#define FUSE_USE_VERSION 26
-#include <stdio.h>
#include <dirent.h>
+#include <errno.h>
#include <fcntl.h>
#include <fuse.h>
-#include <unistd.h>
-#include <errno.h>
-#include <stdbool.h>
-#include <time.h>
-#include <string.h>
-#include <stdlib.h>
#include <libgen.h>
-#include <sched.h>
#include <pthread.h>
+#include <sched.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+#include <wait.h>
#include <linux/sched.h>
+#include <sys/epoll.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
#include <sys/param.h>
#include <sys/socket.h>
-#include <sys/mount.h>
-#include <sys/epoll.h>
-#include <wait.h>
+#include <sys/syscall.h>
#include "bindings.h"
-
#include "config.h" // for VERSION
+/* Define pivot_root() if missing from the C library */
+#ifndef HAVE_PIVOT_ROOT
+static int pivot_root(const char * new_root, const char * put_old)
+{
+#ifdef __NR_pivot_root
+return syscall(__NR_pivot_root, new_root, put_old);
+#else
+errno = ENOSYS;
+return -1;
+#endif
+}
+#else
+extern int pivot_root(const char * new_root, const char * put_old);
+#endif
+
+#ifdef DEBUG
+#define lxcfs_debug(format, ...) \
+ do { \
+ fprintf(stderr, "%s: %d: %s: " format, __FILE__, __LINE__, \
+ __func__, __VA_ARGS__); \
+ } while (false)
+#else
+#define lxcfs_debug(format, ...)
+#endif /* DEBUG */
+
enum {
LXC_TYPE_CGDIR,
LXC_TYPE_CGFILE,
}
}
+/* READ-ONLY after __constructor__ collect_and_mount_subsystems() has run.
+ * Number of hierarchies mounted. */
+static int num_hierarchies;
+
+/* READ-ONLY after __constructor__ collect_and_mount_subsystems() has run.
+ * Hierachies mounted {cpuset, blkio, ...}:
+ * Initialized via __constructor__ collect_and_mount_subsystems(). */
+static char **hierarchies;
+
+/* READ-ONLY after __constructor__ collect_and_mount_subsystems() has run.
+ * Open file descriptors:
+ * @fd_hierarchies[i] refers to cgroup @hierarchies[i]. They are mounted in a
+ * private mount namespace.
+ * Initialized via __constructor__ collect_and_mount_subsystems().
+ * @fd_hierarchies[i] can be used to perform file operations on the cgroup
+ * mounts and respective files in the private namespace even when located in
+ * another namespace using the *at() family of functions
+ * {openat(), fchownat(), ...}. */
+static int *fd_hierarchies;
+
static void unlock_mutex(pthread_mutex_t *l)
{
int ret;
snprintf(fnam, 100, "/proc/%d", e->initpid);
if (stat(fnam, &initsb) < 0)
return false;
-#if DEBUG
- fprintf(stderr, "comparing ctime %ld %ld for pid %d\n",
- e->ctime, initsb.st_ctime, e->initpid);
-#endif
+
+ lxcfs_debug("Comparing ctime %ld == %ld for pid %d.\n", e->ctime,
+ initsb.st_ctime, e->initpid);
+
if (e->ctime != initsb.st_ctime)
return false;
return true;
struct pidns_init_store *tmp;
int h;
-#if DEBUG
- fprintf(stderr, "remove_initpid: removing entry for %d\n", e->initpid);
-#endif
+ lxcfs_debug("Remove_initpid: removing entry for %d.\n", e->initpid);
+
h = HASH(e->ino);
if (pidns_hash_table[h] == e) {
pidns_hash_table[h] = e->next;
now = time(NULL);
if (now < last_prune + PURGE_SECS)
return;
-#if DEBUG
- fprintf(stderr, "pruning\n");
-#endif
+
+ lxcfs_debug("%s\n", "Pruning.");
+
last_prune = now;
threshold = now - 2 * PURGE_SECS;
for (i = 0; i < PIDNS_HASH_SIZE; i++) {
for (prev = NULL, e = pidns_hash_table[i]; e; ) {
if (e->lastcheck < threshold) {
-#if DEBUG
- fprintf(stderr, "Removing cached entry for %d\n", e->initpid);
-#endif
+
+ lxcfs_debug("Removing cached entry for %d.\n", e->initpid);
+
delme = e;
if (prev)
prev->next = e->next;
struct stat procsb;
int h;
-#if DEBUG
- fprintf(stderr, "save_initpid: adding entry for %d\n", pid);
-#endif
+ lxcfs_debug("Save_initpid: adding entry for %d.\n", pid);
+
snprintf(fpath, 100, "/proc/%d", pid);
if (stat(fpath, &procsb) < 0)
return;
return NULL;
}
-static int is_dir(const char *path)
+static int is_dir(const char *path, int fd)
{
struct stat statbuf;
- int ret = stat(path, &statbuf);
+ int ret = fstatat(fd, path, &statbuf, fd);
if (ret == 0 && S_ISDIR(statbuf.st_mode))
return 1;
return 0;
*len = newlen;
}
-static char *slurp_file(const char *from)
+static char *slurp_file(const char *from, int fd)
{
char *line = NULL;
char *contents = NULL;
- FILE *f = fopen(from, "r");
+ FILE *f = fdopen(fd, "r");
size_t len = 0, fulllen = 0;
ssize_t linelen;
return contents;
}
-static bool write_string(const char *fnam, const char *string)
+static bool write_string(const char *fnam, const char *string, int fd)
{
FILE *f;
size_t len, ret;
- if (!(f = fopen(fnam, "w")))
+ if (!(f = fdopen(fd, "w")))
return false;
len = strlen(string);
ret = fwrite(string, 1, len, f);
return true;
}
-/*
- * hierarchies, i.e. 'cpu,cpuacct'
- */
-char **hierarchies;
-int num_hierarchies;
-
struct cgfs_files {
char *name;
uint32_t uid, gid;
{
int i;
- fprintf(stderr, "hierarchies:");
+ fprintf(stderr, "hierarchies:\n");
for (i = 0; i < num_hierarchies; i++) {
if (hierarchies[i])
fprintf(stderr, " %d: %s\n", i, hierarchies[i]);
const char *s = haystack, *e;
size_t nlen = strlen(needle);
- while (*s && (e = index(s, ','))) {
+ while (*s && (e = strchr(s, ','))) {
if (nlen != e - s) {
s = e + 1;
continue;
}
/* do we need to do any massaging here? I'm not sure... */
-static char *find_mounted_controller(const char *controller)
+/* Return the mounted controller and store the corresponding open file descriptor
+ * referring to the controller mountpoint in the private lxcfs namespace in
+ * @cfd.
+ */
+static char *find_mounted_controller(const char *controller, int *cfd)
{
int i;
for (i = 0; i < num_hierarchies; i++) {
if (!hierarchies[i])
continue;
- if (strcmp(hierarchies[i], controller) == 0)
+ if (strcmp(hierarchies[i], controller) == 0) {
+ *cfd = fd_hierarchies[i];
return hierarchies[i];
- if (in_comma_list(controller, hierarchies[i]))
+ }
+ if (in_comma_list(controller, hierarchies[i])) {
+ *cfd = fd_hierarchies[i];
return hierarchies[i];
+ }
}
return NULL;
bool cgfs_set_value(const char *controller, const char *cgroup, const char *file,
const char *value)
{
+ int ret, fd, cfd;
size_t len;
- char *fnam, *tmpc = find_mounted_controller(controller);
+ char *fnam, *tmpc;
+ tmpc = find_mounted_controller(controller, &cfd);
if (!tmpc)
return false;
- /* basedir / tmpc / cgroup / file \0 */
- len = strlen(basedir) + strlen(tmpc) + strlen(cgroup) + strlen(file) + 4;
+
+ /* Make sure we pass a relative path to *at() family of functions.
+ * . + /cgroup + / + file + \0
+ */
+ len = strlen(cgroup) + strlen(file) + 3;
fnam = alloca(len);
- snprintf(fnam, len, "%s/%s/%s/%s", basedir, tmpc, cgroup, file);
+ ret = snprintf(fnam, len, "%s%s/%s", *cgroup == '/' ? "." : "", cgroup, file);
+ if (ret < 0 || (size_t)ret >= len)
+ return false;
+
+ fd = openat(cfd, fnam, O_WRONLY);
+ if (fd < 0)
+ return false;
- return write_string(fnam, value);
+ return write_string(fnam, value, fd);
}
// Chown all the files in the cgroup directory. We do this when we create
// a cgroup on behalf of a user.
-static void chown_all_cgroup_files(const char *dirname, uid_t uid, gid_t gid)
+static void chown_all_cgroup_files(const char *dirname, uid_t uid, gid_t gid, int fd)
{
- struct dirent dirent, *direntp;
+ struct dirent *direntp;
char path[MAXPATHLEN];
size_t len;
DIR *d;
- int ret;
+ int fd1, ret;
len = strlen(dirname);
if (len >= MAXPATHLEN) {
return;
}
- d = opendir(dirname);
+ fd1 = openat(fd, dirname, O_DIRECTORY);
+ if (fd1 < 0)
+ return;
+
+ d = fdopendir(fd1);
if (!d) {
fprintf(stderr, "chown_all_cgroup_files: failed to open %s\n", dirname);
return;
}
- while (readdir_r(d, &dirent, &direntp) == 0 && direntp) {
+ while ((direntp = readdir(d))) {
if (!strcmp(direntp->d_name, ".") || !strcmp(direntp->d_name, ".."))
continue;
ret = snprintf(path, MAXPATHLEN, "%s/%s", dirname, direntp->d_name);
fprintf(stderr, "chown_all_cgroup_files: pathname too long under %s\n", dirname);
continue;
}
- if (chown(path, uid, gid) < 0)
+ if (fchownat(fd, path, uid, gid, 0) < 0)
fprintf(stderr, "Failed to chown file %s to %u:%u", path, uid, gid);
}
closedir(d);
int cgfs_create(const char *controller, const char *cg, uid_t uid, gid_t gid)
{
+ int cfd;
size_t len;
- char *dirnam, *tmpc = find_mounted_controller(controller);
+ char *dirnam, *tmpc;
+ tmpc = find_mounted_controller(controller, &cfd);
if (!tmpc)
return -EINVAL;
- /* basedir / tmpc / cg \0 */
- len = strlen(basedir) + strlen(tmpc) + strlen(cg) + 3;
+
+ /* Make sure we pass a relative path to *at() family of functions.
+ * . + /cg + \0
+ */
+ len = strlen(cg) + 2;
dirnam = alloca(len);
- snprintf(dirnam, len, "%s/%s/%s", basedir,tmpc, cg);
+ snprintf(dirnam, len, "%s%s", *cg == '/' ? "." : "", cg);
- if (mkdir(dirnam, 0755) < 0)
+ if (mkdirat(cfd, dirnam, 0755) < 0)
return -errno;
if (uid == 0 && gid == 0)
return 0;
- if (chown(dirnam, uid, gid) < 0)
+ if (fchownat(cfd, dirnam, uid, gid, 0) < 0)
return -errno;
- chown_all_cgroup_files(dirnam, uid, gid);
+ chown_all_cgroup_files(dirnam, uid, gid, cfd);
return 0;
}
-static bool recursive_rmdir(const char *dirname)
+static bool recursive_rmdir(const char *dirname, int fd, const int cfd)
{
- struct dirent dirent, *direntp;
+ struct dirent *direntp;
DIR *dir;
bool ret = false;
char pathname[MAXPATHLEN];
+ int dupfd;
- dir = opendir(dirname);
+ dupfd = dup(fd); // fdopendir() does bad things once it uses an fd.
+ if (dupfd < 0)
+ return false;
+
+ dir = fdopendir(dupfd);
if (!dir) {
-#if DEBUG
- fprintf(stderr, "%s: failed to open %s: %s\n", __func__, dirname, strerror(errno));
-#endif
+ lxcfs_debug("Failed to open %s: %s.\n", dirname, strerror(errno));
+ close(dupfd);
return false;
}
- while (!readdir_r(dir, &dirent, &direntp)) {
+ while ((direntp = readdir(dir))) {
struct stat mystat;
int rc;
- if (!direntp)
- break;
-
if (!strcmp(direntp->d_name, ".") ||
!strcmp(direntp->d_name, ".."))
continue;
continue;
}
- ret = lstat(pathname, &mystat);
- if (ret) {
-#if DEBUG
- fprintf(stderr, "%s: failed to stat %s: %s\n", __func__, pathname, strerror(errno));
-#endif
+ rc = fstatat(cfd, pathname, &mystat, AT_SYMLINK_NOFOLLOW);
+ if (rc) {
+ lxcfs_debug("Failed to stat %s: %s.\n", pathname, strerror(errno));
continue;
}
- if (S_ISDIR(mystat.st_mode)) {
- if (!recursive_rmdir(pathname)) {
-#if DEBUG
- fprintf(stderr, "Error removing %s\n", pathname);
-#endif
- }
- }
+ if (S_ISDIR(mystat.st_mode))
+ if (!recursive_rmdir(pathname, fd, cfd))
+ lxcfs_debug("Error removing %s.\n", pathname);
}
ret = true;
ret = false;
}
- if (rmdir(dirname) < 0) {
-#if DEBUG
- fprintf(stderr, "%s: failed to delete %s: %s\n", __func__, dirname, strerror(errno));
-#endif
+ if (unlinkat(cfd, dirname, AT_REMOVEDIR) < 0) {
+ lxcfs_debug("Failed to delete %s: %s.\n", dirname, strerror(errno));
ret = false;
}
+ close(dupfd);
+
return ret;
}
bool cgfs_remove(const char *controller, const char *cg)
{
+ int fd, cfd;
size_t len;
- char *dirnam, *tmpc = find_mounted_controller(controller);
+ char *dirnam, *tmpc;
+ bool bret;
+ tmpc = find_mounted_controller(controller, &cfd);
if (!tmpc)
return false;
- /* basedir / tmpc / cg \0 */
- len = strlen(basedir) + strlen(tmpc) + strlen(cg) + 3;
+
+ /* Make sure we pass a relative path to *at() family of functions.
+ * . + /cg + \0
+ */
+ len = strlen(cg) + 2;
dirnam = alloca(len);
- snprintf(dirnam, len, "%s/%s/%s", basedir,tmpc, cg);
- return recursive_rmdir(dirnam);
+ snprintf(dirnam, len, "%s%s", *cg == '/' ? "." : "", cg);
+
+ fd = openat(cfd, dirnam, O_DIRECTORY);
+ if (fd < 0)
+ return false;
+
+ bret = recursive_rmdir(dirnam, fd, cfd);
+ close(fd);
+ return bret;
}
bool cgfs_chmod_file(const char *controller, const char *file, mode_t mode)
{
+ int cfd;
size_t len;
- char *pathname, *tmpc = find_mounted_controller(controller);
+ char *pathname, *tmpc;
+ tmpc = find_mounted_controller(controller, &cfd);
if (!tmpc)
return false;
- /* basedir / tmpc / file \0 */
- len = strlen(basedir) + strlen(tmpc) + strlen(file) + 3;
+
+ /* Make sure we pass a relative path to *at() family of functions.
+ * . + /file + \0
+ */
+ len = strlen(file) + 2;
pathname = alloca(len);
- snprintf(pathname, len, "%s/%s/%s", basedir, tmpc, file);
- if (chmod(pathname, mode) < 0)
+ snprintf(pathname, len, "%s%s", *file == '/' ? "." : "", file);
+ if (fchmodat(cfd, pathname, mode, 0) < 0)
return false;
return true;
}
-static int chown_tasks_files(const char *dirname, uid_t uid, gid_t gid)
+static int chown_tasks_files(const char *dirname, uid_t uid, gid_t gid, int fd)
{
size_t len;
char *fname;
len = strlen(dirname) + strlen("/cgroup.procs") + 1;
fname = alloca(len);
snprintf(fname, len, "%s/tasks", dirname);
- if (chown(fname, uid, gid) != 0)
+ if (fchownat(fd, fname, uid, gid, 0) != 0)
return -errno;
snprintf(fname, len, "%s/cgroup.procs", dirname);
- if (chown(fname, uid, gid) != 0)
+ if (fchownat(fd, fname, uid, gid, 0) != 0)
return -errno;
return 0;
}
int cgfs_chown_file(const char *controller, const char *file, uid_t uid, gid_t gid)
{
+ int cfd;
size_t len;
- char *pathname, *tmpc = find_mounted_controller(controller);
+ char *pathname, *tmpc;
+ tmpc = find_mounted_controller(controller, &cfd);
if (!tmpc)
return -EINVAL;
- /* basedir / tmpc / file \0 */
- len = strlen(basedir) + strlen(tmpc) + strlen(file) + 3;
+
+ /* Make sure we pass a relative path to *at() family of functions.
+ * . + /file + \0
+ */
+ len = strlen(file) + 2;
pathname = alloca(len);
- snprintf(pathname, len, "%s/%s/%s", basedir, tmpc, file);
- if (chown(pathname, uid, gid) < 0)
+ snprintf(pathname, len, "%s%s", *file == '/' ? "." : "", file);
+ if (fchownat(cfd, pathname, uid, gid, 0) < 0)
return -errno;
- if (is_dir(pathname))
+ if (is_dir(pathname, cfd))
// like cgmanager did, we want to chown the tasks file as well
- return chown_tasks_files(pathname, uid, gid);
+ return chown_tasks_files(pathname, uid, gid, cfd);
return 0;
}
FILE *open_pids_file(const char *controller, const char *cgroup)
{
+ int fd, cfd;
size_t len;
- char *pathname, *tmpc = find_mounted_controller(controller);
+ char *pathname, *tmpc;
+ tmpc = find_mounted_controller(controller, &cfd);
if (!tmpc)
return NULL;
- /* basedir / tmpc / cgroup / "cgroup.procs" \0 */
- len = strlen(basedir) + strlen(tmpc) + strlen(cgroup) + 4 + strlen("cgroup.procs");
+
+ /* Make sure we pass a relative path to *at() family of functions.
+ * . + /cgroup + / "cgroup.procs" + \0
+ */
+ len = strlen(cgroup) + strlen("cgroup.procs") + 3;
pathname = alloca(len);
- snprintf(pathname, len, "%s/%s/%s/cgroup.procs", basedir, tmpc, cgroup);
- return fopen(pathname, "w");
+ snprintf(pathname, len, "%s%s/cgroup.procs", *cgroup == '/' ? "." : "", cgroup);
+
+ fd = openat(cfd, pathname, O_WRONLY);
+ if (fd < 0)
+ return NULL;
+
+ return fdopen(fd, "w");
}
static bool cgfs_iterate_cgroup(const char *controller, const char *cgroup, bool directories,
void ***list, size_t typesize,
void* (*iterator)(const char*, const char*, const char*))
{
+ int cfd, fd, ret;
size_t len;
- char *dirname, *tmpc = find_mounted_controller(controller);
+ char *cg, *tmpc;
char pathname[MAXPATHLEN];
size_t sz = 0, asz = 0;
- struct dirent dirent, *direntp;
+ struct dirent *dirent;
DIR *dir;
- int ret;
+ tmpc = find_mounted_controller(controller, &cfd);
*list = NULL;
if (!tmpc)
return false;
- /* basedir / tmpc / cgroup \0 */
- len = strlen(basedir) + strlen(tmpc) + strlen(cgroup) + 3;
- dirname = alloca(len);
- snprintf(dirname, len, "%s/%s/%s", basedir, tmpc, cgroup);
+ /* Make sure we pass a relative path to *at() family of functions. */
+ len = strlen(cgroup) + 1 /* . */ + 1 /* \0 */;
+ cg = alloca(len);
+ ret = snprintf(cg, len, "%s%s", *cgroup == '/' ? "." : "", cgroup);
+ if (ret < 0 || (size_t)ret >= len) {
+ fprintf(stderr, "%s: pathname too long under %s\n", __func__, cgroup);
+ return false;
+ }
+
+ fd = openat(cfd, cg, O_DIRECTORY);
+ if (fd < 0)
+ return false;
- dir = opendir(dirname);
+ dir = fdopendir(fd);
if (!dir)
return false;
- while (!readdir_r(dir, &dirent, &direntp)) {
+ while ((dirent = readdir(dir))) {
struct stat mystat;
- int rc;
- if (!direntp)
- break;
-
- if (!strcmp(direntp->d_name, ".") ||
- !strcmp(direntp->d_name, ".."))
+ if (!strcmp(dirent->d_name, ".") ||
+ !strcmp(dirent->d_name, ".."))
continue;
- rc = snprintf(pathname, MAXPATHLEN, "%s/%s", dirname, direntp->d_name);
- if (rc < 0 || rc >= MAXPATHLEN) {
- fprintf(stderr, "%s: pathname too long under %s\n", __func__, dirname);
+ ret = snprintf(pathname, MAXPATHLEN, "%s/%s", cg, dirent->d_name);
+ if (ret < 0 || ret >= MAXPATHLEN) {
+ fprintf(stderr, "%s: pathname too long under %s\n", __func__, cg);
continue;
}
- ret = lstat(pathname, &mystat);
+ ret = fstatat(cfd, pathname, &mystat, AT_SYMLINK_NOFOLLOW);
if (ret) {
fprintf(stderr, "%s: failed to stat %s: %s\n", __func__, pathname, strerror(errno));
continue;
} while (!tmp);
*list = tmp;
}
- (*list)[sz] = (*iterator)(controller, cgroup, direntp->d_name);
+ (*list)[sz] = (*iterator)(controller, cg, dirent->d_name);
(*list)[sz+1] = NULL;
sz++;
}
if (closedir(dir) < 0) {
- fprintf(stderr, "%s: failed closedir for %s: %s\n", __func__, dirname, strerror(errno));
+ fprintf(stderr, "%s: failed closedir for %s: %s\n", __func__, cgroup, strerror(errno));
return false;
}
return true;
bool cgfs_get_value(const char *controller, const char *cgroup, const char *file, char **value)
{
+ int ret, fd, cfd;
size_t len;
- char *fnam, *tmpc = find_mounted_controller(controller);
+ char *fnam, *tmpc;
+ tmpc = find_mounted_controller(controller, &cfd);
if (!tmpc)
return false;
- /* basedir / tmpc / cgroup / file \0 */
- len = strlen(basedir) + strlen(tmpc) + strlen(cgroup) + strlen(file) + 4;
+
+ /* Make sure we pass a relative path to *at() family of functions.
+ * . + /cgroup + / + file + \0
+ */
+ len = strlen(cgroup) + strlen(file) + 3;
fnam = alloca(len);
- snprintf(fnam, len, "%s/%s/%s/%s", basedir, tmpc, cgroup, file);
+ ret = snprintf(fnam, len, "%s%s/%s", *cgroup == '/' ? "." : "", cgroup, file);
+ if (ret < 0 || (size_t)ret >= len)
+ return NULL;
- *value = slurp_file(fnam);
+ fd = openat(cfd, fnam, O_RDONLY);
+ if (fd < 0)
+ return NULL;
+
+ *value = slurp_file(fnam, fd);
return *value != NULL;
}
struct cgfs_files *cgfs_get_key(const char *controller, const char *cgroup, const char *file)
{
+ int ret, cfd;
size_t len;
- char *fnam, *tmpc = find_mounted_controller(controller);
+ char *fnam, *tmpc;
struct stat sb;
struct cgfs_files *newkey;
- int ret;
+ tmpc = find_mounted_controller(controller, &cfd);
if (!tmpc)
return false;
if (file && *file == '/')
file++;
- if (file && index(file, '/'))
+ if (file && strchr(file, '/'))
return NULL;
- /* basedir / tmpc / cgroup / file \0 */
- len = strlen(basedir) + strlen(tmpc) + strlen(cgroup) + 3;
+ /* Make sure we pass a relative path to *at() family of functions.
+ * . + /cgroup + / + file + \0
+ */
+ len = strlen(cgroup) + 3;
if (file)
len += strlen(file) + 1;
fnam = alloca(len);
- snprintf(fnam, len, "%s/%s/%s%s%s", basedir, tmpc, cgroup,
- file ? "/" : "", file ? file : "");
+ snprintf(fnam, len, "%s%s%s%s", *cgroup == '/' ? "." : "", cgroup,
+ file ? "/" : "", file ? file : "");
- ret = stat(fnam, &sb);
+ ret = fstatat(cfd, fnam, &sb, 0);
if (ret < 0)
return NULL;
} while (!newkey);
if (file)
newkey->name = must_copy_string(file);
- else if (rindex(cgroup, '/'))
- newkey->name = must_copy_string(rindex(cgroup, '/'));
+ else if (strrchr(cgroup, '/'))
+ newkey->name = must_copy_string(strrchr(cgroup, '/'));
else
newkey->name = must_copy_string(cgroup);
newkey->uid = sb.st_uid;
}
bool is_child_cgroup(const char *controller, const char *cgroup, const char *f)
-{ size_t len;
- char *fnam, *tmpc = find_mounted_controller(controller);
+{
+ int cfd;
+ size_t len;
+ char *fnam, *tmpc;
int ret;
struct stat sb;
+ tmpc = find_mounted_controller(controller, &cfd);
if (!tmpc)
return false;
- /* basedir / tmpc / cgroup / f \0 */
- len = strlen(basedir) + strlen(tmpc) + strlen(cgroup) + strlen(f) + 4;
+
+ /* Make sure we pass a relative path to *at() family of functions.
+ * . + /cgroup + / + f + \0
+ */
+ len = strlen(cgroup) + strlen(f) + 3;
fnam = alloca(len);
- snprintf(fnam, len, "%s/%s/%s/%s", basedir, tmpc, cgroup, f);
+ ret = snprintf(fnam, len, "%s%s/%s", *cgroup == '/' ? "." : "", cgroup, f);
+ if (ret < 0 || (size_t)ret >= len)
+ return false;
- ret = stat(fnam, &sb);
+ ret = fstatat(cfd, fnam, &sb, 0);
if (ret < 0 || !S_ISDIR(sb.st_mode))
return false;
+
return true;
}
return NULL;
}
- if (strcmp(querycg, "/") == 0)
+ if ((strcmp(querycg, "/") == 0) || (strcmp(querycg, "./") == 0))
start = strdup(taskcg + 1);
else
start = strdup(taskcg + strlen(querycg) + 1);
static char *get_pid_cgroup(pid_t pid, const char *contrl)
{
+ int cfd;
char fnam[PROCLEN];
FILE *f;
char *answer = NULL;
char *line = NULL;
size_t len = 0;
int ret;
- const char *h = find_mounted_controller(contrl);
+ const char *h = find_mounted_controller(contrl, &cfd);
if (!h)
return NULL;
prune_init_slice(c2);
/*
- * callers pass in '/' for root cgroup, otherwise they pass
- * in a cgroup without leading '/'
+ * callers pass in '/' or './' (openat()) for root cgroup, otherwise
+ * they pass in a cgroup without leading '/'
+ *
+ * The original line here was:
+ * linecmp = *cg == '/' ? c2 : c2+1;
+ * TODO: I'm not sure why you'd want to increment when *cg != '/'?
+ * Serge, do you know?
*/
- linecmp = *cg == '/' ? c2 : c2+1;
+ if (*cg == '/' || !strncmp(cg, "./", 2))
+ linecmp = c2;
+ else
+ linecmp = c2 + 1;
if (strncmp(linecmp, cg, strlen(linecmp)) != 0) {
if (nextcg) {
*nextcg = get_next_cgroup_dir(linecmp, cg);
char *c2, *task_cg;
size_t target_len, task_len;
- if (strcmp(cg, "/") == 0)
+ if (strcmp(cg, "/") == 0 || strcmp(cg, "./") == 0)
return true;
c2 = get_pid_cgroup(pid, contrl);
const char *p1;
char *contr, *slash;
- if (strlen(path) < 9)
+ if (strlen(path) < 9) {
+ errno = EACCES;
return NULL;
- if (*(path+7) != '/')
+ }
+ if (*(path + 7) != '/') {
+ errno = EINVAL;
return NULL;
- p1 = path+8;
+ }
+ p1 = path + 8;
contr = strdupa(p1);
- if (!contr)
+ if (!contr) {
+ errno = ENOMEM;
return NULL;
+ }
slash = strstr(contr, "/");
if (slash)
*slash = '\0';
int i;
- for (i = 0; i < num_hierarchies; i++) {
+ for (i = 0; i < num_hierarchies; i++) {
if (hierarchies[i] && strcmp(hierarchies[i], contr) == 0)
return hierarchies[i];
}
+ errno = ENOENT;
return NULL;
}
{
const char *p1;
- if (strlen(path) < 9)
+ if (strlen(path) < 9) {
+ errno = EACCES;
return NULL;
- p1 = strstr(path+8, "/");
- if (!p1)
+ }
+ p1 = strstr(path + 8, "/");
+ if (!p1) {
+ errno = EINVAL;
return NULL;
- return p1+1;
+ }
+ errno = 0;
+ return p1 + 1;
}
/*
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EIO;
+ return -errno;
cgroup = find_cgroup_in_path(path);
if (!cgroup) {
/* this is just /cgroup/controller, return it as a dir */
// return list of keys for the controller, and list of child cgroups
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EIO;
+ return -errno;
cgroup = find_cgroup_in_path(path);
if (!cgroup) {
struct fuse_context *fc = fuse_get_context();
char **clist = NULL;
+ if (filler(buf, ".", NULL, 0) != 0 || filler(buf, "..", NULL, 0) != 0)
+ return -EIO;
+
if (d->type != LXC_TYPE_CGDIR) {
fprintf(stderr, "Internal error: file cache info used in readdir\n");
return -EIO;
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EIO;
+ return -errno;
cgroup = find_cgroup_in_path(path);
if (!cgroup)
- return -EINVAL;
+ return -errno;
get_cgdir_and_path(cgroup, &cgdir, &last);
if (!last) {
int cg_access(const char *path, int mode)
{
+ int ret;
const char *cgroup;
- char *last = NULL, *path1, *path2, * cgdir = NULL, *controller;
+ char *path1, *path2, *controller;
+ char *last = NULL, *cgdir = NULL;
struct cgfs_files *k = NULL;
struct fuse_context *fc = fuse_get_context();
- int ret;
+
+ if (strcmp(path, "/cgroup") == 0)
+ return 0;
if (!fc)
return -EIO;
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EIO;
+ return -errno;
cgroup = find_cgroup_in_path(path);
- if (!cgroup)
- return -EINVAL;
+ if (!cgroup) {
+ // access("/sys/fs/cgroup/systemd", mode) - rx allowed, w not
+ if ((mode & W_OK) == 0)
+ return 0;
+ return -EACCES;
+ }
get_cgdir_and_path(cgroup, &cgdir, &last);
if (!last) {
k = cgfs_get_key(controller, path1, path2);
if (!k) {
- ret = -EINVAL;
+ if ((mode & W_OK) == 0)
+ ret = 0;
+ else
+ ret = -EACCES;
goto out;
}
free_key(k);
return -EIO;
if (strcmp(path, "/cgroup") == 0)
- return -EINVAL;
+ return -EPERM;
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EINVAL;
+ return errno == ENOENT ? -EPERM : -errno;
+
cgroup = find_cgroup_in_path(path);
if (!cgroup)
/* this is just /cgroup/controller */
- return -EINVAL;
+ return -EPERM;
get_cgdir_and_path(cgroup, &cgdir, &last);
return -EIO;
if (strcmp(path, "/cgroup") == 0)
- return -EINVAL;
+ return -EPERM;
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EINVAL;
+ return errno == ENOENT ? -EPERM : -errno;
+
cgroup = find_cgroup_in_path(path);
if (!cgroup)
/* this is just /cgroup/controller */
- return -EINVAL;
+ return -EPERM;
get_cgdir_and_path(cgroup, &cgdir, &last);
if (!fc)
return -EIO;
-
controller = pick_controller_from_path(fc, path);
if (!controller)
- return -EINVAL;
+ return errno == ENOENT ? -EPERM : -errno;
cgroup = find_cgroup_in_path(path);
if (!cgroup)
- return -EINVAL;
+ return -errno;
get_cgdir_and_path(cgroup, &cgdir, &last);
if (!last)
else if (last && strcmp(next, last) == 0)
ret = -EEXIST;
else
- ret = -ENOENT;
+ ret = -EPERM;
goto out;
}
return -EIO;
controller = pick_controller_from_path(fc, path);
- if (!controller)
- return -EINVAL;
+ if (!controller) /* Someone's trying to delete "/cgroup". */
+ return -EPERM;
cgroup = find_cgroup_in_path(path);
- if (!cgroup)
- return -EINVAL;
+ if (!cgroup) /* Someone's trying to delete a controller e.g. "/blkio". */
+ return -EPERM;
get_cgdir_and_path(cgroup, &cgdir, &last);
if (!last) {
- ret = -EINVAL;
+ /* Someone's trying to delete a cgroup on the same level as the
+ * "/lxc" cgroup e.g. rmdir "/cgroup/blkio/lxc" or
+ * rmdir "/cgroup/blkio/init.slice".
+ */
+ ret = -EPERM;
goto out;
}
return false;
}
-static void get_mem_cached(char *memstat, unsigned long *v)
+static void parse_memstat(char *memstat, unsigned long *cached,
+ unsigned long *active_anon, unsigned long *inactive_anon,
+ unsigned long *active_file, unsigned long *inactive_file,
+ unsigned long *unevictable)
{
char *eol;
- *v = 0;
while (*memstat) {
- if (startswith(memstat, "total_cache")) {
- sscanf(memstat + 11, "%lu", v);
- *v /= 1024;
- return;
+ if (startswith(memstat, "cache")) {
+ sscanf(memstat + 11, "%lu", cached);
+ *cached /= 1024;
+ } else if (startswith(memstat, "active_anon")) {
+ sscanf(memstat + 11, "%lu", active_anon);
+ *active_anon /= 1024;
+ } else if (startswith(memstat, "inactive_anon")) {
+ sscanf(memstat + 11, "%lu", inactive_anon);
+ *inactive_anon /= 1024;
+ } else if (startswith(memstat, "active_file")) {
+ sscanf(memstat + 11, "%lu", active_file);
+ *active_file /= 1024;
+ } else if (startswith(memstat, "inactive_file")) {
+ sscanf(memstat + 11, "%lu", inactive_file);
+ *inactive_file /= 1024;
+ } else if (startswith(memstat, "unevictable")) {
+ sscanf(memstat + 11, "%lu", unevictable);
+ *unevictable /= 1024;
}
eol = strchr(memstat, '\n');
if (!eol)
return 0;
while (getline(&line, &linelen, f) != -1) {
- size_t l = snprintf(cache, cache_size, "%s", line);
+ ssize_t l = snprintf(cache, cache_size, "%s", line);
if (l < 0) {
perror("Error writing to cache");
rv = 0;
}
d->size = total_len;
- if (total_len > size ) total_len = size;
+ if (total_len > size)
+ total_len = size;
/* read from off 0 */
memcpy(buf, d->buf, total_len);
*memswlimit_str = NULL, *memswusage_str = NULL,
*memswlimit_default_str = NULL, *memswusage_default_str = NULL;
unsigned long memlimit = 0, memusage = 0, memswlimit = 0, memswusage = 0,
- cached = 0, hosttotal = 0;
+ cached = 0, hosttotal = 0, active_anon = 0, inactive_anon = 0,
+ active_file = 0, inactive_file = 0, unevictable = 0;
char *line = NULL;
size_t linelen = 0, total_len = 0, rv = 0;
char *cache = d->buf;
memlimit /= 1024;
memusage /= 1024;
- get_mem_cached(memstat_str, &cached);
+ parse_memstat(memstat_str, &cached, &active_anon,
+ &inactive_anon, &active_file, &inactive_file,
+ &unevictable);
f = fopen("/proc/meminfo", "r");
if (!f)
goto err;
while (getline(&line, &linelen, f) != -1) {
- size_t l;
+ ssize_t l;
char *printme, lbuf[100];
memset(lbuf, 0, 100);
snprintf(lbuf, 100, "SwapTotal: %8lu kB\n", memswlimit - memlimit);
printme = lbuf;
} else if (startswith(line, "SwapFree:") && memswlimit > 0 && memswusage > 0) {
- snprintf(lbuf, 100, "SwapFree: %8lu kB\n",
- (memswlimit - memlimit) - (memswusage - memusage));
+ unsigned long swaptotal = memswlimit - memlimit,
+ swapusage = memswusage - memusage,
+ swapfree = swapusage < swaptotal ? swaptotal - swapusage : 0;
+ snprintf(lbuf, 100, "SwapFree: %8lu kB\n", swapfree);
printme = lbuf;
} else if (startswith(line, "Slab:")) {
snprintf(lbuf, 100, "Slab: %8lu kB\n", 0UL);
} else if (startswith(line, "SwapCached:")) {
snprintf(lbuf, 100, "SwapCached: %8lu kB\n", 0UL);
printme = lbuf;
+ } else if (startswith(line, "Active")) {
+ snprintf(lbuf, 100, "Active: %8lu kB\n",
+ active_anon + active_file);
+ printme = lbuf;
+ } else if (startswith(line, "Inactive")) {
+ snprintf(lbuf, 100, "Inactive: %8lu kB\n",
+ inactive_anon + inactive_file);
+ printme = lbuf;
+ } else if (startswith(line, "Active(anon)")) {
+ snprintf(lbuf, 100, "Active(anon): %8lu kB\n", active_anon);
+ printme = lbuf;
+ } else if (startswith(line, "Inactive(anon)")) {
+ snprintf(lbuf, 100, "Inactive(anon): %8lu kB\n", inactive_anon);
+ printme = lbuf;
+ } else if (startswith(line, "Active(file)")) {
+ snprintf(lbuf, 100, "Active(file): %8lu kB\n", active_file);
+ printme = lbuf;
+ } else if (startswith(line, "Inactive(file)")) {
+ snprintf(lbuf, 100, "Inactive(file): %8lu kB\n", inactive_file);
+ printme = lbuf;
+ } else if (startswith(line, "Unevictable")) {
+ snprintf(lbuf, 100, "Unevictable: %8lu kB\n", unevictable);
+ printme = lbuf;
+ } else if (startswith(line, "SReclaimable")) {
+ snprintf(lbuf, 100, "SReclaimable: %8lu kB\n", 0UL);
+ printme = lbuf;
+ } else if (startswith(line, "SUnreclaim")) {
+ snprintf(lbuf, 100, "SUnreclaim: %8lu kB\n", 0UL);
+ printme = lbuf;
} else
printme = line;
goto err;
while (getline(&line, &linelen, f) != -1) {
- size_t l;
+ ssize_t l;
if (firstline) {
firstline = false;
if (strstr(line, "IBM/S390") != NULL) {
is_s390x = true;
am_printing = true;
+ continue;
}
}
+ if (strncmp(line, "# processors:", 12) == 0)
+ continue;
if (is_processor_line(line)) {
am_printing = cpuline_in_cpuset(line, cpuset);
if (am_printing) {
if (!p || !*p)
goto err;
p++;
- l = snprintf(cache, cache_size, "processor %d:%s", curcpu,
- );
+ l = snprintf(cache, cache_size, "processor %d:%s", curcpu, p);
if (l < 0) {
perror("Error writing to cache");
rv = 0;
}
}
+ if (is_s390x) {
+ char *origcache = d->buf;
+ ssize_t l;
+ do {
+ d->buf = malloc(d->buflen);
+ } while (!d->buf);
+ cache = d->buf;
+ cache_size = d->buflen;
+ total_len = 0;
+ l = snprintf(cache, cache_size, "vendor_id : IBM/S390\n");
+ if (l < 0 || l >= cache_size) {
+ free(origcache);
+ goto err;
+ }
+ cache_size -= l;
+ cache += l;
+ total_len += l;
+ l = snprintf(cache, cache_size, "# processors : %d\n", curcpu + 1);
+ if (l < 0 || l >= cache_size) {
+ free(origcache);
+ goto err;
+ }
+ cache_size -= l;
+ cache += l;
+ total_len += l;
+ l = snprintf(cache, cache_size, "%s", origcache);
+ free(origcache);
+ if (l < 0 || l >= cache_size)
+ goto err;
+ total_len += l;
+ }
+
d->cached = 1;
d->size = total_len;
if (total_len > size ) total_len = size;
}
while (getline(&line, &linelen, f) != -1) {
- size_t l;
+ ssize_t l;
int cpu;
char cpu_char[10]; /* That's a lot of cores */
char *c;
+ if (strlen(line) == 0)
+ continue;
if (sscanf(line, "cpu%9[^ ]", cpu_char) != 1) {
/* not a ^cpuN line containing a number N, just print it */
l = snprintf(cache, cache_size, "%s", line);
#if RELOADTEST
void iwashere(void)
{
- char *name, *cwd = get_current_dir_name();
- size_t len;
int fd;
- if (!cwd)
- exit(1);
- len = strlen(cwd) + strlen("/iwashere") + 1;
- name = alloca(len);
- snprintf(name, len, "%s/iwashere", cwd);
- free(cwd);
- fd = creat(name, 0755);
+ fd = creat("/tmp/lxcfs-iwashere", 0644);
if (fd >= 0)
close(fd);
}
long int reaperage = getreaperage(fc->pid);
unsigned long int busytime = get_reaper_busy(fc->pid), idletime;
char *cache = d->buf;
- size_t total_len = 0;
+ ssize_t total_len = 0;
#if RELOADTEST
iwashere();
return read_file("/proc/diskstats", buf, size, d);
prune_init_slice(cg);
- if (!cgfs_get_value("blkio", cg, "blkio.io_serviced", &io_serviced_str))
+ if (!cgfs_get_value("blkio", cg, "blkio.io_serviced_recursive", &io_serviced_str))
goto err;
- if (!cgfs_get_value("blkio", cg, "blkio.io_merged", &io_merged_str))
+ if (!cgfs_get_value("blkio", cg, "blkio.io_merged_recursive", &io_merged_str))
goto err;
- if (!cgfs_get_value("blkio", cg, "blkio.io_service_bytes", &io_service_bytes_str))
+ if (!cgfs_get_value("blkio", cg, "blkio.io_service_bytes_recursive", &io_service_bytes_str))
goto err;
- if (!cgfs_get_value("blkio", cg, "blkio.io_wait_time", &io_wait_time_str))
+ if (!cgfs_get_value("blkio", cg, "blkio.io_wait_time_recursive", &io_wait_time_str))
goto err;
- if (!cgfs_get_value("blkio", cg, "blkio.io_service_time", &io_service_time_str))
+ if (!cgfs_get_value("blkio", cg, "blkio.io_service_time_recursive", &io_service_time_str))
goto err;
goto err;
while (getline(&line, &linelen, f) != -1) {
- size_t l;
- char *printme, lbuf[256];
+ ssize_t l;
+ char lbuf[256];
i = sscanf(line, "%u %u %71s", &major, &minor, dev_name);
- if(i == 3){
- get_blkio_io_value(io_serviced_str, major, minor, "Read", &read);
- get_blkio_io_value(io_serviced_str, major, minor, "Write", &write);
- get_blkio_io_value(io_merged_str, major, minor, "Read", &read_merged);
- get_blkio_io_value(io_merged_str, major, minor, "Write", &write_merged);
- get_blkio_io_value(io_service_bytes_str, major, minor, "Read", &read_sectors);
- read_sectors = read_sectors/512;
- get_blkio_io_value(io_service_bytes_str, major, minor, "Write", &write_sectors);
- write_sectors = write_sectors/512;
-
- get_blkio_io_value(io_service_time_str, major, minor, "Read", &rd_svctm);
- rd_svctm = rd_svctm/1000000;
- get_blkio_io_value(io_wait_time_str, major, minor, "Read", &rd_wait);
- rd_wait = rd_wait/1000000;
- read_ticks = rd_svctm + rd_wait;
-
- get_blkio_io_value(io_service_time_str, major, minor, "Write", &wr_svctm);
- wr_svctm = wr_svctm/1000000;
- get_blkio_io_value(io_wait_time_str, major, minor, "Write", &wr_wait);
- wr_wait = wr_wait/1000000;
- write_ticks = wr_svctm + wr_wait;
-
- get_blkio_io_value(io_service_time_str, major, minor, "Total", &tot_ticks);
- tot_ticks = tot_ticks/1000000;
- }else{
+ if (i != 3)
continue;
- }
+
+ get_blkio_io_value(io_serviced_str, major, minor, "Read", &read);
+ get_blkio_io_value(io_serviced_str, major, minor, "Write", &write);
+ get_blkio_io_value(io_merged_str, major, minor, "Read", &read_merged);
+ get_blkio_io_value(io_merged_str, major, minor, "Write", &write_merged);
+ get_blkio_io_value(io_service_bytes_str, major, minor, "Read", &read_sectors);
+ read_sectors = read_sectors/512;
+ get_blkio_io_value(io_service_bytes_str, major, minor, "Write", &write_sectors);
+ write_sectors = write_sectors/512;
+
+ get_blkio_io_value(io_service_time_str, major, minor, "Read", &rd_svctm);
+ rd_svctm = rd_svctm/1000000;
+ get_blkio_io_value(io_wait_time_str, major, minor, "Read", &rd_wait);
+ rd_wait = rd_wait/1000000;
+ read_ticks = rd_svctm + rd_wait;
+
+ get_blkio_io_value(io_service_time_str, major, minor, "Write", &wr_svctm);
+ wr_svctm = wr_svctm/1000000;
+ get_blkio_io_value(io_wait_time_str, major, minor, "Write", &wr_wait);
+ wr_wait = wr_wait/1000000;
+ write_ticks = wr_svctm + wr_wait;
+
+ get_blkio_io_value(io_service_time_str, major, minor, "Total", &tot_ticks);
+ tot_ticks = tot_ticks/1000000;
memset(lbuf, 0, 256);
- if (read || write || read_merged || write_merged || read_sectors || write_sectors || read_ticks || write_ticks) {
+ if (read || write || read_merged || write_merged || read_sectors || write_sectors || read_ticks || write_ticks)
snprintf(lbuf, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
major, minor, dev_name, read, read_merged, read_sectors, read_ticks,
write, write_merged, write_sectors, write_ticks, ios_pgr, tot_ticks, rq_ticks);
- printme = lbuf;
- } else
+ else
continue;
- l = snprintf(cache, cache_size, "%s", printme);
+ l = snprintf(cache, cache_size, "%s", lbuf);
if (l < 0) {
perror("Error writing to fuse buf");
rv = 0;
char *memswlimit_str = NULL, *memlimit_str = NULL, *memusage_str = NULL, *memswusage_str = NULL,
*memswlimit_default_str = NULL, *memswusage_default_str = NULL;
unsigned long memswlimit = 0, memlimit = 0, memusage = 0, memswusage = 0, swap_total = 0, swap_free = 0;
- size_t total_len = 0, rv = 0;
+ ssize_t total_len = 0, rv = 0;
+ ssize_t l = 0;
char *cache = d->buf;
if (offset) {
}
if (swap_total > 0) {
- total_len += snprintf(d->buf + total_len, d->size - total_len,
- "none%*svirtual\t\t%lu\t%lu\t0\n", 36, " ",
- swap_total, swap_free);
+ l = snprintf(d->buf + total_len, d->size - total_len,
+ "none%*svirtual\t\t%lu\t%lu\t0\n", 36, " ",
+ swap_total, swap_free);
+ total_len += l;
}
- if (total_len < 0) {
+ if (total_len < 0 || l < 0) {
perror("Error writing to cache");
rv = 0;
goto err;
int proc_readdir(const char *path, void *buf, fuse_fill_dir_t filler, off_t offset,
struct fuse_file_info *fi)
{
- if (filler(buf, "cpuinfo", NULL, 0) != 0 ||
- filler(buf, "meminfo", NULL, 0) != 0 ||
- filler(buf, "stat", NULL, 0) != 0 ||
- filler(buf, "uptime", NULL, 0) != 0 ||
- filler(buf, "diskstats", NULL, 0) != 0 ||
- filler(buf, "swaps", NULL, 0) != 0)
+ if (filler(buf, ".", NULL, 0) != 0 ||
+ filler(buf, "..", NULL, 0) != 0 ||
+ filler(buf, "cpuinfo", NULL, 0) != 0 ||
+ filler(buf, "meminfo", NULL, 0) != 0 ||
+ filler(buf, "stat", NULL, 0) != 0 ||
+ filler(buf, "uptime", NULL, 0) != 0 ||
+ filler(buf, "diskstats", NULL, 0) != 0 ||
+ filler(buf, "swaps", NULL, 0) != 0)
return -EINVAL;
return 0;
}
int proc_access(const char *path, int mask)
{
+ if (strcmp(path, "/proc") == 0 && access(path, R_OK) == 0)
+ return 0;
+
/* these are all read-only */
if ((mask & ~R_OK) != 0)
return -EACCES;
}
}
-static void __attribute__((constructor)) collect_subsystems(void)
+/*
+ * Functions needed to setup cgroups in the __constructor__.
+ */
+
+static bool mkdir_p(const char *dir, mode_t mode)
+{
+ const char *tmp = dir;
+ const char *orig = dir;
+ char *makeme;
+
+ do {
+ dir = tmp + strspn(tmp, "/");
+ tmp = dir + strcspn(dir, "/");
+ makeme = strndup(orig, dir - orig);
+ if (!makeme)
+ return false;
+ if (mkdir(makeme, mode) && errno != EEXIST) {
+ fprintf(stderr, "failed to create directory '%s': %s",
+ makeme, strerror(errno));
+ free(makeme);
+ return false;
+ }
+ free(makeme);
+ } while(tmp != dir);
+
+ return true;
+}
+
+static bool umount_if_mounted(void)
+{
+ if (umount2(BASEDIR, MNT_DETACH) < 0 && errno != EINVAL) {
+ fprintf(stderr, "failed to unmount %s: %s.\n", BASEDIR, strerror(errno));
+ return false;
+ }
+ return true;
+}
+
+static int pivot_enter(void)
+{
+ int ret = -1, oldroot = -1, newroot = -1;
+
+ oldroot = open("/", O_DIRECTORY | O_RDONLY);
+ if (oldroot < 0) {
+ fprintf(stderr, "%s: Failed to open old root for fchdir.\n", __func__);
+ return ret;
+ }
+
+ newroot = open(ROOTDIR, O_DIRECTORY | O_RDONLY);
+ if (newroot < 0) {
+ fprintf(stderr, "%s: Failed to open new root for fchdir.\n", __func__);
+ goto err;
+ }
+
+ /* change into new root fs */
+ if (fchdir(newroot) < 0) {
+ fprintf(stderr, "%s: Failed to change directory to new rootfs: %s.\n", __func__, ROOTDIR);
+ goto err;
+ }
+
+ /* pivot_root into our new root fs */
+ if (pivot_root(".", ".") < 0) {
+ fprintf(stderr, "%s: pivot_root() syscall failed: %s.\n", __func__, strerror(errno));
+ goto err;
+ }
+
+ /*
+ * At this point the old-root is mounted on top of our new-root.
+ * To unmounted it we must not be chdir'd into it, so escape back
+ * to the old-root.
+ */
+ if (fchdir(oldroot) < 0) {
+ fprintf(stderr, "%s: Failed to enter old root.\n", __func__);
+ goto err;
+ }
+ if (umount2(".", MNT_DETACH) < 0) {
+ fprintf(stderr, "%s: Failed to detach old root.\n", __func__);
+ goto err;
+ }
+
+ if (fchdir(newroot) < 0) {
+ fprintf(stderr, "%s: Failed to re-enter new root.\n", __func__);
+ goto err;
+ }
+
+ ret = 0;
+
+err:
+ if (oldroot > 0)
+ close(oldroot);
+ if (newroot > 0)
+ close(newroot);
+ return ret;
+}
+
+/* Prepare our new clean root. */
+static int pivot_prepare(void)
+{
+ if (mkdir(ROOTDIR, 0700) < 0 && errno != EEXIST) {
+ fprintf(stderr, "%s: Failed to create directory for new root.\n", __func__);
+ return -1;
+ }
+
+ if (mount("/", ROOTDIR, NULL, MS_BIND, 0) < 0) {
+ fprintf(stderr, "%s: Failed to bind-mount / for new root: %s.\n", __func__, strerror(errno));
+ return -1;
+ }
+
+ if (mount(RUNTIME_PATH, ROOTDIR RUNTIME_PATH, NULL, MS_BIND, 0) < 0) {
+ fprintf(stderr, "%s: Failed to bind-mount /run into new root: %s.\n", __func__, strerror(errno));
+ return -1;
+ }
+
+ if (mount(BASEDIR, ROOTDIR BASEDIR, NULL, MS_REC | MS_MOVE, 0) < 0) {
+ printf("%s: failed to move " BASEDIR " into new root: %s.\n", __func__, strerror(errno));
+ return -1;
+ }
+
+ return 0;
+}
+
+static bool pivot_new_root(void)
+{
+ /* Prepare new root. */
+ if (pivot_prepare() < 0)
+ return false;
+
+ /* Pivot into new root. */
+ if (pivot_enter() < 0)
+ return false;
+
+ return true;
+}
+
+static bool setup_cgfs_dir(void)
+{
+ if (!mkdir_p(BASEDIR, 0700)) {
+ fprintf(stderr, "Failed to create lxcfs cgroup mountpoint.\n");
+ return false;
+ }
+
+ if (!umount_if_mounted()) {
+ fprintf(stderr, "Failed to clean up old lxcfs cgroup mountpoint.\n");
+ return false;
+ }
+
+ if (unshare(CLONE_NEWNS) < 0) {
+ fprintf(stderr, "%s: Failed to unshare mount namespace: %s.\n", __func__, strerror(errno));
+ return false;
+ }
+
+ if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0) < 0) {
+ fprintf(stderr, "%s: Failed to remount / private: %s.\n", __func__, strerror(errno));
+ return false;
+ }
+
+ if (mount("tmpfs", BASEDIR, "tmpfs", 0, "size=100000,mode=700") < 0) {
+ fprintf(stderr, "Failed to mount tmpfs over lxcfs cgroup mountpoint.\n");
+ return false;
+ }
+
+ return true;
+}
+
+static bool do_mount_cgroups(void)
+{
+ char *target;
+ size_t clen, len;
+ int i, ret;
+
+ for (i = 0; i < num_hierarchies; i++) {
+ char *controller = hierarchies[i];
+ clen = strlen(controller);
+ len = strlen(BASEDIR) + clen + 2;
+ target = malloc(len);
+ if (!target)
+ return false;
+ ret = snprintf(target, len, "%s/%s", BASEDIR, controller);
+ if (ret < 0 || ret >= len) {
+ free(target);
+ return false;
+ }
+ if (mkdir(target, 0755) < 0 && errno != EEXIST) {
+ free(target);
+ return false;
+ }
+ if (mount(controller, target, "cgroup", 0, controller) < 0) {
+ fprintf(stderr, "Failed mounting cgroup %s\n", controller);
+ free(target);
+ return false;
+ }
+
+ fd_hierarchies[i] = open(target, O_DIRECTORY);
+ if (fd_hierarchies[i] < 0) {
+ free(target);
+ return false;
+ }
+ free(target);
+ }
+ return true;
+}
+
+static bool cgfs_setup_controllers(void)
+{
+ if (!setup_cgfs_dir())
+ return false;
+
+ if (!do_mount_cgroups()) {
+ fprintf(stderr, "Failed to set up private lxcfs cgroup mounts.\n");
+ return false;
+ }
+
+ if (!pivot_new_root())
+ return false;
+
+ return true;
+}
+
+static int preserve_ns(int pid)
+{
+ int ret;
+ size_t len = 5 /* /proc */ + 21 /* /int_as_str */ + 7 /* /ns/mnt */ + 1 /* \0 */;
+ char path[len];
+
+ ret = snprintf(path, len, "/proc/%d/ns/mnt", pid);
+ if (ret < 0 || (size_t)ret >= len)
+ return -1;
+
+ return open(path, O_RDONLY | O_CLOEXEC);
+}
+
+static void __attribute__((constructor)) collect_and_mount_subsystems(void)
{
FILE *f;
char *line = NULL;
size_t len = 0;
+ int i, init_ns = -1;
if ((f = fopen("/proc/self/cgroup", "r")) == NULL) {
fprintf(stderr, "Error opening /proc/self/cgroup: %s\n", strerror(errno));
goto out;
*p2 = '\0';
+ /* With cgroupv2 /proc/self/cgroup can contain entries of the
+ * form: 0::/ This will cause lxcfs to fail the cgroup mounts
+ * because it parses out the empty string "" and later on passes
+ * it to mount(). Let's skip such entries.
+ */
+ if (!strcmp(p, ""))
+ continue;
+
if (!store_hierarchy(line, p))
goto out;
}
+ /* Preserve initial namespace. */
+ init_ns = preserve_ns(getpid());
+ if (init_ns < 0)
+ goto out;
+
+ fd_hierarchies = malloc(sizeof(int *) * num_hierarchies);
+ if (!fd_hierarchies)
+ goto out;
+
+ for (i = 0; i < num_hierarchies; i++)
+ fd_hierarchies[i] = -1;
+
+ /* This function calls unshare(CLONE_NEWNS) our initial mount namespace
+ * to privately mount lxcfs cgroups. */
+ if (!cgfs_setup_controllers())
+ goto out;
+
+ if (setns(init_ns, 0) < 0)
+ goto out;
+
print_subsystems();
out:
free(line);
fclose(f);
+ if (init_ns >= 0)
+ close(init_ns);
}
static void __attribute__((destructor)) free_subsystems(void)
{
int i;
- for (i = 0; i < num_hierarchies; i++)
+ for (i = 0; i < num_hierarchies; i++) {
if (hierarchies[i])
free(hierarchies[i]);
+ if (fd_hierarchies && fd_hierarchies[i] >= 0)
+ close(fd_hierarchies[i]);
+ }
free(hierarchies);
+ free(fd_hierarchies);
}
projects / mirror_lxcfs.git / blobdiff