3 * Copyright © 2014 Canonical, Inc
4 * Author: Serge Hallyn <serge.hallyn@ubuntu.com>
6 * See COPYING file for details.
10 * NOTES - make sure to run this as -s to avoid threading.
11 * TODO - can we enforce that here from the code?
13 #define FUSE_USE_VERSION 26
27 #include <linux/sched.h>
28 #include <sys/socket.h>
29 #include <sys/mount.h>
32 #include <nih/alloc.h>
33 #include <nih/string.h>
35 #include "cgmanager.h"
39 * a null-terminated, nih-allocated list of the mounted subsystems. We
40 * detect this at startup.
44 #define LXCFS_DATA ((struct lxcfs_state *) fuse_get_context()->private_data)
49 LXC_TYPE_PROC_MEMINFO
,
50 LXC_TYPE_PROC_CPUINFO
,
53 LXC_TYPE_PROC_DISKSTATS
,
61 char *buf
; // unused as of yet
65 static char *must_copy_string(void *parent
, const char *str
)
69 return NIH_MUST( nih_strdup(parent
, str
) );
73 * TODO - return value should denote whether child exited with failure
74 * so callers can return errors. Esp read/write of tasks and cgroup.procs
76 static int wait_for_pid(pid_t pid
)
81 ret
= waitpid(pid
, &status
, 0);
89 if (!WIFEXITED(status
) || WEXITSTATUS(status
) != 0)
95 * Given a open file * to /proc/pid/{u,g}id_map, and an id
96 * valid in the caller's namespace, return the id mapped into
98 * Returns the mapped id, or -1 on error.
101 convert_id_to_ns(FILE *idfile
, unsigned int in_id
)
103 unsigned int nsuid
, // base id for a range in the idfile's namespace
104 hostuid
, // base id for a range in the caller's namespace
105 count
; // number of ids in this range
109 fseek(idfile
, 0L, SEEK_SET
);
110 while (fgets(line
, 400, idfile
)) {
111 ret
= sscanf(line
, "%u %u %u\n", &nsuid
, &hostuid
, &count
);
114 if (hostuid
+ count
< hostuid
|| nsuid
+ count
< nsuid
) {
116 * uids wrapped around - unexpected as this is a procfile,
119 fprintf(stderr
, "pid wrapparound at entry %u %u %u in %s\n",
120 nsuid
, hostuid
, count
, line
);
123 if (hostuid
<= in_id
&& hostuid
+count
> in_id
) {
125 * now since hostuid <= in_id < hostuid+count, and
126 * hostuid+count and nsuid+count do not wrap around,
127 * we know that nsuid+(in_id-hostuid) which must be
128 * less that nsuid+(count) must not wrap around
130 return (in_id
- hostuid
) + nsuid
;
139 * for is_privileged_over,
140 * specify whether we require the calling uid to be root in his
143 #define NS_ROOT_REQD true
144 #define NS_ROOT_OPT false
146 static bool is_privileged_over(pid_t pid
, uid_t uid
, uid_t victim
, bool req_ns_root
)
148 nih_local
char *fpath
= NULL
;
152 if (victim
== -1 || uid
== -1)
156 * If the request is one not requiring root in the namespace,
157 * then having the same uid suffices. (i.e. uid 1000 has write
158 * access to files owned by uid 1000
160 if (!req_ns_root
&& uid
== victim
)
163 fpath
= NIH_MUST( nih_sprintf(NULL
, "/proc/%d/uid_map", pid
) );
164 FILE *f
= fopen(fpath
, "r");
168 /* if caller's not root in his namespace, reject */
169 nsuid
= convert_id_to_ns(f
, uid
);
174 * If victim is not mapped into caller's ns, reject.
175 * XXX I'm not sure this check is needed given that fuse
176 * will be sending requests where the vfs has converted
178 nsuid
= convert_id_to_ns(f
, victim
);
189 static bool perms_include(int fmode
, mode_t req_mode
)
193 switch (req_mode
& O_ACCMODE
) {
201 r
= S_IROTH
| S_IWOTH
;
206 return ((fmode
& r
) == r
);
209 static char *get_next_cgroup_dir(const char *taskcg
, const char *querycg
)
213 if (strlen(taskcg
) <= strlen(querycg
)) {
214 fprintf(stderr
, "%s: I was fed bad input\n", __func__
);
218 if (strcmp(querycg
, "/") == 0)
219 start
= NIH_MUST( nih_strdup(NULL
, taskcg
+ 1) );
221 start
= NIH_MUST( nih_strdup(NULL
, taskcg
+ strlen(querycg
) + 1) );
222 end
= strchr(start
, '/');
229 * check whether a fuse context may access a cgroup dir or file
231 * If file is not null, it is a cgroup file to check under cg.
232 * If file is null, then we are checking perms on cg itself.
234 * For files we can check the mode of the list_keys result.
235 * For cgroups, we must make assumptions based on the files under the
236 * cgroup, because cgmanager doesn't tell us ownership/perms of cgroups
239 static bool fc_may_access(struct fuse_context
*fc
, const char *contrl
, const char *cg
, const char *file
, mode_t mode
)
241 nih_local
struct cgm_keys
**list
= NULL
;
250 if (!cgm_list_keys(contrl
, cg
, &list
))
252 for (i
= 0; list
[i
]; i
++) {
253 if (strcmp(list
[i
]->name
, file
) == 0) {
254 struct cgm_keys
*k
= list
[i
];
255 if (is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
)) {
256 if (perms_include(k
->mode
>> 6, mode
))
259 if (fc
->gid
== k
->gid
) {
260 if (perms_include(k
->mode
>> 3, mode
))
263 return perms_include(k
->mode
, mode
);
270 static void stripnewline(char *x
)
272 size_t l
= strlen(x
);
273 if (l
&& x
[l
-1] == '\n')
278 * If caller is in /a/b/c/d, he may only act on things under cg=/a/b/c/d.
279 * If caller is in /a, he may act on /a/b, but not on /b.
280 * if the answer is false and nextcg is not NULL, then *nextcg will point
281 * to a nih_alloc'd string containing the next cgroup directory under cg
283 static bool caller_is_in_ancestor(pid_t pid
, const char *contrl
, const char *cg
, char **nextcg
)
285 nih_local
char *fnam
= NULL
;
291 fnam
= NIH_MUST( nih_sprintf(NULL
, "/proc/%d/cgroup", pid
) );
292 if (!(f
= fopen(fnam
, "r")))
295 while (getline(&line
, &len
, f
) != -1) {
296 char *c1
, *c2
, *linecmp
;
299 c1
= strchr(line
, ':');
303 c2
= strchr(c1
, ':');
307 if (strcmp(c1
, contrl
) != 0)
312 * callers pass in '/' for root cgroup, otherwise they pass
313 * in a cgroup without leading '/'
315 linecmp
= *cg
== '/' ? c2
: c2
+1;
316 if (strncmp(linecmp
, cg
, strlen(linecmp
)) != 0) {
318 *nextcg
= get_next_cgroup_dir(linecmp
, cg
);
332 * given /cgroup/freezer/a/b, return "freezer". this will be nih-allocated
333 * and needs to be nih_freed.
335 static char *pick_controller_from_path(struct fuse_context
*fc
, const char *path
)
340 if (strlen(path
) < 9)
343 ret
= nih_strdup(NULL
, p1
);
346 slash
= strstr(ret
, "/");
350 /* verify that it is a subsystem */
351 char **list
= LXCFS_DATA
? LXCFS_DATA
->subsystems
: NULL
;
357 for (i
= 0; list
[i
]; i
++) {
358 if (strcmp(list
[i
], ret
) == 0)
366 * Find the start of cgroup in /cgroup/controller/the/cgroup/path
367 * Note that the returned value may include files (keynames) etc
369 static const char *find_cgroup_in_path(const char *path
)
373 if (strlen(path
) < 9)
375 p1
= strstr(path
+8, "/");
381 static bool is_child_cgroup(const char *contr
, const char *dir
, const char *f
)
383 nih_local
char **list
= NULL
;
391 if (!cgm_list_children(contr
, dir
, &list
))
393 for (i
= 0; list
[i
]; i
++) {
394 if (strcmp(list
[i
], f
) == 0)
401 static struct cgm_keys
*get_cgroup_key(const char *contr
, const char *dir
, const char *f
)
403 nih_local
struct cgm_keys
**list
= NULL
;
411 if (!cgm_list_keys(contr
, dir
, &list
))
413 for (i
= 0; list
[i
]; i
++) {
414 if (strcmp(list
[i
]->name
, f
) == 0) {
415 k
= NIH_MUST( nih_alloc(NULL
, (sizeof(*k
))) );
416 k
->name
= NIH_MUST( nih_strdup(k
, list
[i
]->name
) );
417 k
->uid
= list
[i
]->uid
;
418 k
->gid
= list
[i
]->gid
;
419 k
->mode
= list
[i
]->mode
;
427 static void get_cgdir_and_path(const char *cg
, char **dir
, char **file
)
431 *dir
= NIH_MUST( nih_strdup(NULL
, cg
) );
432 *file
= strrchr(cg
, '/');
437 p
= strrchr(*dir
, '/');
441 static size_t get_file_size(const char *contrl
, const char *cg
, const char *f
)
443 nih_local
char *data
= NULL
;
445 if (!cgm_get_value(contrl
, cg
, f
, &data
))
452 * FUSE ops for /cgroup
455 static int cg_getattr(const char *path
, struct stat
*sb
)
458 struct fuse_context
*fc
= fuse_get_context();
459 nih_local
char * cgdir
= NULL
;
460 char *fpath
= NULL
, *path1
, *path2
;
461 nih_local
struct cgm_keys
*k
= NULL
;
463 nih_local
char *controller
= NULL
;
469 memset(sb
, 0, sizeof(struct stat
));
471 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
474 sb
->st_uid
= sb
->st_gid
= 0;
475 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
478 if (strcmp(path
, "/cgroup") == 0) {
479 sb
->st_mode
= S_IFDIR
| 00755;
484 controller
= pick_controller_from_path(fc
, path
);
487 cgroup
= find_cgroup_in_path(path
);
489 /* this is just /cgroup/controller, return it as a dir */
490 sb
->st_mode
= S_IFDIR
| 00755;
495 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
505 /* check that cgcopy is either a child cgroup of cgdir, or listed in its keys.
506 * Then check that caller's cgroup is under path if fpath is a child
507 * cgroup, or cgdir if fpath is a file */
509 if (is_child_cgroup(controller
, path1
, path2
)) {
510 if (!caller_is_in_ancestor(fc
->pid
, controller
, cgroup
, NULL
)) {
511 /* this is just /cgroup/controller, return it as a dir */
512 sb
->st_mode
= S_IFDIR
| 00555;
516 if (!fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
))
519 // get uid, gid, from '/tasks' file and make up a mode
520 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
521 sb
->st_mode
= S_IFDIR
| 00755;
522 k
= get_cgroup_key(controller
, cgroup
, "tasks");
524 sb
->st_uid
= sb
->st_gid
= 0;
533 if ((k
= get_cgroup_key(controller
, path1
, path2
)) != NULL
) {
534 if (!caller_is_in_ancestor(fc
->pid
, controller
, path1
, NULL
))
536 if (!fc_may_access(fc
, controller
, path1
, path2
, O_RDONLY
))
539 sb
->st_mode
= S_IFREG
| k
->mode
;
543 sb
->st_size
= get_file_size(controller
, path1
, path2
);
551 * TODO - cache these results in a table for use in opendir, free
554 static int cg_opendir(const char *path
, struct fuse_file_info
*fi
)
556 struct fuse_context
*fc
= fuse_get_context();
557 nih_local
struct cgm_keys
**list
= NULL
;
559 struct file_info
*dir_info
;
560 nih_local
char *controller
= NULL
;
565 if (strcmp(path
, "/cgroup") == 0) {
569 // return list of keys for the controller, and list of child cgroups
570 controller
= pick_controller_from_path(fc
, path
);
574 cgroup
= find_cgroup_in_path(path
);
576 /* this is just /cgroup/controller, return its contents */
581 if (cgroup
&& !fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
))
584 /* we'll free this at cg_releasedir */
585 dir_info
= NIH_MUST( nih_alloc(NULL
, sizeof(*dir_info
)) );
586 dir_info
->controller
= must_copy_string(dir_info
, controller
);
587 dir_info
->cgroup
= must_copy_string(dir_info
, cgroup
);
588 dir_info
->type
= LXC_TYPE_CGDIR
;
589 dir_info
->buf
= NULL
;
590 dir_info
->file
= NULL
;
591 dir_info
->buflen
= 0;
593 fi
->fh
= (unsigned long)dir_info
;
597 static int cg_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
598 struct fuse_file_info
*fi
)
600 struct file_info
*d
= (struct file_info
*)fi
->fh
;
601 nih_local
struct cgm_keys
**list
= NULL
;
603 nih_local
char *nextcg
= NULL
;
604 struct fuse_context
*fc
= fuse_get_context();
606 if (d
->type
!= LXC_TYPE_CGDIR
) {
607 fprintf(stderr
, "Internal error: file cache info used in readdir\n");
610 if (!d
->cgroup
&& !d
->controller
) {
611 // ls /var/lib/lxcfs/cgroup - just show list of controllers
612 char **list
= LXCFS_DATA
? LXCFS_DATA
->subsystems
: NULL
;
618 for (i
= 0; list
[i
]; i
++) {
619 if (filler(buf
, list
[i
], NULL
, 0) != 0) {
626 if (!cgm_list_keys(d
->controller
, d
->cgroup
, &list
))
627 // not a valid cgroup
630 if (!caller_is_in_ancestor(fc
->pid
, d
->controller
, d
->cgroup
, &nextcg
)) {
633 ret
= filler(buf
, nextcg
, NULL
, 0);
640 for (i
= 0; list
[i
]; i
++) {
641 if (filler(buf
, list
[i
]->name
, NULL
, 0) != 0) {
646 // now get the list of child cgroups
647 nih_local
char **clist
= NULL
;
649 if (!cgm_list_children(d
->controller
, d
->cgroup
, &clist
))
651 for (i
= 0; clist
[i
]; i
++) {
652 if (filler(buf
, clist
[i
], NULL
, 0) != 0) {
659 static void do_release_file_info(struct file_info
*f
)
662 * all file_info fields which are nih_alloc()d with f as parent
663 * will be automatically freed
668 static int cg_releasedir(const char *path
, struct fuse_file_info
*fi
)
670 struct file_info
*d
= (struct file_info
*)fi
->fh
;
672 do_release_file_info(d
);
676 static int cg_open(const char *path
, struct fuse_file_info
*fi
)
678 nih_local
char *controller
= NULL
;
680 char *fpath
= NULL
, *path1
, *path2
;
681 nih_local
char * cgdir
= NULL
;
682 nih_local
struct cgm_keys
*k
= NULL
;
683 struct file_info
*file_info
;
684 struct fuse_context
*fc
= fuse_get_context();
689 controller
= pick_controller_from_path(fc
, path
);
692 cgroup
= find_cgroup_in_path(path
);
696 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
705 k
= get_cgroup_key(controller
, path1
, path2
);
709 if (!fc_may_access(fc
, controller
, path1
, path2
, fi
->flags
))
710 // should never get here
713 /* we'll free this at cg_release */
714 file_info
= NIH_MUST( nih_alloc(NULL
, sizeof(*file_info
)) );
715 file_info
->controller
= must_copy_string(file_info
, controller
);
716 file_info
->cgroup
= must_copy_string(file_info
, path1
);
717 file_info
->file
= must_copy_string(file_info
, path2
);
718 file_info
->type
= LXC_TYPE_CGFILE
;
719 file_info
->buf
= NULL
;
720 file_info
->buflen
= 0;
722 fi
->fh
= (unsigned long)file_info
;
726 static int cg_release(const char *path
, struct fuse_file_info
*fi
)
728 struct file_info
*f
= (struct file_info
*)fi
->fh
;
730 do_release_file_info(f
);
734 static int msgrecv(int sockfd
, void *buf
, size_t len
)
740 FD_SET(sockfd
, &rfds
);
744 if (select(sockfd
+1, &rfds
, NULL
, NULL
, &tv
) <= 0)
746 return recv(sockfd
, buf
, len
, MSG_DONTWAIT
);
749 #define SEND_CREDS_OK 0
750 #define SEND_CREDS_NOTSK 1
751 #define SEND_CREDS_FAIL 2
752 static int send_creds(int sock
, struct ucred
*cred
, char v
, bool pingfirst
)
754 struct msghdr msg
= { 0 };
756 struct cmsghdr
*cmsg
;
757 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
762 if (msgrecv(sock
, buf
, 1) != 1) {
763 fprintf(stderr
, "%s: Error getting reply from server over socketpair\n",
765 return SEND_CREDS_FAIL
;
769 msg
.msg_control
= cmsgbuf
;
770 msg
.msg_controllen
= sizeof(cmsgbuf
);
772 cmsg
= CMSG_FIRSTHDR(&msg
);
773 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct ucred
));
774 cmsg
->cmsg_level
= SOL_SOCKET
;
775 cmsg
->cmsg_type
= SCM_CREDENTIALS
;
776 memcpy(CMSG_DATA(cmsg
), cred
, sizeof(*cred
));
783 iov
.iov_len
= sizeof(buf
);
787 if (sendmsg(sock
, &msg
, 0) < 0) {
788 fprintf(stderr
, "%s: failed at sendmsg: %s\n", __func__
,
791 return SEND_CREDS_NOTSK
;
792 return SEND_CREDS_FAIL
;
795 return SEND_CREDS_OK
;
798 static bool recv_creds(int sock
, struct ucred
*cred
, char *v
)
800 struct msghdr msg
= { 0 };
802 struct cmsghdr
*cmsg
;
803 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
816 if (setsockopt(sock
, SOL_SOCKET
, SO_PASSCRED
, &optval
, sizeof(optval
)) == -1) {
817 fprintf(stderr
, "Failed to set passcred: %s\n", strerror(errno
));
821 if (write(sock
, buf
, 1) != 1) {
822 fprintf(stderr
, "Failed to start write on scm fd: %s\n", strerror(errno
));
828 msg
.msg_control
= cmsgbuf
;
829 msg
.msg_controllen
= sizeof(cmsgbuf
);
832 iov
.iov_len
= sizeof(buf
);
840 if (select(sock
+1, &rfds
, NULL
, NULL
, &tv
) <= 0) {
841 fprintf(stderr
, "Failed to select for scm_cred: %s\n",
845 ret
= recvmsg(sock
, &msg
, MSG_DONTWAIT
);
847 fprintf(stderr
, "Failed to receive scm_cred: %s\n",
852 cmsg
= CMSG_FIRSTHDR(&msg
);
854 if (cmsg
&& cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
)) &&
855 cmsg
->cmsg_level
== SOL_SOCKET
&&
856 cmsg
->cmsg_type
== SCM_CREDENTIALS
) {
857 memcpy(cred
, CMSG_DATA(cmsg
), sizeof(*cred
));
866 * pid_to_ns - reads pids from a ucred over a socket, then writes the
867 * int value back over the socket. This shifts the pid from the
868 * sender's pidns into tpid's pidns.
870 static void pid_to_ns(int sock
, pid_t tpid
)
875 while (recv_creds(sock
, &cred
, &v
)) {
878 if (write(sock
, &cred
.pid
, sizeof(pid_t
)) != sizeof(pid_t
))
885 * pid_to_ns_wrapper: when you setns into a pidns, you yourself remain
886 * in your old pidns. Only children which you fork will be in the target
887 * pidns. So the pid_to_ns_wrapper does the setns, then forks a child to
888 * actually convert pids
890 static void pid_to_ns_wrapper(int sock
, pid_t tpid
)
892 int newnsfd
= -1, ret
, cpipe
[2];
899 sprintf(fnam
, "/proc/%d/ns/pid", tpid
);
900 newnsfd
= open(fnam
, O_RDONLY
);
903 if (setns(newnsfd
, 0) < 0)
918 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
919 fprintf(stderr
, "%s (child): erorr on write: %s\n",
920 __func__
, strerror(errno
));
923 pid_to_ns(sock
, tpid
);
925 // give the child 1 second to be done forking and
928 FD_SET(cpipe
[0], &s
);
931 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
934 ret
= read(cpipe
[0], &v
, 1);
935 if (ret
!= sizeof(char) || v
!= '1') {
939 if (!wait_for_pid(cpid
))
950 * To read cgroup files with a particular pid, we will setns into the child
951 * pidns, open a pipe, fork a child - which will be the first to really be in
952 * the child ns - which does the cgm_get_value and writes the data to the pipe.
954 static bool do_read_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, char **d
)
956 int sock
[2] = {-1, -1};
957 nih_local
char *tmpdata
= NULL
;
959 pid_t qpid
, cpid
= -1;
966 if (!cgm_get_value(contrl
, cg
, file
, &tmpdata
))
970 * Now we read the pids from returned data one by one, pass
971 * them into a child in the target namespace, read back the
972 * translated pids, and put them into our to-return data
975 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
976 perror("socketpair");
985 pid_to_ns_wrapper(sock
[1], tpid
);
990 while (sscanf(ptr
, "%d\n", &qpid
) == 1) {
992 ret
= send_creds(sock
[0], &cred
, v
, true);
994 if (ret
== SEND_CREDS_NOTSK
)
996 if (ret
== SEND_CREDS_FAIL
)
999 // read converted results
1001 FD_SET(sock
[0], &s
);
1004 ret
= select(sock
[0]+1, &s
, NULL
, NULL
, &tv
);
1006 fprintf(stderr
, "%s: select error waiting for pid from child: %s\n",
1007 __func__
, strerror(errno
));
1010 if (read(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
1011 fprintf(stderr
, "%s: error reading pid from child: %s\n",
1012 __func__
, strerror(errno
));
1015 NIH_MUST( nih_strcat_sprintf(d
, NULL
, "%d\n", qpid
) );
1017 ptr
= strchr(ptr
, '\n');
1023 cred
.pid
= getpid();
1025 if (send_creds(sock
[0], &cred
, v
, true) != SEND_CREDS_OK
) {
1026 // failed to ask child to exit
1027 fprintf(stderr
, "%s: failed to ask child to exit: %s\n",
1028 __func__
, strerror(errno
));
1037 if (sock
[0] != -1) {
1044 static int cg_read(const char *path
, char *buf
, size_t size
, off_t offset
,
1045 struct fuse_file_info
*fi
)
1047 struct fuse_context
*fc
= fuse_get_context();
1048 struct file_info
*f
= (struct file_info
*)fi
->fh
;
1049 nih_local
struct cgm_keys
*k
= NULL
;
1051 if (f
->type
!= LXC_TYPE_CGFILE
) {
1052 fprintf(stderr
, "Internal error: directory cache info used in cg_read\n");
1065 if ((k
= get_cgroup_key(f
->controller
, f
->cgroup
, f
->file
)) != NULL
) {
1066 nih_local
char *data
= NULL
;
1070 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_RDONLY
))
1071 // should never get here
1074 if (strcmp(f
->file
, "tasks") == 0 ||
1075 strcmp(f
->file
, "/tasks") == 0 ||
1076 strcmp(f
->file
, "/cgroup.procs") == 0 ||
1077 strcmp(f
->file
, "cgroup.procs") == 0)
1078 // special case - we have to translate the pids
1079 r
= do_read_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, &data
);
1081 r
= cgm_get_value(f
->controller
, f
->cgroup
, f
->file
, &data
);
1091 memcpy(buf
, data
, s
);
1099 static void pid_from_ns(int sock
, pid_t tpid
)
1115 ret
= select(sock
+1, &s
, NULL
, NULL
, &tv
);
1117 fprintf(stderr
, "%s: bad select before read from parent: %s\n",
1118 __func__
, strerror(errno
));
1121 if ((ret
= read(sock
, &vpid
, sizeof(pid_t
))) != sizeof(pid_t
)) {
1122 fprintf(stderr
, "%s: bad read from parent: %s\n",
1123 __func__
, strerror(errno
));
1126 if (vpid
== -1) // done
1130 if (send_creds(sock
, &cred
, v
, true) != SEND_CREDS_OK
) {
1132 cred
.pid
= getpid();
1133 if (send_creds(sock
, &cred
, v
, false) != SEND_CREDS_OK
)
1140 static void pid_from_ns_wrapper(int sock
, pid_t tpid
)
1142 int newnsfd
= -1, ret
, cpipe
[2];
1149 sprintf(fnam
, "/proc/%d/ns/pid", tpid
);
1150 newnsfd
= open(fnam
, O_RDONLY
);
1153 if (setns(newnsfd
, 0) < 0)
1157 if (pipe(cpipe
) < 0)
1169 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
1170 fprintf(stderr
, "%s (child): erorr on write: %s\n",
1171 __func__
, strerror(errno
));
1174 pid_from_ns(sock
, tpid
);
1177 // give the child 1 second to be done forking and
1180 FD_SET(cpipe
[0], &s
);
1183 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
1186 ret
= read(cpipe
[0], &v
, 1);
1187 if (ret
!= sizeof(char) || v
!= '1') {
1191 if (!wait_for_pid(cpid
))
1196 kill(cpid
, SIGKILL
);
1201 static bool do_write_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, const char *buf
)
1203 int sock
[2] = {-1, -1};
1204 pid_t qpid
, cpid
= -1;
1205 bool answer
= false, fail
= false;
1208 * write the pids to a socket, have helper in writer's pidns
1209 * call movepid for us
1211 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
1212 perror("socketpair");
1221 pid_from_ns_wrapper(sock
[1], tpid
);
1223 const char *ptr
= buf
;
1224 while (sscanf(ptr
, "%d", &qpid
) == 1) {
1228 if (write(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
1229 fprintf(stderr
, "%s: error writing pid to child: %s\n",
1230 __func__
, strerror(errno
));
1234 if (recv_creds(sock
[0], &cred
, &v
)) {
1236 if (!cgm_move_pid(contrl
, cg
, cred
.pid
))
1241 ptr
= strchr(ptr
, '\n');
1247 /* All good, write the value */
1249 if (write(sock
[0], &qpid
,sizeof(qpid
)) != sizeof(qpid
))
1250 fprintf(stderr
, "Warning: failed to ask child to exit\n");
1258 if (sock
[0] != -1) {
1265 int cg_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
1266 struct fuse_file_info
*fi
)
1268 struct fuse_context
*fc
= fuse_get_context();
1269 nih_local
char *localbuf
= NULL
;
1270 nih_local
struct cgm_keys
*k
= NULL
;
1271 struct file_info
*f
= (struct file_info
*)fi
->fh
;
1273 if (f
->type
!= LXC_TYPE_CGFILE
) {
1274 fprintf(stderr
, "Internal error: directory cache info used in cg_write\n");
1284 localbuf
= NIH_MUST( nih_alloc(NULL
, size
+1) );
1285 localbuf
[size
] = '\0';
1286 memcpy(localbuf
, buf
, size
);
1288 if ((k
= get_cgroup_key(f
->controller
, f
->cgroup
, f
->file
)) != NULL
) {
1291 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_WRONLY
))
1294 if (strcmp(f
->file
, "tasks") == 0 ||
1295 strcmp(f
->file
, "/tasks") == 0 ||
1296 strcmp(f
->file
, "/cgroup.procs") == 0 ||
1297 strcmp(f
->file
, "cgroup.procs") == 0)
1298 // special case - we have to translate the pids
1299 r
= do_write_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, localbuf
);
1301 r
= cgm_set_value(f
->controller
, f
->cgroup
, f
->file
, localbuf
);
1312 int cg_chown(const char *path
, uid_t uid
, gid_t gid
)
1314 struct fuse_context
*fc
= fuse_get_context();
1315 nih_local
char * cgdir
= NULL
;
1316 char *fpath
= NULL
, *path1
, *path2
;
1317 nih_local
struct cgm_keys
*k
= NULL
;
1319 nih_local
char *controller
= NULL
;
1325 if (strcmp(path
, "/cgroup") == 0)
1328 controller
= pick_controller_from_path(fc
, path
);
1331 cgroup
= find_cgroup_in_path(path
);
1333 /* this is just /cgroup/controller */
1336 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1346 if (is_child_cgroup(controller
, path1
, path2
)) {
1347 // get uid, gid, from '/tasks' file and make up a mode
1348 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1349 k
= get_cgroup_key(controller
, cgroup
, "tasks");
1352 k
= get_cgroup_key(controller
, path1
, path2
);
1358 * This being a fuse request, the uid and gid must be valid
1359 * in the caller's namespace. So we can just check to make
1360 * sure that the caller is root in his uid, and privileged
1361 * over the file's current owner.
1363 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_REQD
))
1366 if (!cgm_chown_file(controller
, cgroup
, uid
, gid
))
1371 int cg_chmod(const char *path
, mode_t mode
)
1373 struct fuse_context
*fc
= fuse_get_context();
1374 nih_local
char * cgdir
= NULL
;
1375 char *fpath
= NULL
, *path1
, *path2
;
1376 nih_local
struct cgm_keys
*k
= NULL
;
1378 nih_local
char *controller
= NULL
;
1383 if (strcmp(path
, "/cgroup") == 0)
1386 controller
= pick_controller_from_path(fc
, path
);
1389 cgroup
= find_cgroup_in_path(path
);
1391 /* this is just /cgroup/controller */
1394 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1404 if (is_child_cgroup(controller
, path1
, path2
)) {
1405 // get uid, gid, from '/tasks' file and make up a mode
1406 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1407 k
= get_cgroup_key(controller
, cgroup
, "tasks");
1410 k
= get_cgroup_key(controller
, path1
, path2
);
1416 * This being a fuse request, the uid and gid must be valid
1417 * in the caller's namespace. So we can just check to make
1418 * sure that the caller is root in his uid, and privileged
1419 * over the file's current owner.
1421 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
))
1424 if (!cgm_chmod_file(controller
, cgroup
, mode
))
1429 int cg_mkdir(const char *path
, mode_t mode
)
1431 struct fuse_context
*fc
= fuse_get_context();
1432 nih_local
struct cgm_keys
**list
= NULL
;
1433 char *fpath
= NULL
, *path1
;
1434 nih_local
char * cgdir
= NULL
;
1436 nih_local
char *controller
= NULL
;
1442 controller
= pick_controller_from_path(fc
, path
);
1446 cgroup
= find_cgroup_in_path(path
);
1450 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1456 if (!fc_may_access(fc
, controller
, path1
, NULL
, O_RDWR
))
1460 if (!cgm_create(controller
, cgroup
, fc
->uid
, fc
->gid
))
1466 static int cg_rmdir(const char *path
)
1468 struct fuse_context
*fc
= fuse_get_context();
1469 nih_local
struct cgm_keys
**list
= NULL
;
1471 nih_local
char * cgdir
= NULL
;
1473 nih_local
char *controller
= NULL
;
1479 controller
= pick_controller_from_path(fc
, path
);
1483 cgroup
= find_cgroup_in_path(path
);
1487 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1491 if (!fc_may_access(fc
, controller
, cgdir
, NULL
, O_WRONLY
))
1494 if (!cgm_remove(controller
, cgroup
))
1500 static bool startswith(const char *line
, const char *pref
)
1502 if (strncmp(line
, pref
, strlen(pref
)) == 0)
1507 static void get_mem_cached(char *memstat
, unsigned long *v
)
1513 if (startswith(memstat
, "total_cache")) {
1514 sscanf(memstat
+ 11, "%lu", v
);
1518 eol
= strchr(memstat
, '\n');
1525 static void get_blkio_io_value(char *str
, unsigned major
, unsigned minor
, char *iotype
, unsigned long *v
)
1531 snprintf(key
, 32, "%u:%u %s", major
, minor
, iotype
);
1533 size_t len
= strlen(key
);
1537 if (startswith(str
, key
)) {
1538 sscanf(str
+ len
, "%lu", v
);
1541 eol
= strchr(str
, '\n');
1548 static char *get_pid_cgroup(pid_t pid
, const char *contrl
)
1550 nih_local
char *fnam
= NULL
;
1552 char *answer
= NULL
;
1556 fnam
= NIH_MUST( nih_sprintf(NULL
, "/proc/%d/cgroup", pid
) );
1557 if (!(f
= fopen(fnam
, "r")))
1560 while (getline(&line
, &len
, f
) != -1) {
1564 c1
= strchr(line
, ':');
1568 c2
= strchr(c1
, ':');
1572 if (strcmp(c1
, contrl
) != 0)
1576 answer
= NIH_MUST( nih_strdup(NULL
, c2
) );
1587 * FUSE ops for /proc
1590 static int proc_meminfo_read(char *buf
, size_t size
, off_t offset
,
1591 struct fuse_file_info
*fi
)
1593 struct fuse_context
*fc
= fuse_get_context();
1594 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "memory");
1595 nih_local
char *memlimit_str
= NULL
, *memusage_str
= NULL
, *memstat_str
= NULL
;
1596 unsigned long memlimit
= 0, memusage
= 0, cached
= 0, hosttotal
= 0;
1598 size_t linelen
= 0, total_len
= 0;
1607 if (!cgm_get_value("memory", cg
, "memory.limit_in_bytes", &memlimit_str
))
1609 if (!cgm_get_value("memory", cg
, "memory.usage_in_bytes", &memusage_str
))
1611 if (!cgm_get_value("memory", cg
, "memory.stat", &memstat_str
))
1613 memlimit
= strtoul(memlimit_str
, NULL
, 10);
1614 memusage
= strtoul(memusage_str
, NULL
, 10);
1617 get_mem_cached(memstat_str
, &cached
);
1619 f
= fopen("/proc/meminfo", "r");
1623 while (getline(&line
, &linelen
, f
) != -1) {
1625 char *printme
, lbuf
[100];
1627 memset(lbuf
, 0, 100);
1628 if (startswith(line
, "MemTotal:")) {
1629 sscanf(line
+14, "%lu", &hosttotal
);
1630 if (hosttotal
< memlimit
)
1631 memlimit
= hosttotal
;
1632 snprintf(lbuf
, 100, "MemTotal: %8lu kB\n", memlimit
);
1634 } else if (startswith(line
, "MemFree:")) {
1635 snprintf(lbuf
, 100, "MemFree: %8lu kB\n", memlimit
- memusage
);
1637 } else if (startswith(line
, "MemAvailable:")) {
1638 snprintf(lbuf
, 100, "MemAvailable: %8lu kB\n", memlimit
- memusage
);
1640 } else if (startswith(line
, "Buffers:")) {
1641 snprintf(lbuf
, 100, "Buffers: %8lu kB\n", 0UL);
1643 } else if (startswith(line
, "Cached:")) {
1644 snprintf(lbuf
, 100, "Cached: %8lu kB\n", cached
);
1646 } else if (startswith(line
, "SwapCached:")) {
1647 snprintf(lbuf
, 100, "SwapCached: %8lu kB\n", 0UL);
1651 l
= snprintf(buf
, size
, "%s", printme
);
1663 * Read the cpuset.cpus for cg
1664 * Return the answer in a nih_alloced string
1666 static char *get_cpuset(const char *cg
)
1670 if (!cgm_get_value("cpuset", cg
, "cpuset.cpus", &answer
))
1676 * Helper functions for cpuset_in-set
1678 char *cpuset_nexttok(const char *c
)
1680 char *r
= strchr(c
+1, ',');
1686 int cpuset_getrange(const char *c
, int *a
, int *b
)
1690 ret
= sscanf(c
, "%d-%d", a
, b
);
1695 * cpusets are in format "1,2-3,4"
1696 * iow, comma-delimited ranges
1698 static bool cpu_in_cpuset(int cpu
, const char *cpuset
)
1702 for (c
= cpuset
; c
; c
= cpuset_nexttok(c
)) {
1705 ret
= cpuset_getrange(c
, &a
, &b
);
1706 if (ret
== 1 && cpu
== a
)
1708 if (ret
!= 2) // bad cpuset!
1710 if (cpu
>= a
&& cpu
<= b
)
1717 static bool cpuline_in_cpuset(const char *line
, const char *cpuset
)
1721 if (sscanf(line
, "processor : %d", &cpu
) != 1)
1723 return cpu_in_cpuset(cpu
, cpuset
);
1727 * check whether this is a '^processor" line in /proc/cpuinfo
1729 static bool is_processor_line(const char *line
)
1733 if (sscanf(line
, "processor : %d", &cpu
) == 1)
1738 static int proc_cpuinfo_read(char *buf
, size_t size
, off_t offset
,
1739 struct fuse_file_info
*fi
)
1741 struct fuse_context
*fc
= fuse_get_context();
1742 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "cpuset");
1743 nih_local
char *cpuset
= NULL
;
1745 size_t linelen
= 0, total_len
= 0;
1746 bool am_printing
= false;
1756 cpuset
= get_cpuset(cg
);
1760 f
= fopen("/proc/cpuinfo", "r");
1764 while (getline(&line
, &linelen
, f
) != -1) {
1766 if (is_processor_line(line
)) {
1767 am_printing
= cpuline_in_cpuset(line
, cpuset
);
1770 l
= snprintf(buf
, size
, "processor : %d\n", curcpu
);
1778 l
= snprintf(buf
, size
, "%s", line
);
1790 static int proc_stat_read(char *buf
, size_t size
, off_t offset
,
1791 struct fuse_file_info
*fi
)
1793 struct fuse_context
*fc
= fuse_get_context();
1794 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "cpuset");
1795 nih_local
char *cpuset
= NULL
;
1797 size_t linelen
= 0, total_len
= 0;
1798 int curcpu
= -1; /* cpu numbering starts at 0 */
1807 cpuset
= get_cpuset(cg
);
1811 f
= fopen("/proc/stat", "r");
1815 while (getline(&line
, &linelen
, f
) != -1) {
1818 char cpu_char
[10]; /* That's a lot of cores */
1821 if (sscanf(line
, "cpu%9[^ ]", cpu_char
) != 1) {
1822 /* not a ^cpuN line containing a number N, just print it */
1823 l
= snprintf(buf
, size
, "%s", line
);
1830 if (sscanf(cpu_char
, "%d", &cpu
) != 1)
1832 if (!cpu_in_cpuset(cpu
, cpuset
))
1836 c
= strchr(line
, ' ');
1839 l
= snprintf(buf
, size
, "cpu%d %s", curcpu
, c
);
1851 * How to guess what to present for uptime?
1852 * One thing we could do would be to take the date on the caller's
1853 * memory.usage_in_bytes file, which should equal the time of creation
1854 * of his cgroup. However, a task could be in a sub-cgroup of the
1855 * container. The same problem exists if we try to look at the ages
1856 * of processes in the caller's cgroup.
1858 * So we'll fork a task that will enter the caller's pidns, mount a
1859 * fresh procfs, get the age of /proc/1, and pass that back over a pipe.
1861 * For the second uptime #, we'll do as Stéphane had done, just copy
1862 * the number from /proc/uptime. Not sure how to best emulate 'idle'
1863 * time. Maybe someone can come up with a good algorithm and submit a
1864 * patch. Maybe something based on cpushare info?
1867 /* return age of the reaper for $pid, taken from ctime of its procdir */
1868 static long int get_pid1_time(pid_t pid
)
1871 int fd
, cpipe
[2], ret
;
1878 if (unshare(CLONE_NEWNS
))
1881 if (mount(NULL
, "/", NULL
, MS_SLAVE
|MS_REC
, NULL
)) {
1882 perror("rslave mount failed");
1886 sprintf(fnam
, "/proc/%d/ns/pid", pid
);
1887 fd
= open(fnam
, O_RDONLY
);
1889 perror("get_pid1_time open of ns/pid");
1893 perror("get_pid1_time setns 1");
1899 if (pipe(cpipe
) < 0)
1910 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
1911 fprintf(stderr
, "%s (child): erorr on write: %s\n",
1912 __func__
, strerror(errno
));
1915 umount2("/proc", MNT_DETACH
);
1916 if (mount("proc", "/proc", "proc", 0, NULL
)) {
1917 perror("get_pid1_time mount");
1920 ret
= lstat("/proc/1", &sb
);
1922 perror("get_pid1_time lstat");
1925 return time(NULL
) - sb
.st_ctime
;
1928 // give the child 1 second to be done forking and
1931 FD_SET(cpipe
[0], &s
);
1934 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
1937 ret
= read(cpipe
[0], &v
, 1);
1938 if (ret
!= sizeof(char) || v
!= '1') {
1946 kill(cpid
, SIGKILL
);
1951 static long int getreaperage(pid_t qpid
)
1953 int pid
, mypipe
[2], ret
;
1956 long int mtime
, answer
= 0;
1964 if (!pid
) { // child
1965 mtime
= get_pid1_time(qpid
);
1966 if (write(mypipe
[1], &mtime
, sizeof(mtime
)) != sizeof(mtime
))
1967 fprintf(stderr
, "Warning: bad write from getreaperage\n");
1973 FD_SET(mypipe
[0], &s
);
1976 ret
= select(mypipe
[0]+1, &s
, NULL
, NULL
, &tv
);
1982 fprintf(stderr
, "timed out\n");
1985 if (read(mypipe
[0], &mtime
, sizeof(mtime
)) != sizeof(mtime
)) {
1997 static long int getprocidle(void)
1999 FILE *f
= fopen("/proc/uptime", "r");
2004 ret
= fscanf(f
, "%ld %ld", &age
, &idle
);
2012 * We read /proc/uptime and reuse its second field.
2013 * For the first field, we use the mtime for the reaper for
2014 * the calling pid as returned by getreaperage
2016 static int proc_uptime_read(char *buf
, size_t size
, off_t offset
,
2017 struct fuse_file_info
*fi
)
2019 struct fuse_context
*fc
= fuse_get_context();
2020 long int reaperage
= getreaperage(fc
->pid
);;
2021 long int idletime
= getprocidle();
2025 return snprintf(buf
, size
, "%ld %ld\n", reaperage
, idletime
);
2028 static int proc_diskstats_read(char *buf
, size_t size
, off_t offset
,
2029 struct fuse_file_info
*fi
)
2032 struct fuse_context
*fc
= fuse_get_context();
2033 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "blkio");
2034 nih_local
char *io_serviced_str
= NULL
, *io_merged_str
= NULL
, *io_service_bytes_str
= NULL
,
2035 *io_wait_time_str
= NULL
, *io_service_time_str
= NULL
;
2036 unsigned long read
= 0, write
= 0;
2037 unsigned long read_merged
= 0, write_merged
= 0;
2038 unsigned long read_sectors
= 0, write_sectors
= 0;
2039 unsigned long read_ticks
= 0, write_ticks
= 0;
2040 unsigned long ios_pgr
= 0, tot_ticks
= 0, rq_ticks
= 0;
2041 unsigned long rd_svctm
= 0, wr_svctm
= 0, rd_wait
= 0, wr_wait
= 0;
2043 size_t linelen
= 0, total_len
= 0;
2044 unsigned int major
= 0, minor
= 0;
2054 if (!cgm_get_value("blkio", cg
, "blkio.io_serviced", &io_serviced_str
))
2056 if (!cgm_get_value("blkio", cg
, "blkio.io_merged", &io_merged_str
))
2058 if (!cgm_get_value("blkio", cg
, "blkio.io_service_bytes", &io_service_bytes_str
))
2060 if (!cgm_get_value("blkio", cg
, "blkio.io_wait_time", &io_wait_time_str
))
2062 if (!cgm_get_value("blkio", cg
, "blkio.io_service_time", &io_service_time_str
))
2066 f
= fopen("/proc/diskstats", "r");
2070 while (getline(&line
, &linelen
, f
) != -1) {
2072 char *printme
, lbuf
[256];
2074 i
= sscanf(line
, "%u %u %s", &major
, &minor
, dev_name
);
2076 get_blkio_io_value(io_serviced_str
, major
, minor
, "Read", &read
);
2077 get_blkio_io_value(io_serviced_str
, major
, minor
, "Write", &write
);
2078 get_blkio_io_value(io_merged_str
, major
, minor
, "Read", &read_merged
);
2079 get_blkio_io_value(io_merged_str
, major
, minor
, "Write", &write_merged
);
2080 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Read", &read_sectors
);
2081 read_sectors
= read_sectors
/512;
2082 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Write", &write_sectors
);
2083 write_sectors
= write_sectors
/512;
2085 get_blkio_io_value(io_service_time_str
, major
, minor
, "Read", &rd_svctm
);
2086 rd_svctm
= rd_svctm
/1000000;
2087 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Read", &rd_wait
);
2088 rd_wait
= rd_wait
/1000000;
2089 read_ticks
= rd_svctm
+ rd_wait
;
2091 get_blkio_io_value(io_service_time_str
, major
, minor
, "Write", &wr_svctm
);
2092 wr_svctm
= wr_svctm
/1000000;
2093 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Write", &wr_wait
);
2094 wr_wait
= wr_wait
/1000000;
2095 write_ticks
= wr_svctm
+ wr_wait
;
2097 get_blkio_io_value(io_service_time_str
, major
, minor
, "Total", &tot_ticks
);
2098 tot_ticks
= tot_ticks
/1000000;
2103 memset(lbuf
, 0, 256);
2104 if (read
|| write
|| read_merged
|| write_merged
|| read_sectors
|| write_sectors
|| read_ticks
|| write_ticks
) {
2105 snprintf(lbuf
, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
2106 major
, minor
, dev_name
, read
, read_merged
, read_sectors
, read_ticks
,
2107 write
, write_merged
, write_sectors
, write_ticks
, ios_pgr
, tot_ticks
, rq_ticks
);
2112 l
= snprintf(buf
, size
, "%s", printme
);
2123 static off_t
get_procfile_size(const char *which
)
2125 FILE *f
= fopen(which
, "r");
2128 ssize_t sz
, answer
= 0;
2132 while ((sz
= getline(&line
, &len
, f
)) != -1)
2140 static int proc_getattr(const char *path
, struct stat
*sb
)
2142 struct timespec now
;
2144 memset(sb
, 0, sizeof(struct stat
));
2145 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
2147 sb
->st_uid
= sb
->st_gid
= 0;
2148 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
2149 if (strcmp(path
, "/proc") == 0) {
2150 sb
->st_mode
= S_IFDIR
| 00555;
2154 if (strcmp(path
, "/proc/meminfo") == 0 ||
2155 strcmp(path
, "/proc/cpuinfo") == 0 ||
2156 strcmp(path
, "/proc/uptime") == 0 ||
2157 strcmp(path
, "/proc/stat") == 0 ||
2158 strcmp(path
, "/proc/diskstats") == 0) {
2159 sb
->st_size
= get_procfile_size(path
);
2160 sb
->st_mode
= S_IFREG
| 00444;
2168 static int proc_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
2169 struct fuse_file_info
*fi
)
2171 if (filler(buf
, "cpuinfo", NULL
, 0) != 0 ||
2172 filler(buf
, "meminfo", NULL
, 0) != 0 ||
2173 filler(buf
, "stat", NULL
, 0) != 0 ||
2174 filler(buf
, "uptime", NULL
, 0) != 0 ||
2175 filler(buf
, "diskstats", NULL
, 0) != 0)
2180 static int proc_open(const char *path
, struct fuse_file_info
*fi
)
2183 struct file_info
*info
;
2185 if (strcmp(path
, "/proc/meminfo") == 0)
2186 type
= LXC_TYPE_PROC_MEMINFO
;
2187 else if (strcmp(path
, "/proc/cpuinfo") == 0)
2188 type
= LXC_TYPE_PROC_CPUINFO
;
2189 else if (strcmp(path
, "/proc/uptime") == 0)
2190 type
= LXC_TYPE_PROC_UPTIME
;
2191 else if (strcmp(path
, "/proc/stat") == 0)
2192 type
= LXC_TYPE_PROC_STAT
;
2193 else if (strcmp(path
, "/proc/diskstats") == 0)
2194 type
= LXC_TYPE_PROC_DISKSTATS
;
2198 info
= NIH_MUST( nih_alloc(NULL
, sizeof(*info
)) );
2199 memset(info
, 0, sizeof(*info
));
2202 fi
->fh
= (unsigned long)info
;
2206 static int proc_release(const char *path
, struct fuse_file_info
*fi
)
2208 struct file_info
*f
= (struct file_info
*)fi
->fh
;
2210 do_release_file_info(f
);
2214 static int proc_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2215 struct fuse_file_info
*fi
)
2217 struct file_info
*f
= (struct file_info
*) fi
->fh
;
2220 case LXC_TYPE_PROC_MEMINFO
:
2221 return proc_meminfo_read(buf
, size
, offset
, fi
);
2222 case LXC_TYPE_PROC_CPUINFO
:
2223 return proc_cpuinfo_read(buf
, size
, offset
, fi
);
2224 case LXC_TYPE_PROC_UPTIME
:
2225 return proc_uptime_read(buf
, size
, offset
, fi
);
2226 case LXC_TYPE_PROC_STAT
:
2227 return proc_stat_read(buf
, size
, offset
, fi
);
2228 case LXC_TYPE_PROC_DISKSTATS
:
2229 return proc_diskstats_read(buf
, size
, offset
, fi
);
2237 * these just delegate to the /proc and /cgroup ops as
2241 static int lxcfs_getattr(const char *path
, struct stat
*sb
)
2243 if (strcmp(path
, "/") == 0) {
2244 sb
->st_mode
= S_IFDIR
| 00755;
2248 if (strncmp(path
, "/cgroup", 7) == 0) {
2249 return cg_getattr(path
, sb
);
2251 if (strncmp(path
, "/proc", 5) == 0) {
2252 return proc_getattr(path
, sb
);
2257 static int lxcfs_opendir(const char *path
, struct fuse_file_info
*fi
)
2259 if (strcmp(path
, "/") == 0)
2262 if (strncmp(path
, "/cgroup", 7) == 0) {
2263 return cg_opendir(path
, fi
);
2265 if (strcmp(path
, "/proc") == 0)
2270 static int lxcfs_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
2271 struct fuse_file_info
*fi
)
2273 if (strcmp(path
, "/") == 0) {
2274 if (filler(buf
, "proc", NULL
, 0) != 0 ||
2275 filler(buf
, "cgroup", NULL
, 0) != 0)
2279 if (strncmp(path
, "/cgroup", 7) == 0)
2280 return cg_readdir(path
, buf
, filler
, offset
, fi
);
2281 if (strcmp(path
, "/proc") == 0)
2282 return proc_readdir(path
, buf
, filler
, offset
, fi
);
2286 static int lxcfs_releasedir(const char *path
, struct fuse_file_info
*fi
)
2288 if (strcmp(path
, "/") == 0)
2290 if (strncmp(path
, "/cgroup", 7) == 0) {
2291 return cg_releasedir(path
, fi
);
2293 if (strcmp(path
, "/proc") == 0)
2298 static int lxcfs_open(const char *path
, struct fuse_file_info
*fi
)
2300 if (strncmp(path
, "/cgroup", 7) == 0)
2301 return cg_open(path
, fi
);
2302 if (strncmp(path
, "/proc", 5) == 0)
2303 return proc_open(path
, fi
);
2308 static int lxcfs_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2309 struct fuse_file_info
*fi
)
2311 if (strncmp(path
, "/cgroup", 7) == 0)
2312 return cg_read(path
, buf
, size
, offset
, fi
);
2313 if (strncmp(path
, "/proc", 5) == 0)
2314 return proc_read(path
, buf
, size
, offset
, fi
);
2319 int lxcfs_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
2320 struct fuse_file_info
*fi
)
2322 if (strncmp(path
, "/cgroup", 7) == 0) {
2323 return cg_write(path
, buf
, size
, offset
, fi
);
2329 static int lxcfs_flush(const char *path
, struct fuse_file_info
*fi
)
2334 static int lxcfs_release(const char *path
, struct fuse_file_info
*fi
)
2336 if (strncmp(path
, "/cgroup", 7) == 0)
2337 return cg_release(path
, fi
);
2338 if (strncmp(path
, "/proc", 5) == 0)
2339 return proc_release(path
, fi
);
2344 static int lxcfs_fsync(const char *path
, int datasync
, struct fuse_file_info
*fi
)
2349 int lxcfs_mkdir(const char *path
, mode_t mode
)
2351 if (strncmp(path
, "/cgroup", 7) == 0)
2352 return cg_mkdir(path
, mode
);
2357 int lxcfs_chown(const char *path
, uid_t uid
, gid_t gid
)
2359 if (strncmp(path
, "/cgroup", 7) == 0)
2360 return cg_chown(path
, uid
, gid
);
2366 * cat first does a truncate before doing ops->write. This doesn't
2367 * really make sense for cgroups. So just return 0 always but do
2370 int lxcfs_truncate(const char *path
, off_t newsize
)
2372 if (strncmp(path
, "/cgroup", 7) == 0)
2377 int lxcfs_rmdir(const char *path
)
2379 if (strncmp(path
, "/cgroup", 7) == 0)
2380 return cg_rmdir(path
);
2384 int lxcfs_chmod(const char *path
, mode_t mode
)
2386 if (strncmp(path
, "/cgroup", 7) == 0)
2387 return cg_chmod(path
, mode
);
2391 const struct fuse_operations lxcfs_ops
= {
2392 .getattr
= lxcfs_getattr
,
2396 .mkdir
= lxcfs_mkdir
,
2398 .rmdir
= lxcfs_rmdir
,
2402 .chmod
= lxcfs_chmod
,
2403 .chown
= lxcfs_chown
,
2404 .truncate
= lxcfs_truncate
,
2409 .release
= lxcfs_release
,
2410 .write
= lxcfs_write
,
2413 .flush
= lxcfs_flush
,
2414 .fsync
= lxcfs_fsync
,
2419 .removexattr
= NULL
,
2421 .opendir
= lxcfs_opendir
,
2422 .readdir
= lxcfs_readdir
,
2423 .releasedir
= lxcfs_releasedir
,
2434 static void usage(const char *me
)
2436 fprintf(stderr
, "Usage:\n");
2437 fprintf(stderr
, "\n");
2438 fprintf(stderr
, "%s [FUSE and mount options] mountpoint\n", me
);
2442 static bool is_help(char *w
)
2444 if (strcmp(w
, "-h") == 0 ||
2445 strcmp(w
, "--help") == 0 ||
2446 strcmp(w
, "-help") == 0 ||
2447 strcmp(w
, "help") == 0)
2452 int main(int argc
, char *argv
[])
2455 struct lxcfs_state
*d
;
2457 if (argc
< 2 || is_help(argv
[1]))
2460 d
= malloc(sizeof(*d
));
2464 if (!cgm_escape_cgroup())
2465 fprintf(stderr
, "WARNING: failed to escape to root cgroup\n");
2467 if (!cgm_get_controllers(&d
->subsystems
))
2470 ret
= fuse_main(argc
, argv
, &lxcfs_ops
, d
);