extern int pivot_root(const char * new_root, const char * put_old);
#endif
+#ifdef DEBUG
+#define lxcfs_debug(format, ...) \
+ do { \
+ fprintf(stderr, "%s: %d: %s: " format, __FILE__, __LINE__, \
+ __func__, __VA_ARGS__); \
+ } while (false)
+#else
+#define lxcfs_debug(format, ...)
+#endif /* DEBUG */
+
enum {
LXC_TYPE_CGDIR,
LXC_TYPE_CGFILE,
snprintf(fnam, 100, "/proc/%d", e->initpid);
if (stat(fnam, &initsb) < 0)
return false;
-#if DEBUG
- fprintf(stderr, "comparing ctime %ld %ld for pid %d\n",
- e->ctime, initsb.st_ctime, e->initpid);
-#endif
+
+ lxcfs_debug("Comparing ctime %ld == %ld for pid %d.\n", e->ctime,
+ initsb.st_ctime, e->initpid);
+
if (e->ctime != initsb.st_ctime)
return false;
return true;
struct pidns_init_store *tmp;
int h;
-#if DEBUG
- fprintf(stderr, "remove_initpid: removing entry for %d\n", e->initpid);
-#endif
+ lxcfs_debug("Remove_initpid: removing entry for %d.\n", e->initpid);
+
h = HASH(e->ino);
if (pidns_hash_table[h] == e) {
pidns_hash_table[h] = e->next;
now = time(NULL);
if (now < last_prune + PURGE_SECS)
return;
-#if DEBUG
- fprintf(stderr, "pruning\n");
-#endif
+
+ lxcfs_debug("%s\n", "Pruning.");
+
last_prune = now;
threshold = now - 2 * PURGE_SECS;
for (i = 0; i < PIDNS_HASH_SIZE; i++) {
for (prev = NULL, e = pidns_hash_table[i]; e; ) {
if (e->lastcheck < threshold) {
-#if DEBUG
- fprintf(stderr, "Removing cached entry for %d\n", e->initpid);
-#endif
+
+ lxcfs_debug("Removing cached entry for %d.\n", e->initpid);
+
delme = e;
if (prev)
prev->next = e->next;
struct stat procsb;
int h;
-#if DEBUG
- fprintf(stderr, "save_initpid: adding entry for %d\n", pid);
-#endif
+ lxcfs_debug("Save_initpid: adding entry for %d.\n", pid);
+
snprintf(fpath, 100, "/proc/%d", pid);
if (stat(fpath, &procsb) < 0)
return;
const char *s = haystack, *e;
size_t nlen = strlen(needle);
- while (*s && (e = index(s, ','))) {
+ while (*s && (e = strchr(s, ','))) {
if (nlen != e - s) {
s = e + 1;
continue;
return 0;
}
-static bool recursive_rmdir(const char *dirname, int fd)
+static bool recursive_rmdir(const char *dirname, int fd, const int cfd)
{
struct dirent *direntp;
DIR *dir;
dir = fdopendir(dupfd);
if (!dir) {
-#if DEBUG
- fprintf(stderr, "%s: failed to open %s: %s\n", __func__, dirname, strerror(errno));
-#endif
+ lxcfs_debug("Failed to open %s: %s.\n", dirname, strerror(errno));
+ close(dupfd);
return false;
}
struct stat mystat;
int rc;
- if (!direntp)
- break;
-
if (!strcmp(direntp->d_name, ".") ||
!strcmp(direntp->d_name, ".."))
continue;
continue;
}
- ret = fstatat(fd, pathname, &mystat, AT_SYMLINK_NOFOLLOW);
- if (ret) {
-#if DEBUG
- fprintf(stderr, "%s: failed to stat %s: %s\n", __func__, pathname, strerror(errno));
-#endif
+ rc = fstatat(cfd, pathname, &mystat, AT_SYMLINK_NOFOLLOW);
+ if (rc) {
+ lxcfs_debug("Failed to stat %s: %s.\n", pathname, strerror(errno));
continue;
}
- if (S_ISDIR(mystat.st_mode)) {
- if (!recursive_rmdir(pathname, fd)) {
-#if DEBUG
- fprintf(stderr, "Error removing %s\n", pathname);
-#endif
- }
- }
+ if (S_ISDIR(mystat.st_mode))
+ if (!recursive_rmdir(pathname, fd, cfd))
+ lxcfs_debug("Error removing %s.\n", pathname);
}
ret = true;
ret = false;
}
- if (unlinkat(fd, dirname, AT_REMOVEDIR) < 0) {
-#if DEBUG
- fprintf(stderr, "%s: failed to delete %s: %s\n", __func__, dirname, strerror(errno));
-#endif
+ if (unlinkat(cfd, dirname, AT_REMOVEDIR) < 0) {
+ lxcfs_debug("Failed to delete %s: %s.\n", dirname, strerror(errno));
ret = false;
}
- close(fd);
+
+ close(dupfd);
return ret;
}
int fd, cfd;
size_t len;
char *dirnam, *tmpc;
+ bool bret;
tmpc = find_mounted_controller(controller, &cfd);
if (!tmpc)
if (fd < 0)
return false;
- return recursive_rmdir(dirnam, fd);
+ bret = recursive_rmdir(dirnam, fd, cfd);
+ close(fd);
+ return bret;
}
bool cgfs_chmod_file(const char *controller, const char *file, mode_t mode)
if (file && *file == '/')
file++;
- if (file && index(file, '/'))
+ if (file && strchr(file, '/'))
return NULL;
/* Make sure we pass a relative path to *at() family of functions.
} while (!newkey);
if (file)
newkey->name = must_copy_string(file);
- else if (rindex(cgroup, '/'))
- newkey->name = must_copy_string(rindex(cgroup, '/'));
+ else if (strrchr(cgroup, '/'))
+ newkey->name = must_copy_string(strrchr(cgroup, '/'));
else
newkey->name = must_copy_string(cgroup);
newkey->uid = sb.st_uid;
return NULL;
}
- if (strcmp(querycg, "/") == 0)
+ if ((strcmp(querycg, "/") == 0) || (strcmp(querycg, "./") == 0))
start = strdup(taskcg + 1);
else
start = strdup(taskcg + strlen(querycg) + 1);
const char *p1;
char *contr, *slash;
- if (strlen(path) < 9)
+ if (strlen(path) < 9) {
+ errno = EACCES;
return NULL;
- if (*(path+7) != '/')
+ }
+ if (*(path + 7) != '/') {
+ errno = EINVAL;
return NULL;
- p1 = path+8;
+ }
+ p1 = path + 8;
contr = strdupa(p1);
- if (!contr)
+ if (!contr) {
+ errno = ENOMEM;
return NULL;
+ }
slash = strstr(contr, "/");
if (slash)
*slash = '\0';
int i;
- for (i = 0; i < num_hierarchies; i++) {
+ for (i = 0; i < num_hierarchies; i++) {
if (hierarchies[i] && strcmp(hierarchies[i], contr) == 0)
return hierarchies[i];
}
+ errno = ENOENT;
return NULL;
}
{
const char *p1;
- if (strlen(path) < 9)
+ if (strlen(path) < 9) {
+ errno = EACCES;
return NULL;
- p1 = strstr(path+8, "/");
- if (!p1)
+ }
+ p1 = strstr(path + 8, "/");
+ if (!p1) {
+ errno = EINVAL;
return NULL;
- return p1+1;
+ }
+ errno = 0;
+ return p1 + 1;
}
/*
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EIO;
+ return -errno;
cgroup = find_cgroup_in_path(path);
if (!cgroup) {
/* this is just /cgroup/controller, return it as a dir */
// return list of keys for the controller, and list of child cgroups
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EIO;
+ return -errno;
cgroup = find_cgroup_in_path(path);
if (!cgroup) {
struct fuse_context *fc = fuse_get_context();
char **clist = NULL;
+ if (filler(buf, ".", NULL, 0) != 0 || filler(buf, "..", NULL, 0) != 0)
+ return -EIO;
+
if (d->type != LXC_TYPE_CGDIR) {
fprintf(stderr, "Internal error: file cache info used in readdir\n");
return -EIO;
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EIO;
+ return -errno;
cgroup = find_cgroup_in_path(path);
if (!cgroup)
- return -EINVAL;
+ return -errno;
get_cgdir_and_path(cgroup, &cgdir, &last);
if (!last) {
int cg_access(const char *path, int mode)
{
+ int ret;
const char *cgroup;
- char *last = NULL, *path1, *path2, * cgdir = NULL, *controller;
+ char *path1, *path2, *controller;
+ char *last = NULL, *cgdir = NULL;
struct cgfs_files *k = NULL;
struct fuse_context *fc = fuse_get_context();
- int ret;
+
+ if (strcmp(path, "/cgroup") == 0)
+ return 0;
if (!fc)
return -EIO;
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EIO;
+ return -errno;
cgroup = find_cgroup_in_path(path);
if (!cgroup) {
// access("/sys/fs/cgroup/systemd", mode) - rx allowed, w not
return -EIO;
if (strcmp(path, "/cgroup") == 0)
- return -EINVAL;
+ return -EPERM;
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EINVAL;
+ return errno == ENOENT ? -EPERM : -errno;
+
cgroup = find_cgroup_in_path(path);
if (!cgroup)
/* this is just /cgroup/controller */
- return -EINVAL;
+ return -EPERM;
get_cgdir_and_path(cgroup, &cgdir, &last);
return -EIO;
if (strcmp(path, "/cgroup") == 0)
- return -EINVAL;
+ return -EPERM;
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EINVAL;
+ return errno == ENOENT ? -EPERM : -errno;
+
cgroup = find_cgroup_in_path(path);
if (!cgroup)
/* this is just /cgroup/controller */
- return -EINVAL;
+ return -EPERM;
get_cgdir_and_path(cgroup, &cgdir, &last);
if (!fc)
return -EIO;
-
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EINVAL;
+ return errno == ENOENT ? -EPERM : -errno;
cgroup = find_cgroup_in_path(path);
if (!cgroup)
- return -EINVAL;
+ return -errno;
get_cgdir_and_path(cgroup, &cgdir, &last);
if (!last)
else if (last && strcmp(next, last) == 0)
ret = -EEXIST;
else
- ret = -ENOENT;
+ ret = -EPERM;
goto out;
}
return -EIO;
controller = pick_controller_from_path(fc, path);
- if (!controller)
- return -EINVAL;
+ if (!controller) /* Someone's trying to delete "/cgroup". */
+ return -EPERM;
cgroup = find_cgroup_in_path(path);
- if (!cgroup)
- return -EINVAL;
+ if (!cgroup) /* Someone's trying to delete a controller e.g. "/blkio". */
+ return -EPERM;
get_cgdir_and_path(cgroup, &cgdir, &last);
if (!last) {
- ret = -EINVAL;
+ /* Someone's trying to delete a cgroup on the same level as the
+ * "/lxc" cgroup e.g. rmdir "/cgroup/blkio/lxc" or
+ * rmdir "/cgroup/blkio/init.slice".
+ */
+ ret = -EPERM;
goto out;
}
return false;
}
-static void get_mem_cached(char *memstat, unsigned long *v)
+static void parse_memstat(char *memstat, unsigned long *cached,
+ unsigned long *active_anon, unsigned long *inactive_anon,
+ unsigned long *active_file, unsigned long *inactive_file,
+ unsigned long *unevictable)
{
char *eol;
- *v = 0;
while (*memstat) {
- if (startswith(memstat, "total_cache")) {
- sscanf(memstat + 11, "%lu", v);
- *v /= 1024;
- return;
+ if (startswith(memstat, "cache")) {
+ sscanf(memstat + 11, "%lu", cached);
+ *cached /= 1024;
+ } else if (startswith(memstat, "active_anon")) {
+ sscanf(memstat + 11, "%lu", active_anon);
+ *active_anon /= 1024;
+ } else if (startswith(memstat, "inactive_anon")) {
+ sscanf(memstat + 11, "%lu", inactive_anon);
+ *inactive_anon /= 1024;
+ } else if (startswith(memstat, "active_file")) {
+ sscanf(memstat + 11, "%lu", active_file);
+ *active_file /= 1024;
+ } else if (startswith(memstat, "inactive_file")) {
+ sscanf(memstat + 11, "%lu", inactive_file);
+ *inactive_file /= 1024;
+ } else if (startswith(memstat, "unevictable")) {
+ sscanf(memstat + 11, "%lu", unevictable);
+ *unevictable /= 1024;
}
eol = strchr(memstat, '\n');
if (!eol)
*memswlimit_str = NULL, *memswusage_str = NULL,
*memswlimit_default_str = NULL, *memswusage_default_str = NULL;
unsigned long memlimit = 0, memusage = 0, memswlimit = 0, memswusage = 0,
- cached = 0, hosttotal = 0;
+ cached = 0, hosttotal = 0, active_anon = 0, inactive_anon = 0,
+ active_file = 0, inactive_file = 0, unevictable = 0;
char *line = NULL;
size_t linelen = 0, total_len = 0, rv = 0;
char *cache = d->buf;
memlimit /= 1024;
memusage /= 1024;
- get_mem_cached(memstat_str, &cached);
+ parse_memstat(memstat_str, &cached, &active_anon,
+ &inactive_anon, &active_file, &inactive_file,
+ &unevictable);
f = fopen("/proc/meminfo", "r");
if (!f)
snprintf(lbuf, 100, "SwapTotal: %8lu kB\n", memswlimit - memlimit);
printme = lbuf;
} else if (startswith(line, "SwapFree:") && memswlimit > 0 && memswusage > 0) {
- snprintf(lbuf, 100, "SwapFree: %8lu kB\n",
- (memswlimit - memlimit) - (memswusage - memusage));
+ unsigned long swaptotal = memswlimit - memlimit,
+ swapusage = memswusage - memusage,
+ swapfree = swapusage < swaptotal ? swaptotal - swapusage : 0;
+ snprintf(lbuf, 100, "SwapFree: %8lu kB\n", swapfree);
printme = lbuf;
} else if (startswith(line, "Slab:")) {
snprintf(lbuf, 100, "Slab: %8lu kB\n", 0UL);
} else if (startswith(line, "SwapCached:")) {
snprintf(lbuf, 100, "SwapCached: %8lu kB\n", 0UL);
printme = lbuf;
+ } else if (startswith(line, "Active")) {
+ snprintf(lbuf, 100, "Active: %8lu kB\n",
+ active_anon + active_file);
+ printme = lbuf;
+ } else if (startswith(line, "Inactive")) {
+ snprintf(lbuf, 100, "Inactive: %8lu kB\n",
+ inactive_anon + inactive_file);
+ printme = lbuf;
+ } else if (startswith(line, "Active(anon)")) {
+ snprintf(lbuf, 100, "Active(anon): %8lu kB\n", active_anon);
+ printme = lbuf;
+ } else if (startswith(line, "Inactive(anon)")) {
+ snprintf(lbuf, 100, "Inactive(anon): %8lu kB\n", inactive_anon);
+ printme = lbuf;
+ } else if (startswith(line, "Active(file)")) {
+ snprintf(lbuf, 100, "Active(file): %8lu kB\n", active_file);
+ printme = lbuf;
+ } else if (startswith(line, "Inactive(file)")) {
+ snprintf(lbuf, 100, "Inactive(file): %8lu kB\n", inactive_file);
+ printme = lbuf;
+ } else if (startswith(line, "Unevictable")) {
+ snprintf(lbuf, 100, "Unevictable: %8lu kB\n", unevictable);
+ printme = lbuf;
+ } else if (startswith(line, "SReclaimable")) {
+ snprintf(lbuf, 100, "SReclaimable: %8lu kB\n", 0UL);
+ printme = lbuf;
+ } else if (startswith(line, "SUnreclaim")) {
+ snprintf(lbuf, 100, "SUnreclaim: %8lu kB\n", 0UL);
+ printme = lbuf;
} else
printme = line;
char cpu_char[10]; /* That's a lot of cores */
char *c;
+ if (strlen(line) == 0)
+ continue;
if (sscanf(line, "cpu%9[^ ]", cpu_char) != 1) {
/* not a ^cpuN line containing a number N, just print it */
l = snprintf(cache, cache_size, "%s", line);
#if RELOADTEST
void iwashere(void)
{
- char *name, *cwd = get_current_dir_name();
- size_t len;
int fd;
- if (!cwd)
- exit(1);
- len = strlen(cwd) + strlen("/iwashere") + 1;
- name = alloca(len);
- snprintf(name, len, "%s/iwashere", cwd);
- free(cwd);
- fd = creat(name, 0755);
+ fd = creat("/tmp/lxcfs-iwashere", 0644);
if (fd >= 0)
close(fd);
}
int proc_readdir(const char *path, void *buf, fuse_fill_dir_t filler, off_t offset,
struct fuse_file_info *fi)
{
- if (filler(buf, "cpuinfo", NULL, 0) != 0 ||
- filler(buf, "meminfo", NULL, 0) != 0 ||
- filler(buf, "stat", NULL, 0) != 0 ||
- filler(buf, "uptime", NULL, 0) != 0 ||
- filler(buf, "diskstats", NULL, 0) != 0 ||
- filler(buf, "swaps", NULL, 0) != 0)
+ if (filler(buf, ".", NULL, 0) != 0 ||
+ filler(buf, "..", NULL, 0) != 0 ||
+ filler(buf, "cpuinfo", NULL, 0) != 0 ||
+ filler(buf, "meminfo", NULL, 0) != 0 ||
+ filler(buf, "stat", NULL, 0) != 0 ||
+ filler(buf, "uptime", NULL, 0) != 0 ||
+ filler(buf, "diskstats", NULL, 0) != 0 ||
+ filler(buf, "swaps", NULL, 0) != 0)
return -EINVAL;
return 0;
}
int proc_access(const char *path, int mask)
{
+ if (strcmp(path, "/proc") == 0 && access(path, R_OK) == 0)
+ return 0;
+
/* these are all read-only */
if ((mask & ~R_OK) != 0)
return -EACCES;
}
}
-/*
- * Functions and types to ease the use of clone()/__clone2()
- */
-static pid_t lxcfs_clone(int (*fn)(void *), void *arg, int flags)
-{
- size_t stack_size = sysconf(_SC_PAGESIZE);
- void *stack = alloca(stack_size);
- pid_t ret;
-
-#ifdef __ia64__
- ret = __clone2(do_clone, stack,
- stack_size, flags | SIGCHLD, &clone_arg);
-#else
- ret = clone(fn, stack + stack_size, flags | SIGCHLD, &arg);
-#endif
- if (ret < 0)
- fprintf(stderr, "failed to clone (%#x): %s", flags, strerror(errno));
-
- return ret;
-}
-
/*
* Functions needed to setup cgroups in the __constructor__.
- * After the constructor has collected the mounted hierarchies we clone() a new
- * process which mounts the private lxcfs cgroup mounts in a new private mount
- * namespace not accessible to other processes. We then open an fd for each
- * mounted hierarchy and use CLONE_FILES to keep them valid in both the child
- * and the parent.
*/
static bool mkdir_p(const char *dir, mode_t mode)
static bool umount_if_mounted(void)
{
if (umount2(BASEDIR, MNT_DETACH) < 0 && errno != EINVAL) {
- fprintf(stderr, "failed to umount %s: %s\n", BASEDIR,
- strerror(errno));
+ fprintf(stderr, "failed to unmount %s: %s.\n", BASEDIR, strerror(errno));
return false;
}
return true;
static bool setup_cgfs_dir(void)
{
if (!mkdir_p(BASEDIR, 0700)) {
- fprintf(stderr, "Failed to create lxcfs cgdir\n");
+ fprintf(stderr, "Failed to create lxcfs cgroup mountpoint.\n");
return false;
}
+
if (!umount_if_mounted()) {
- fprintf(stderr, "Failed to clean up old lxcfs cgdir\n");
+ fprintf(stderr, "Failed to clean up old lxcfs cgroup mountpoint.\n");
+ return false;
+ }
+
+ if (unshare(CLONE_NEWNS) < 0) {
+ fprintf(stderr, "%s: Failed to unshare mount namespace: %s.\n", __func__, strerror(errno));
+ return false;
+ }
+
+ if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0) < 0) {
+ fprintf(stderr, "%s: Failed to remount / private: %s.\n", __func__, strerror(errno));
return false;
}
+
if (mount("tmpfs", BASEDIR, "tmpfs", 0, "size=100000,mode=700") < 0) {
- fprintf(stderr, "Failed to mount tmpfs for private controllers\n");
+ fprintf(stderr, "Failed to mount tmpfs over lxcfs cgroup mountpoint.\n");
return false;
}
+
return true;
}
return true;
}
-int cgfs_setup_controllers(void *data)
+static bool cgfs_setup_controllers(void)
{
- if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0) < 0) {
- fprintf(stderr, "%s: Failed to re-mount / private: %s.\n", __func__, strerror(errno));
- return -1;
- }
-
- if (!setup_cgfs_dir()) {
+ if (!setup_cgfs_dir())
return false;
- }
if (!do_mount_cgroups()) {
- fprintf(stderr, "Failed to set up cgroup mounts\n");
+ fprintf(stderr, "Failed to set up private lxcfs cgroup mounts.\n");
return false;
}
return true;
}
+static int preserve_ns(int pid)
+{
+ int ret;
+ size_t len = 5 /* /proc */ + 21 /* /int_as_str */ + 7 /* /ns/mnt */ + 1 /* \0 */;
+ char path[len];
+
+ ret = snprintf(path, len, "/proc/%d/ns/mnt", pid);
+ if (ret < 0 || (size_t)ret >= len)
+ return -1;
+
+ return open(path, O_RDONLY | O_CLOEXEC);
+}
+
static void __attribute__((constructor)) collect_and_mount_subsystems(void)
{
FILE *f;
char *line = NULL;
size_t len = 0;
+ int i, init_ns = -1;
if ((f = fopen("/proc/self/cgroup", "r")) == NULL) {
fprintf(stderr, "Error opening /proc/self/cgroup: %s\n", strerror(errno));
goto out;
}
- /* Now use clone(CLONE_NEWNS | CLONE_FILES) to mount cgroup hierarchies
- * in a private mount namespace to hide them from other processes that
- * would otherwise get confused. As fuse needs to be able to perform
- * file operations on the cgroup hierarchies. Hence we share open file
- * descriptors opened in the private mount namespace referring to those
- * hierarchies between child and parent process. */
- fd_hierarchies = mmap(NULL, sizeof(int *) * num_hierarchies, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0);
+ /* Preserve initial namespace. */
+ init_ns = preserve_ns(getpid());
+ if (init_ns < 0)
+ goto out;
+
+ fd_hierarchies = malloc(sizeof(int *) * num_hierarchies);
if (!fd_hierarchies)
goto out;
- pid_t pid = lxcfs_clone(cgfs_setup_controllers, NULL, CLONE_NEWNS | CLONE_FILES);
- if (pid < 0) {
- fprintf(stderr, "%s: Error cloning new mount namespace: %s\n", __func__, strerror(errno));
+ for (i = 0; i < num_hierarchies; i++)
+ fd_hierarchies[i] = -1;
+
+ /* This function calls unshare(CLONE_NEWNS) our initial mount namespace
+ * to privately mount lxcfs cgroups. */
+ if (!cgfs_setup_controllers())
goto out;
- }
- if (waitpid(pid, NULL, 0) < 0) {
- fprintf(stderr, "%s: Error waiting on cloned child: %s\n", __func__, strerror(errno));
+
+ if (setns(init_ns, 0) < 0)
goto out;
- }
print_subsystems();
out:
free(line);
fclose(f);
+ if (init_ns >= 0)
+ close(init_ns);
}
static void __attribute__((destructor)) free_subsystems(void)
for (i = 0; i < num_hierarchies; i++) {
if (hierarchies[i])
free(hierarchies[i]);
- if (fd_hierarchies[i] >= 0)
+ if (fd_hierarchies && fd_hierarchies[i] >= 0)
close(fd_hierarchies[i]);
}
free(hierarchies);
- if (fd_hierarchies)
- munmap(fd_hierarchies, sizeof(int *) * num_hierarchies);
+ free(fd_hierarchies);
}