int (*wrapped) (int, pid_t);
};
+static inline int get_cgroup_fd_handle_named(const char *controller)
+{
+ if (strcmp(controller, "systemd") == 0)
+ return get_cgroup_fd("name=systemd");
+
+ return get_cgroup_fd(controller);
+}
+
+static char *get_pid_cgroup_handle_named(pid_t pid, const char *controller)
+{
+ if (strcmp(controller, "systemd") == 0)
+ return get_pid_cgroup(pid, "name=systemd");
+
+ return get_pid_cgroup(pid, controller);
+}
+
+static bool get_cgroup_handle_named(struct cgroup_ops *ops,
+ const char *controller, const char *cgroup,
+ const char *file, char **value)
+{
+ if (strcmp(controller, "systemd") == 0)
+ return cgroup_ops->get(ops, "name=systemd", cgroup, file, value);
+
+ return cgroup_ops->get(cgroup_ops, controller, cgroup, file, value);
+}
+
/*
* given /cgroup/freezer/a/b, return "freezer".
* the returned char* should NOT be freed.
int ret;
struct stat sb;
- cfd = get_cgroup_fd(controller);
+ cfd = get_cgroup_fd_handle_named(controller);
if (cfd < 0)
return false;
if (strcmp(cg, "/") == 0 || strcmp(cg, "./") == 0)
return true;
- c2 = get_pid_cgroup(pid, contrl);
+ c2 = get_pid_cgroup_handle_named(pid, contrl);
if (!c2)
return false;
prune_init_slice(c2);
static bool caller_is_in_ancestor(pid_t pid, const char *contrl, const char *cg, char **nextcg)
{
bool answer = false;
- char *c2 = get_pid_cgroup(pid, contrl);
+ char *c2 = get_pid_cgroup_handle_named(pid, contrl);
char *linecmp;
if (!c2)
struct stat sb;
struct cgfs_files *newkey;
- cfd = get_cgroup_fd(controller);
+ cfd = get_cgroup_fd_handle_named(controller);
if (cfd < 0)
return false;
size_t len;
char *dirnam;
- cfd = get_cgroup_fd(controller);
+ cfd = get_cgroup_fd_handle_named(controller);
if (cfd < 0)
return -EINVAL;
char *dirnam;
bool bret;
- cfd = get_cgroup_fd(controller);
+ cfd = get_cgroup_fd_handle_named(controller);
if (cfd < 0)
return false;
size_t len;
char *pathname;
- cfd = get_cgroup_fd(controller);
+ cfd = get_cgroup_fd_handle_named(controller);
if (cfd < 0)
return false;
size_t len;
char *pathname;
- cfd = get_cgroup_fd(controller);
+ cfd = get_cgroup_fd_handle_named(controller);
if (cfd < 0)
return false;
struct ucred cred;
size_t sz = 0, asz = 0;
- if (!cgroup_ops->get(cgroup_ops, contrl, cg, file, &tmpdata))
+ if (!get_cgroup_handle_named(cgroup_ops, contrl, cg, file, &tmpdata))
return false;
/*
// special case - we have to translate the pids
r = do_read_pids(fc->pid, f->controller, f->cgroup, f->file, &data);
else
- r = cgroup_ops->get(cgroup_ops, f->controller, f->cgroup, f->file, &data);
+ r = get_cgroup_handle_named(cgroup_ops, f->controller, f->cgroup, f->file, &data);
if (!r) {
ret = -EINVAL;
size_t len;
char *pathname;
- cfd = get_cgroup_fd(controller);
+ cfd = get_cgroup_fd_handle_named(controller);
if (cfd < 0)
return false;
size_t len;
char *fnam;
- cfd = get_cgroup_fd(controller);
+ cfd = get_cgroup_fd_handle_named(controller);
if (cfd < 0)
return false;
struct dirent *dirent;
DIR *dir;
- cfd = get_cgroup_fd(controller);
+ cfd = get_cgroup_fd_handle_named(controller);
*list = NULL;
if (cfd < 0)
return false;
else
newargv[cnt++] = "-f";
newargv[cnt++] = "-o";
+
+ /*
+ * We can't use default_permissions since we still support systems that
+ * don't have kernels with cgroup namespace support. On such kernels
+ * lxcfs will provide a namespaced cgroup view and needs explicit
+ * access helpers to make that work.
+ * Another reason that came to me is that we can't or at least
+ * shouldn't guarantee that we don't need more complicated access
+ * helpers for proc and sys virtualization in the future.
+ */
if (nonempty)
- newargv[cnt++] = "default_permissions,allow_other,direct_io,entry_timeout=0.5,attr_timeout=0.5,nonempty";
+ newargv[cnt++] = "allow_other,direct_io,entry_timeout=0.5,attr_timeout=0.5,nonempty";
else
- newargv[cnt++] = "default_permissions,allow_other,direct_io,entry_timeout=0.5,attr_timeout=0.5";
+ newargv[cnt++] = "allow_other,direct_io,entry_timeout=0.5,attr_timeout=0.5";
newargv[cnt++] = argv[1];
newargv[cnt++] = NULL;
projects / mirror_lxcfs.git / commitdiff