cgroup: Split legacy 'ns' cgroup handling off from main cgroup handling

This patch splits off ns legacy cgroup handling from main cgroup
handling. It moves the creation of the cgroups before clone(), so that
the child will easily know which cgroups it will later belong to. Since
this is not possible for the renaming of the 'ns' cgroup, keep that
part after clone.

Signed-off-by: Christian Seiler <christian@iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index aaee546b929dc5ac9b13568371b12453a06853e5..ad95fc468107d04330be1eb8d93a32b34f6ec713 100644 (file)
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -604,7 +604,7 @@ static char *cgroup_rename_nsgroup(const char *mountpath, const char *oldname, p
 }
 
 /* create a new cgroup */
-extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const char *path_pattern, struct cgroup_meta_data *meta_data, const char *sub_pattern, pid_t pid)
+extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const char *path_pattern, struct cgroup_meta_data *meta_data, const char *sub_pattern)
 {
        char **cgroup_path_components = NULL;
        char **p = NULL;
@@ -826,27 +826,16 @@ extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const cha
 
        /* we're done, now update the paths */
        for (i = 0, info_ptr = base_info; info_ptr; info_ptr = info_ptr->next, i++) {
-               /*
-                * For any path which has ns cgroup mounted, handler->pid is already
-                * moved into a container called '%d % (handler->pid)'.  Rename it to
-                * the cgroup name and record that.
+               /* ignore legacy 'ns' subsystem here, lxc_cgroup_create_legacy
+                * will take care of it
+                * Since we do a continue in above loop, new_cgroup_paths[i] is
+                * unset anyway, as is new_cgroup_paths_sub[i]
                 */
-               if (lxc_string_in_array("ns", (const char **)info_ptr->hierarchy->subsystems)) {
-                       char *tmp = cgroup_rename_nsgroup((const char *)info_ptr->designated_mount_point->mount_point,
-                                       info_ptr->cgroup_path, pid, name);
-                       if (!tmp)
-                               goto out_initial_error;
-                       free(info_ptr->cgroup_path);
-                       info_ptr->cgroup_path = tmp;
-                       r = lxc_grow_array((void ***)&info_ptr->created_paths, &info_ptr->created_paths_capacity, info_ptr->created_paths_count + 1, 8);
-                       if (r < 0)
-                               goto out_initial_error;
-                       info_ptr->created_paths[info_ptr->created_paths_count++] = strdup(tmp);
-               } else {
-                       free(info_ptr->cgroup_path);
-                       info_ptr->cgroup_path = new_cgroup_paths[i];
-                       info_ptr->cgroup_path_sub = new_cgroup_paths_sub[i];
-               }
+               if (lxc_string_in_array("ns", (const char **)info_ptr->hierarchy->subsystems))
+                       continue;
+               free(info_ptr->cgroup_path);
+               info_ptr->cgroup_path = new_cgroup_paths[i];
+               info_ptr->cgroup_path_sub = new_cgroup_paths_sub[i];
        }
        /* don't use lxc_free_array since we used the array members
         * to store them in our result...
@@ -868,6 +857,36 @@ out_initial_error:
        return NULL;
 }
 
+int lxc_cgroup_create_legacy(struct cgroup_process_info *base_info, const char *name, pid_t pid)
+{
+       struct cgroup_process_info *info_ptr;
+       int r;
+
+       for (info_ptr = base_info; info_ptr; info_ptr = info_ptr->next) {
+               if (!lxc_string_in_array("ns", (const char **)info_ptr->hierarchy->subsystems))
+                       continue;
+               /*
+                * For any path which has ns cgroup mounted, handler->pid is already
+                * moved into a container called '%d % (handler->pid)'.  Rename it to
+                * the cgroup name and record that.
+                */
+               char *tmp = cgroup_rename_nsgroup((const char *)info_ptr->designated_mount_point->mount_point,
+                               info_ptr->cgroup_path, pid, name);
+               if (!tmp)
+                       return -1;
+               free(info_ptr->cgroup_path);
+               info_ptr->cgroup_path = tmp;
+               r = lxc_grow_array((void ***)&info_ptr->created_paths, &info_ptr->created_paths_capacity, info_ptr->created_paths_count + 1, 8);
+               if (r < 0)
+                       return -1;
+               tmp = strdup(tmp);
+               if (!tmp)
+                       return -1;
+               info_ptr->created_paths[info_ptr->created_paths_count++] = tmp;
+       }
+       return 0;
+}
+
 /* get the cgroup membership of a given container */
 struct cgroup_process_info *lxc_cgroup_get_container_info(const char *name, const char *lxcpath, struct cgroup_meta_data *meta_data)
 {

diff --git a/src/lxc/cgroup.h b/src/lxc/cgroup.h
index bd2da251df53f2e9dcb3fdb4035186c35bf38f43..25553901d92b653f14d9747daa8f27d679cc6824 100644 (file)
--- a/src/lxc/cgroup.h
+++ b/src/lxc/cgroup.h
@@ -113,7 +113,8 @@ extern struct cgroup_process_info *lxc_cgroup_process_info_get_init(struct cgrou
 extern struct cgroup_process_info *lxc_cgroup_process_info_get_self(struct cgroup_meta_data *meta);
 
 /* create a new cgroup */
-extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const char *path_pattern, struct cgroup_meta_data *meta_data, const char *sub_pattern, int pid);
+extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const char *path_pattern, struct cgroup_meta_data *meta_data, const char *sub_pattern);
+extern int lxc_cgroup_create_legacy(struct cgroup_process_info *base_info, const char *name, pid_t pid);
 
 /* get the cgroup membership of a given container */
 extern struct cgroup_process_info *lxc_cgroup_get_container_info(const char *name, const char *lxcpath, struct cgroup_meta_data *meta_data);

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 6e95ff11f43b19d16993acd6f2bde8ec1276f060..56a2e6b55c99cae2b575d95ea1964aa71fbf554c 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -663,6 +663,14 @@ int lxc_spawn(struct lxc_handler *handler)
        if (!cgroup_pattern)
                cgroup_pattern = "%n";
 
+       /* Create cgroup before doing clone(), so the child will know from
+        * handler which cgroup it is going to be put in later.
+        */
+       if ((handler->cgroup = lxc_cgroup_create(name, cgroup_pattern, cgroup_meta, NULL)) == NULL) {
+               ERROR("failed to create cgroups for '%s'", name);
+               goto out_delete_net;
+       }
+
        /*
         * if the rootfs is not a blockdev, prevent the container from
         * marking it readonly.
@@ -684,8 +692,11 @@ int lxc_spawn(struct lxc_handler *handler)
        if (lxc_sync_wait_child(handler, LXC_SYNC_CONFIGURE))
                failed_before_rename = 1;
 
-       if ((handler->cgroup = lxc_cgroup_create(name, cgroup_pattern, cgroup_meta, NULL, handler->pid)) == NULL) {
-               ERROR("failed to create cgroups for '%s'", name);
+       /* In case there is still legacy ns cgroup support in the kernel.
+        * Should be removed at some later point in time.
+        */
+       if (lxc_cgroup_create_legacy(handler->cgroup, name, handler->pid) < 0) {
+               ERROR("failed to create legacy ns cgroups for '%s'", name);
                goto out_delete_net;
        }