset(lbuf
, 0, 100);
1870 if (startswith(line
, "MemTotal:")) {
1871 sscanf(line
+14, "%lu", &hosttotal
);
1872 if (hosttotal
< memlimit
)
1873 memlimit
= hosttotal
;
1874 snprintf(lbuf
, 100, "MemTotal: %8lu kB\n", memlimit
);
1876 } else if (startswith(line
, "MemFree:")) {
1877 snprintf(lbuf
, 100, "MemFree: %8lu kB\n", memlimit
- memusage
);
1879 } else if (startswith(line
, "MemAvailable:")) {
1880 snprintf(lbuf
, 100, "MemAvailable: %8lu kB\n", memlimit
- memusage
);
1882 } else if (startswith(line
, "SwapTotal:") && memswlimit
> 0) {
1883 snprintf(lbuf
, 100, "SwapTotal: %8lu kB\n", memswlimit
- memlimit
);
1885 } else if (startswith(line
, "SwapFree:") && memswlimit
> 0 && memswusage
> 0) {
1886 snprintf(lbuf
, 100, "SwapFree: %8lu kB\n",
1887 (memswlimit
- memlimit
) - (memswusage
- memusage
));
1889 } else if (startswith(line
, "Buffers:")) {
1890 snprintf(lbuf
, 100, "Buffers: %8lu kB\n", 0UL);
1892 } else if (startswith(line
, "Cached:")) {
1893 snprintf(lbuf
, 100, "Cached: %8lu kB\n", cached
);
1895 } else if (startswith(line
, "SwapCached:")) {
1896 snprintf(lbuf
, 100, "SwapCached: %8lu kB\n", 0UL);
1901 l
= snprintf(cache
, cache_size
, "%s", printme
);
1903 perror("Error writing to cache");
1908 if (l
>= cache_size
) {
1909 fprintf(stderr
, "Internal error: truncated write to cache\n");
1920 d
->size
= total_len
;
1921 if (total_len
> size
) total_len
= size
;
1922 memcpy(buf
, d
->buf
, total_len
);
1931 free(memswlimit_str
);
1932 free(memswusage_str
);
1938 * Read the cpuset.cpus for cg
1939 * Return the answer in a newly allocated string which must be freed
1941 static char *get_cpuset(const char *cg
)
1945 if (!cgfs_get_value("cpuset", cg
, "cpuset.cpus", &answer
))
1950 bool cpu_in_cpuset(int cpu
, const char *cpuset
);
1952 static bool cpuline_in_cpuset(const char *line
, const char *cpuset
)
1956 if (sscanf(line
, "processor : %d", &cpu
) != 1)
1958 return cpu_in_cpuset(cpu
, cpuset
);
1962 * check whether this is a '^processor" line in /proc/cpuinfo
1964 static bool is_processor_line(const char *line
)
1968 if (sscanf(line
, "processor : %d", &cpu
) == 1)
1973 static int proc_cpuinfo_read(char *buf
, size_t size
, off_t offset
,
1974 struct fuse_file_info
*fi
)
1976 struct fuse_context
*fc
= fuse_get_context();
1977 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1979 char *cpuset
= NULL
;
1981 size_t linelen
= 0, total_len
= 0, rv
= 0;
1982 bool am_printing
= false;
1984 char *cache
= d
->buf
;
1985 size_t cache_size
= d
->buflen
;
1989 if (offset
> d
->size
)
1993 int left
= d
->size
- offset
;
1994 total_len
= left
> size
? size
: left
;
1995 memcpy(buf
, cache
+ offset
, total_len
);
1999 cg
= get_pid_cgroup(fc
->pid
, "cpuset");
2001 return read_file("proc/cpuinfo", buf
, size
, d
);
2003 cpuset
= get_cpuset(cg
);
2007 f
= fopen("/proc/cpuinfo", "r");
2011 while (getline(&line
, &linelen
, f
) != -1) {
2013 if (is_processor_line(line
)) {
2014 am_printing
= cpuline_in_cpuset(line
, cpuset
);
2017 l
= snprintf(cache
, cache_size
, "processor : %d\n", curcpu
);
2019 perror("Error writing to cache");
2023 if (l
>= cache_size
) {
2024 fprintf(stderr
, "Internal error: truncated write to cache\n");
2028 if (l
< cache_size
){
2033 cache
+= cache_size
;
2034 total_len
+= cache_size
;
2042 l
= snprintf(cache
, cache_size
, "%s", line
);
2044 perror("Error writing to cache");
2048 if (l
>= cache_size
) {
2049 fprintf(stderr
, "Internal error: truncated write to cache\n");
2053 if (l
< cache_size
) {
2058 cache
+= cache_size
;
2059 total_len
+= cache_size
;
2067 d
->size
= total_len
;
2068 if (total_len
> size
) total_len
= size
;
2070 /* read from off 0 */
2071 memcpy(buf
, d
->buf
, total_len
);
2082 static int proc_stat_read(char *buf
, size_t size
, off_t offset
,
2083 struct fuse_file_info
*fi
)
2085 struct fuse_context
*fc
= fuse_get_context();
2086 struct file_info
*d
= (struct file_info
*)fi
->fh
;
2088 char *cpuset
= NULL
;
2090 size_t linelen
= 0, total_len
= 0, rv
= 0;
2091 int curcpu
= -1; /* cpu numbering starts at 0 */
2092 unsigned long user
= 0, nice
= 0, system
= 0, idle
= 0, iowait
= 0, irq
= 0, softirq
= 0, steal
= 0, guest
= 0;
2093 unsigned long user_sum
= 0, nice_sum
= 0, system_sum
= 0, idle_sum
= 0, iowait_sum
= 0,
2094 irq_sum
= 0, softirq_sum
= 0, steal_sum
= 0, guest_sum
= 0;
2095 #define CPUALL_MAX_SIZE BUF_RESERVE_SIZE
2096 char cpuall
[CPUALL_MAX_SIZE
];
2097 /* reserve for cpu all */
2098 char *cache
= d
->buf
+ CPUALL_MAX_SIZE
;
2099 size_t cache_size
= d
->buflen
- CPUALL_MAX_SIZE
;
2103 if (offset
> d
->size
)
2107 int left
= d
->size
- offset
;
2108 total_len
= left
> size
? size
: left
;
2109 memcpy(buf
, d
->buf
+ offset
, total_len
);
2113 cg
= get_pid_cgroup(fc
->pid
, "cpuset");
2115 return read_file("/proc/stat", buf
, size
, d
);
2117 cpuset
= get_cpuset(cg
);
2121 f
= fopen("/proc/stat", "r");
2126 if (getline(&line
, &linelen
, f
) < 0) {
2127 fprintf(stderr
, "proc_stat_read read first line failed\n");
2131 while (getline(&line
, &linelen
, f
) != -1) {
2134 char cpu_char
[10]; /* That's a lot of cores */
2137 if (sscanf(line
, "cpu%9[^ ]", cpu_char
) != 1) {
2138 /* not a ^cpuN line containing a number N, just print it */
2139 l
= snprintf(cache
, cache_size
, "%s", line
);
2141 perror("Error writing to cache");
2145 if (l
>= cache_size
) {
2146 fprintf(stderr
, "Internal error: truncated write to cache\n");
2150 if (l
< cache_size
) {
2156 //no more space, break it
2157 cache
+= cache_size
;
2158 total_len
+= cache_size
;
2164 if (sscanf(cpu_char
, "%d", &cpu
) != 1)
2166 if (!cpu_in_cpuset(cpu
, cpuset
))
2170 c
= strchr(line
, ' ');
2173 l
= snprintf(cache
, cache_size
, "cpu%d%s", curcpu
, c
);
2175 perror("Error writing to cache");
2180 if (l
>= cache_size
) {
2181 fprintf(stderr
, "Internal error: truncated write to cache\n");
2190 if (sscanf(line
, "%*s %lu %lu %lu %lu %lu %lu %lu %lu %lu", &user
, &nice
, &system
, &idle
, &iowait
, &irq
,
2191 &softirq
, &steal
, &guest
) != 9)
2195 system_sum
+= system
;
2197 iowait_sum
+= iowait
;
2199 softirq_sum
+= softirq
;
2206 int cpuall_len
= snprintf(cpuall
, CPUALL_MAX_SIZE
, "%s %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
2207 "cpu ", user_sum
, nice_sum
, system_sum
, idle_sum
, iowait_sum
, irq_sum
, softirq_sum
, steal_sum
, guest_sum
);
2208 if (cpuall_len
> 0 && cpuall_len
< CPUALL_MAX_SIZE
){
2209 memcpy(cache
, cpuall
, cpuall_len
);
2210 cache
+= cpuall_len
;
2212 /* shouldn't happen */
2213 fprintf(stderr
, "proc_stat_read copy cpuall failed, cpuall_len=%d\n", cpuall_len
);
2217 memmove(cache
, d
->buf
+ CPUALL_MAX_SIZE
, total_len
);
2218 total_len
+= cpuall_len
;
2220 d
->size
= total_len
;
2221 if (total_len
> size
) total_len
= size
;
2223 memcpy(buf
, d
->buf
, total_len
);
2236 * How to guess what to present for uptime?
2237 * One thing we could do would be to take the date on the caller's
2238 * memory.usage_in_bytes file, which should equal the time of creation
2239 * of his cgroup. However, a task could be in a sub-cgroup of the
2240 * container. The same problem exists if we try to look at the ages
2241 * of processes in the caller's cgroup.
2243 * So we'll fork a task that will enter the caller's pidns, mount a
2244 * fresh procfs, get the age of /proc/1, and pass that back over a pipe.
2246 * For the second uptime #, we'll do as Stéphane had done, just copy
2247 * the number from /proc/uptime. Not sure how to best emulate 'idle'
2248 * time. Maybe someone can come up with a good algorithm and submit a
2249 * patch. Maybe something based on cpushare info?
2252 /* return age of the reaper for $pid, taken from ctime of its procdir */
2253 static long int get_pid1_time(pid_t pid
)
2256 int fd
, cpipe
[2], ret
;
2263 if (unshare(CLONE_NEWNS
))
2266 if (mount(NULL
, "/", NULL
, MS_SLAVE
|MS_REC
, NULL
)) {
2267 perror("rslave mount failed");
2271 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", pid
);
2272 if (ret
< 0 || ret
>= sizeof(fnam
))
2275 fd
= open(fnam
, O_RDONLY
);
2277 perror("get_pid1_time open of ns/pid");
2281 perror("get_pid1_time setns 1");
2287 if (pipe(cpipe
) < 0)
2298 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
2299 fprintf(stderr
, "%s (child): erorr on write: %s\n",
2300 __func__
, strerror(errno
));
2303 umount2("/proc", MNT_DETACH
);
2304 if (mount("proc", "/proc", "proc", 0, NULL
)) {
2305 perror("get_pid1_time mount");
2308 ret
= lstat("/proc/1", &sb
);
2310 perror("get_pid1_time lstat");
2313 return time(NULL
) - sb
.st_ctime
;
2316 // give the child 1 second to be done forking and
2319 FD_SET(cpipe
[0], &s
);
2322 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
2325 ret
= read(cpipe
[0], &v
, 1);
2326 if (ret
!= sizeof(char) || v
!= '1') {
2334 kill(cpid
, SIGKILL
);
2339 static long int getreaperage(pid_t qpid
)
2341 int pid
, mypipe
[2], ret
;
2344 long int mtime
, answer
= 0;
2352 if (!pid
) { // child
2353 mtime
= get_pid1_time(qpid
);
2354 if (write(mypipe
[1], &mtime
, sizeof(mtime
)) != sizeof(mtime
))
2355 fprintf(stderr
, "Warning: bad write from getreaperage\n");
2361 FD_SET(mypipe
[0], &s
);
2364 ret
= select(mypipe
[0]+1, &s
, NULL
, NULL
, &tv
);
2370 fprintf(stderr
, "timed out\n");
2373 if (read(mypipe
[0], &mtime
, sizeof(mtime
)) != sizeof(mtime
)) {
2386 * fork a task which switches to @task's namespace and writes '1'.
2387 * over a unix sock so we can read the task's reaper's pid in our
2390 void write_task_init_pid_exit(int sock
, pid_t target
)
2398 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", (int)target
);
2399 if (ret
< 0 || ret
>= sizeof(fnam
))
2402 fd
= open(fnam
, O_RDONLY
);
2404 perror("get_pid1_time open of ns/pid");
2408 perror("get_pid1_time setns 1");
2420 /* we are the child */
2425 send_creds(sock
, &cred
, v
, true);
2429 static pid_t
get_task_reaper_pid(pid_t task
)
2437 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
2438 perror("socketpair");
2447 write_task_init_pid_exit(sock
[0], task
);
2450 if (!recv_creds(sock
[1], &cred
, &v
))
2460 static unsigned long get_reaper_busy(pid_t task
)
2462 pid_t init
= get_task_reaper_pid(task
);
2463 char *cgroup
= NULL
, *usage_str
= NULL
;
2464 unsigned long usage
= 0;
2469 cgroup
= get_pid_cgroup(task
, "cpuacct");
2472 if (!cgfs_get_value("cpuacct", cgroup
, "cpuacct.usage", &usage_str
))
2474 usage
= strtoul(usage_str
, NULL
, 10);
2484 * We read /proc/uptime and reuse its second field.
2485 * For the first field, we use the mtime for the reaper for
2486 * the calling pid as returned by getreaperage
2488 static int proc_uptime_read(char *buf
, size_t size
, off_t offset
,
2489 struct fuse_file_info
*fi
)
2491 struct fuse_context
*fc
= fuse_get_context();
2492 struct file_info
*d
= (struct file_info
*)fi
->fh
;
2493 long int reaperage
= getreaperage(fc
->pid
);;
2494 unsigned long int busytime
= get_reaper_busy(fc
->pid
), idletime
;
2495 char *cache
= d
->buf
;
2496 size_t total_len
= 0;
2499 if (offset
> d
->size
)
2503 int left
= d
->size
- offset
;
2504 total_len
= left
> size
? size
: left
;
2505 memcpy(buf
, cache
+ offset
, total_len
);
2509 idletime
= reaperage
- busytime
;
2510 if (idletime
> reaperage
)
2511 idletime
= reaperage
;
2513 total_len
= snprintf(d
->buf
, d
->size
, "%ld.0 %lu.0\n", reaperage
, idletime
);
2515 perror("Error writing to cache");
2519 d
->size
= (int)total_len
;
2522 if (total_len
> size
) total_len
= size
;
2524 memcpy(buf
, d
->buf
, total_len
);
2528 static int proc_diskstats_read(char *buf
, size_t size
, off_t offset
,
2529 struct fuse_file_info
*fi
)
2532 struct fuse_context
*fc
= fuse_get_context();
2533 struct file_info
*d
= (struct file_info
*)fi
->fh
;
2535 char *io_serviced_str
= NULL
, *io_merged_str
= NULL
, *io_service_bytes_str
= NULL
,
2536 *io_wait_time_str
= NULL
, *io_service_time_str
= NULL
;
2537 unsigned long read
= 0, write
= 0;
2538 unsigned long read_merged
= 0, write_merged
= 0;
2539 unsigned long read_sectors
= 0, write_sectors
= 0;
2540 unsigned long read_ticks
= 0, write_ticks
= 0;
2541 unsigned long ios_pgr
= 0, tot_ticks
= 0, rq_ticks
= 0;
2542 unsigned long rd_svctm
= 0, wr_svctm
= 0, rd_wait
= 0, wr_wait
= 0;
2543 char *cache
= d
->buf
;
2544 size_t cache_size
= d
->buflen
;
2546 size_t linelen
= 0, total_len
= 0, rv
= 0;
2547 unsigned int major
= 0, minor
= 0;
2552 if (offset
> d
->size
)
2556 int left
= d
->size
- offset
;
2557 total_len
= left
> size
? size
: left
;
2558 memcpy(buf
, cache
+ offset
, total_len
);
2562 cg
= get_pid_cgroup(fc
->pid
, "blkio");
2564 return read_file("/proc/diskstats", buf
, size
, d
);
2566 if (!cgfs_get_value("blkio", cg
, "blkio.io_serviced", &io_serviced_str
))
2568 if (!cgfs_get_value("blkio", cg
, "blkio.io_merged", &io_merged_str
))
2570 if (!cgfs_get_value("blkio", cg
, "blkio.io_service_bytes", &io_service_bytes_str
))
2572 if (!cgfs_get_value("blkio", cg
, "blkio.io_wait_time", &io_wait_time_str
))
2574 if (!cgfs_get_value("blkio", cg
, "blkio.io_service_time", &io_service_time_str
))
2578 f
= fopen("/proc/diskstats", "r");
2582 while (getline(&line
, &linelen
, f
) != -1) {
2584 char *printme
, lbuf
[256];
2586 i
= sscanf(line
, "%u %u %71s", &major
, &minor
, dev_name
);
2588 get_blkio_io_value(io_serviced_str
, major
, minor
, "Read", &read
);
2589 get_blkio_io_value(io_serviced_str
, major
, minor
, "Write", &write
);
2590 get_blkio_io_value(io_merged_str
, major
, minor
, "Read", &read_merged
);
2591 get_blkio_io_value(io_merged_str
, major
, minor
, "Write", &write_merged
);
2592 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Read", &read_sectors
);
2593 read_sectors
= read_sectors
/512;
2594 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Write", &write_sectors
);
2595 write_sectors
= write_sectors
/512;
2597 get_blkio_io_value(io_service_time_str
, major
, minor
, "Read", &rd_svctm
);
2598 rd_svctm
= rd_svctm
/1000000;
2599 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Read", &rd_wait
);
2600 rd_wait
= rd_wait
/1000000;
2601 read_ticks
= rd_svctm
+ rd_wait
;
2603 get_blkio_io_value(io_service_time_str
, major
, minor
, "Write", &wr_svctm
);
2604 wr_svctm
= wr_svctm
/1000000;
2605 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Write", &wr_wait
);
2606 wr_wait
= wr_wait
/1000000;
2607 write_ticks
= wr_svctm
+ wr_wait
;
2609 get_blkio_io_value(io_service_time_str
, major
, minor
, "Total", &tot_ticks
);
2610 tot_ticks
= tot_ticks
/1000000;
2615 memset(lbuf
, 0, 256);
2616 if (read
|| write
|| read_merged
|| write_merged
|| read_sectors
|| write_sectors
|| read_ticks
|| write_ticks
) {
2617 snprintf(lbuf
, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
2618 major
, minor
, dev_name
, read
, read_merged
, read_sectors
, read_ticks
,
2619 write
, write_merged
, write_sectors
, write_ticks
, ios_pgr
, tot_ticks
, rq_ticks
);
2624 l
= snprintf(cache
, cache_size
, "%s", printme
);
2626 perror("Error writing to fuse buf");
2630 if (l
>= cache_size
) {
2631 fprintf(stderr
, "Internal error: truncated write to cache\n");
2641 d
->size
= total_len
;
2642 if (total_len
> size
) total_len
= size
;
2643 memcpy(buf
, d
->buf
, total_len
);
2651 free(io_serviced_str
);
2652 free(io_merged_str
);
2653 free(io_service_bytes_str
);
2654 free(io_wait_time_str
);
2655 free(io_service_time_str
);
2659 static off_t
get_procfile_size(const char *which
)
2661 FILE *f
= fopen(which
, "r");
2664 ssize_t sz
, answer
= 0;
2668 while ((sz
= getline(&line
, &len
, f
)) != -1)
2676 static int proc_getattr(const char *path
, struct stat
*sb
)
2678 struct timespec now
;
2680 memset(sb
, 0, sizeof(struct stat
));
2681 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
2683 sb
->st_uid
= sb
->st_gid
= 0;
2684 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
2685 if (strcmp(path
, "/proc") == 0) {
2686 sb
->st_mode
= S_IFDIR
| 00555;
2690 if (strcmp(path
, "/proc/meminfo") == 0 ||
2691 strcmp(path
, "/proc/cpuinfo") == 0 ||
2692 strcmp(path
, "/proc/uptime") == 0 ||
2693 strcmp(path
, "/proc/stat") == 0 ||
2694 strcmp(path
, "/proc/diskstats") == 0) {
2696 sb
->st_mode
= S_IFREG
| 00444;
2704 static int proc_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
2705 struct fuse_file_info
*fi
)
2707 if (filler(buf
, "cpuinfo", NULL
, 0) != 0 ||
2708 filler(buf
, "meminfo", NULL
, 0) != 0 ||
2709 filler(buf
, "stat", NULL
, 0) != 0 ||
2710 filler(buf
, "uptime", NULL
, 0) != 0 ||
2711 filler(buf
, "diskstats", NULL
, 0) != 0)
2716 static int proc_open(const char *path
, struct fuse_file_info
*fi
)
2719 struct file_info
*info
;
2721 if (strcmp(path
, "/proc/meminfo") == 0)
2722 type
= LXC_TYPE_PROC_MEMINFO
;
2723 else if (strcmp(path
, "/proc/cpuinfo") == 0)
2724 type
= LXC_TYPE_PROC_CPUINFO
;
2725 else if (strcmp(path
, "/proc/uptime") == 0)
2726 type
= LXC_TYPE_PROC_UPTIME
;
2727 else if (strcmp(path
, "/proc/stat") == 0)
2728 type
= LXC_TYPE_PROC_STAT
;
2729 else if (strcmp(path
, "/proc/diskstats") == 0)
2730 type
= LXC_TYPE_PROC_DISKSTATS
;
2734 info
= malloc(sizeof(*info
));
2738 memset(info
, 0, sizeof(*info
));
2741 info
->buflen
= get_procfile_size(path
) + BUF_RESERVE_SIZE
;
2743 info
->buf
= malloc(info
->buflen
);
2744 } while (!info
->buf
);
2745 memset(info
->buf
, 0, info
->buflen
);
2746 /* set actual size to buffer size */
2747 info
->size
= info
->buflen
;
2749 fi
->fh
= (unsigned long)info
;
2753 static int proc_release(const char *path
, struct fuse_file_info
*fi
)
2755 struct file_info
*f
= (struct file_info
*)fi
->fh
;
2757 do_release_file_info(f
);
2761 static int proc_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2762 struct fuse_file_info
*fi
)
2764 struct file_info
*f
= (struct file_info
*) fi
->fh
;
2767 case LXC_TYPE_PROC_MEMINFO
:
2768 return proc_meminfo_read(buf
, size
, offset
, fi
);
2769 case LXC_TYPE_PROC_CPUINFO
:
2770 return proc_cpuinfo_read(buf
, size
, offset
, fi
);
2771 case LXC_TYPE_PROC_UPTIME
:
2772 return proc_uptime_read(buf
, size
, offset
, fi
);
2773 case LXC_TYPE_PROC_STAT
:
2774 return proc_stat_read(buf
, size
, offset
, fi
);
2775 case LXC_TYPE_PROC_DISKSTATS
:
2776 return proc_diskstats_read(buf
, size
, offset
, fi
);
2784 * these just delegate to the /proc and /cgroup ops as
2788 static int lxcfs_getattr(const char *path
, struct stat
*sb
)
2790 if (strcmp(path
, "/") == 0) {
2791 sb
->st_mode
= S_IFDIR
| 00755;
2795 if (strncmp(path
, "/cgroup", 7) == 0) {
2796 return cg_getattr(path
, sb
);
2798 if (strncmp(path
, "/proc", 5) == 0) {
2799 return proc_getattr(path
, sb
);
2804 static int lxcfs_opendir(const char *path
, struct fuse_file_info
*fi
)
2806 if (strcmp(path
, "/") == 0)
2809 if (strncmp(path
, "/cgroup", 7) == 0) {
2810 return cg_opendir(path
, fi
);
2812 if (strcmp(path
, "/proc") == 0)
2817 static int lxcfs_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
2818 struct fuse_file_info
*fi
)
2820 if (strcmp(path
, "/") == 0) {
2821 if (filler(buf
, "proc", NULL
, 0) != 0 ||
2822 filler(buf
, "cgroup", NULL
, 0) != 0)
2826 if (strncmp(path
, "/cgroup", 7) == 0)
2827 return cg_readdir(path
, buf
, filler
, offset
, fi
);
2828 if (strcmp(path
, "/proc") == 0)
2829 return proc_readdir(path
, buf
, filler
, offset
, fi
);
2833 static int lxcfs_releasedir(const char *path
, struct fuse_file_info
*fi
)
2835 if (strcmp(path
, "/") == 0)
2837 if (strncmp(path
, "/cgroup", 7) == 0) {
2838 return cg_releasedir(path
, fi
);
2840 if (strcmp(path
, "/proc") == 0)
2845 static int lxcfs_open(const char *path
, struct fuse_file_info
*fi
)
2847 if (strncmp(path
, "/cgroup", 7) == 0)
2848 return cg_open(path
, fi
);
2849 if (strncmp(path
, "/proc", 5) == 0)
2850 return proc_open(path
, fi
);
2855 static int lxcfs_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2856 struct fuse_file_info
*fi
)
2858 if (strncmp(path
, "/cgroup", 7) == 0)
2859 return cg_read(path
, buf
, size
, offset
, fi
);
2860 if (strncmp(path
, "/proc", 5) == 0)
2861 return proc_read(path
, buf
, size
, offset
, fi
);
2866 int lxcfs_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
2867 struct fuse_file_info
*fi
)
2869 if (strncmp(path
, "/cgroup", 7) == 0) {
2870 return cg_write(path
, buf
, size
, offset
, fi
);
2876 static int lxcfs_flush(const char *path
, struct fuse_file_info
*fi
)
2881 static int lxcfs_release(const char *path
, struct fuse_file_info
*fi
)
2883 if (strncmp(path
, "/cgroup", 7) == 0)
2884 return cg_release(path
, fi
);
2885 if (strncmp(path
, "/proc", 5) == 0)
2886 return proc_release(path
, fi
);
2891 static int lxcfs_fsync(const char *path
, int datasync
, struct fuse_file_info
*fi
)
2896 int lxcfs_mkdir(const char *path
, mode_t mode
)
2898 if (strncmp(path
, "/cgroup", 7) == 0)
2899 return cg_mkdir(path
, mode
);
2904 int lxcfs_chown(const char *path
, uid_t uid
, gid_t gid
)
2906 if (strncmp(path
, "/cgroup", 7) == 0)
2907 return cg_chown(path
, uid
, gid
);
2913 * cat first does a truncate before doing ops->write. This doesn't
2914 * really make sense for cgroups. So just return 0 always but do
2917 int lxcfs_truncate(const char *path
, off_t newsize
)
2919 if (strncmp(path
, "/cgroup", 7) == 0)
2924 int lxcfs_rmdir(const char *path
)
2926 if (strncmp(path
, "/cgroup", 7) == 0)
2927 return cg_rmdir(path
);
2931 int lxcfs_chmod(const char *path
, mode_t mode
)
2933 if (strncmp(path
, "/cgroup", 7) == 0)
2934 return cg_chmod(path
, mode
);
2938 const struct fuse_operations lxcfs_ops
= {
2939 .getattr
= lxcfs_getattr
,
2943 .mkdir
= lxcfs_mkdir
,
2945 .rmdir
= lxcfs_rmdir
,
2949 .chmod
= lxcfs_chmod
,
2950 .chown
= lxcfs_chown
,
2951 .truncate
= lxcfs_truncate
,
2956 .release
= lxcfs_release
,
2957 .write
= lxcfs_write
,
2960 .flush
= lxcfs_flush
,
2961 .fsync
= lxcfs_fsync
,
2966 .removexattr
= NULL
,
2968 .opendir
= lxcfs_opendir
,
2969 .readdir
= lxcfs_readdir
,
2970 .releasedir
= lxcfs_releasedir
,
2981 static void usage(const char *me
)
2983 fprintf(stderr
, "Usage:\n");
2984 fprintf(stderr
, "\n");
2985 fprintf(stderr
, "%s mountpoint\n", me
);
2986 fprintf(stderr
, "%s -h\n", me
);
2990 static bool is_help(char *w
)
2992 if (strcmp(w
, "-h") == 0 ||
2993 strcmp(w
, "--help") == 0 ||
2994 strcmp(w
, "-help") == 0 ||
2995 strcmp(w
, "help") == 0)
3000 void swallow_arg(int *argcp
, char *argv
[], char *which
)
3004 for (i
= 1; argv
[i
]; i
++) {
3005 if (strcmp(argv
[i
], which
) != 0)
3007 for (; argv
[i
]; i
++) {
3008 argv
[i
] = argv
[i
+1];
3015 void swallow_option(int *argcp
, char *argv
[], char *opt
, char *v
)
3019 for (i
= 1; argv
[i
]; i
++) {
3022 if (strcmp(argv
[i
], opt
) != 0)
3024 if (strcmp(argv
[i
+1], v
) != 0) {
3025 fprintf(stderr
, "Warning: unexpected fuse option %s\n", v
);
3028 for (; argv
[i
+1]; i
++) {
3029 argv
[i
] = argv
[i
+2];
3036 int main(int argc
, char *argv
[])
3040 * what we pass to fuse_main is:
3041 * argv[0] -s -f -o allow_other,directio argv[1] NULL
3043 int nargs
= 5, cnt
= 0;
3047 /* for travis which runs on 12.04 */
3048 if (glib_check_version (2, 36, 0) != NULL
)
3052 /* accomodate older init scripts */
3053 swallow_arg(&argc
, argv
, "-s");
3054 swallow_arg(&argc
, argv
, "-f");
3055 swallow_option(&argc
, argv
, "-o", "allow_other");
3057 if (argc
== 2 && strcmp(argv
[1], "--version") == 0) {
3058 fprintf(stderr
, "%s\n", VERSION
);
3061 if (argc
!= 2 || is_help(argv
[1]))
3064 newargv
[cnt
++] = argv
[0];
3065 newargv
[cnt
++] = "-f";
3066 newargv
[cnt
++] = "-o";
3067 newargv
[cnt
++] = "allow_other,direct_io";
3068 newargv
[cnt
++] = argv
[1];
3069 newargv
[cnt
++] = NULL
;
3071 if (!cgfs_setup_controllers())
3074 ret
= fuse_main(nargs
, newargv
, &lxcfs_ops
, NULL
);