]>
Commit | Line | Data |
---|---|---|
ccb4cabe SH |
1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * Copyright © 2016 Canonical Ltd. | |
5 | * | |
6 | * Authors: | |
7 | * Serge Hallyn <serge.hallyn@ubuntu.com> | |
3fd0de4d | 8 | * Christian Brauner <christian.brauner@ubuntu.com> |
ccb4cabe SH |
9 | * |
10 | * This library is free software; you can redistribute it and/or | |
11 | * modify it under the terms of the GNU Lesser General Public | |
12 | * License as published by the Free Software Foundation; either | |
13 | * version 2.1 of the License, or (at your option) any later version. | |
14 | * | |
15 | * This library is distributed in the hope that it will be useful, | |
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | * Lesser General Public License for more details. | |
19 | * | |
20 | * You should have received a copy of the GNU Lesser General Public | |
21 | * License along with this library; if not, write to the Free Software | |
22 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
23 | */ | |
24 | ||
25 | /* | |
26 | * cgfs-ng.c: this is a new, simplified implementation of a filesystem | |
27 | * cgroup backend. The original cgfs.c was designed to be as flexible | |
28 | * as possible. It would try to find cgroup filesystems no matter where | |
29 | * or how you had them mounted, and deduce the most usable mount for | |
0e7ff52c | 30 | * each controller. |
ccb4cabe SH |
31 | * |
32 | * This new implementation assumes that cgroup filesystems are mounted | |
33 | * under /sys/fs/cgroup/clist where clist is either the controller, or | |
34 | * a comman-separated list of controllers. | |
35 | */ | |
a54694f8 | 36 | |
ccb4cabe | 37 | #include "config.h" |
a54694f8 CB |
38 | |
39 | #include <ctype.h> | |
40 | #include <dirent.h> | |
41 | #include <errno.h> | |
42 | #include <grp.h> | |
43 | #include <stdint.h> | |
ccb4cabe SH |
44 | #include <stdio.h> |
45 | #include <stdlib.h> | |
a54694f8 | 46 | #include <string.h> |
ccb4cabe | 47 | #include <unistd.h> |
c8bf519d | 48 | #include <linux/kdev_t.h> |
438c4581 CB |
49 | #include <linux/types.h> |
50 | #include <sys/types.h> | |
c8bf519d | 51 | |
b635e92d | 52 | #include "caps.h" |
ccb4cabe | 53 | #include "cgroup.h" |
6328fd9c | 54 | #include "cgroup_utils.h" |
ccb4cabe | 55 | #include "commands.h" |
43654d34 | 56 | #include "conf.h" |
a54694f8 | 57 | #include "log.h" |
43654d34 | 58 | #include "storage/storage.h" |
a54694f8 | 59 | #include "utils.h" |
ccb4cabe | 60 | |
64e82f8b DJ |
61 | #ifndef HAVE_STRLCPY |
62 | #include "include/strlcpy.h" | |
63 | #endif | |
64 | ||
3ebe2fbd DJ |
65 | #ifndef HAVE_STRLCAT |
66 | #include "include/strlcat.h" | |
67 | #endif | |
68 | ||
ac2cecc4 | 69 | lxc_log_define(cgfsng, cgroup); |
ccb4cabe | 70 | |
ccb4cabe SH |
71 | static void free_string_list(char **clist) |
72 | { | |
2d5fe5ba | 73 | int i; |
ccb4cabe | 74 | |
2d5fe5ba CB |
75 | if (!clist) |
76 | return; | |
77 | ||
78 | for (i = 0; clist[i]; i++) | |
79 | free(clist[i]); | |
80 | ||
81 | free(clist); | |
ccb4cabe SH |
82 | } |
83 | ||
7745483d | 84 | /* Allocate a pointer, do not fail. */ |
ccb4cabe SH |
85 | static void *must_alloc(size_t sz) |
86 | { | |
87 | return must_realloc(NULL, sz); | |
88 | } | |
89 | ||
8b8db2f6 CB |
90 | /* Given a pointer to a null-terminated array of pointers, realloc to add one |
91 | * entry, and point the new entry to NULL. Do not fail. Return the index to the | |
92 | * second-to-last entry - that is, the one which is now available for use | |
93 | * (keeping the list null-terminated). | |
ccb4cabe SH |
94 | */ |
95 | static int append_null_to_list(void ***list) | |
96 | { | |
97 | int newentry = 0; | |
98 | ||
99 | if (*list) | |
8b8db2f6 CB |
100 | for (; (*list)[newentry]; newentry++) |
101 | ; | |
ccb4cabe SH |
102 | |
103 | *list = must_realloc(*list, (newentry + 2) * sizeof(void **)); | |
104 | (*list)[newentry + 1] = NULL; | |
105 | return newentry; | |
106 | } | |
107 | ||
8073018d CB |
108 | /* Given a null-terminated array of strings, check whether @entry is one of the |
109 | * strings. | |
ccb4cabe SH |
110 | */ |
111 | static bool string_in_list(char **list, const char *entry) | |
112 | { | |
113 | int i; | |
114 | ||
115 | if (!list) | |
116 | return false; | |
d6337a5f | 117 | |
ccb4cabe SH |
118 | for (i = 0; list[i]; i++) |
119 | if (strcmp(list[i], entry) == 0) | |
120 | return true; | |
121 | ||
122 | return false; | |
123 | } | |
124 | ||
ac010944 CB |
125 | /* Return a copy of @entry prepending "name=", i.e. turn "systemd" into |
126 | * "name=systemd". Do not fail. | |
127 | */ | |
128 | static char *cg_legacy_must_prefix_named(char *entry) | |
129 | { | |
130 | size_t len; | |
131 | char *prefixed; | |
132 | ||
133 | len = strlen(entry); | |
134 | prefixed = must_alloc(len + 6); | |
135 | ||
cbe2185b CB |
136 | memcpy(prefixed, "name=", sizeof("name=") - 1); |
137 | memcpy(prefixed + sizeof("name=") - 1, entry, len); | |
ac010944 CB |
138 | prefixed[len + 5] = '\0'; |
139 | return prefixed; | |
140 | } | |
141 | ||
42a993b4 CB |
142 | /* Append an entry to the clist. Do not fail. @clist must be NULL the first time |
143 | * we are called. | |
ccb4cabe | 144 | * |
42a993b4 CB |
145 | * We also handle named subsystems here. Any controller which is not a kernel |
146 | * subsystem, we prefix "name=". Any which is both a kernel and named subsystem, | |
147 | * we refuse to use because we're not sure which we have here. | |
148 | * (TODO: We could work around this in some cases by just remounting to be | |
149 | * unambiguous, or by comparing mountpoint contents with current cgroup.) | |
ccb4cabe SH |
150 | * |
151 | * The last entry will always be NULL. | |
152 | */ | |
42a993b4 CB |
153 | static void must_append_controller(char **klist, char **nlist, char ***clist, |
154 | char *entry) | |
ccb4cabe SH |
155 | { |
156 | int newentry; | |
157 | char *copy; | |
158 | ||
159 | if (string_in_list(klist, entry) && string_in_list(nlist, entry)) { | |
c2712f64 | 160 | ERROR("Refusing to use ambiguous controller \"%s\"", entry); |
ccb4cabe SH |
161 | ERROR("It is both a named and kernel subsystem"); |
162 | return; | |
163 | } | |
164 | ||
165 | newentry = append_null_to_list((void ***)clist); | |
166 | ||
167 | if (strncmp(entry, "name=", 5) == 0) | |
168 | copy = must_copy_string(entry); | |
169 | else if (string_in_list(klist, entry)) | |
170 | copy = must_copy_string(entry); | |
171 | else | |
7745483d | 172 | copy = cg_legacy_must_prefix_named(entry); |
ccb4cabe SH |
173 | |
174 | (*clist)[newentry] = copy; | |
175 | } | |
176 | ||
5ae0207c CB |
177 | /* Given a handler's cgroup data, return the struct hierarchy for the controller |
178 | * @c, or NULL if there is none. | |
ccb4cabe | 179 | */ |
2202afc9 | 180 | struct hierarchy *get_hierarchy(struct cgroup_ops *ops, const char *c) |
ccb4cabe SH |
181 | { |
182 | int i; | |
183 | ||
2202afc9 | 184 | if (!ops->hierarchies) |
ccb4cabe | 185 | return NULL; |
d6337a5f | 186 | |
2202afc9 | 187 | for (i = 0; ops->hierarchies[i]; i++) { |
d6337a5f CB |
188 | if (!c) { |
189 | /* This is the empty unified hierarchy. */ | |
2202afc9 CB |
190 | if (ops->hierarchies[i]->controllers && |
191 | !ops->hierarchies[i]->controllers[0]) | |
192 | return ops->hierarchies[i]; | |
d6337a5f | 193 | |
106f1f38 | 194 | continue; |
d6337a5f CB |
195 | } |
196 | ||
2202afc9 CB |
197 | if (string_in_list(ops->hierarchies[i]->controllers, c)) |
198 | return ops->hierarchies[i]; | |
ccb4cabe | 199 | } |
d6337a5f | 200 | |
ccb4cabe SH |
201 | return NULL; |
202 | } | |
203 | ||
a54694f8 CB |
204 | #define BATCH_SIZE 50 |
205 | static void batch_realloc(char **mem, size_t oldlen, size_t newlen) | |
206 | { | |
207 | int newbatches = (newlen / BATCH_SIZE) + 1; | |
208 | int oldbatches = (oldlen / BATCH_SIZE) + 1; | |
209 | ||
210 | if (!*mem || newbatches > oldbatches) { | |
211 | *mem = must_realloc(*mem, newbatches * BATCH_SIZE); | |
212 | } | |
213 | } | |
214 | ||
215 | static void append_line(char **dest, size_t oldlen, char *new, size_t newlen) | |
216 | { | |
217 | size_t full = oldlen + newlen; | |
218 | ||
219 | batch_realloc(dest, oldlen, full + 1); | |
220 | ||
221 | memcpy(*dest + oldlen, new, newlen + 1); | |
222 | } | |
223 | ||
224 | /* Slurp in a whole file */ | |
d6337a5f | 225 | static char *read_file(const char *fnam) |
a54694f8 CB |
226 | { |
227 | FILE *f; | |
228 | char *line = NULL, *buf = NULL; | |
229 | size_t len = 0, fulllen = 0; | |
230 | int linelen; | |
231 | ||
232 | f = fopen(fnam, "r"); | |
233 | if (!f) | |
234 | return NULL; | |
235 | while ((linelen = getline(&line, &len, f)) != -1) { | |
236 | append_line(&buf, fulllen, line, linelen); | |
237 | fulllen += linelen; | |
238 | } | |
239 | fclose(f); | |
240 | free(line); | |
241 | return buf; | |
242 | } | |
243 | ||
244 | /* Taken over modified from the kernel sources. */ | |
245 | #define NBITS 32 /* bits in uint32_t */ | |
246 | #define DIV_ROUND_UP(n, d) (((n) + (d)-1) / (d)) | |
247 | #define BITS_TO_LONGS(nr) DIV_ROUND_UP(nr, NBITS) | |
248 | ||
249 | static void set_bit(unsigned bit, uint32_t *bitarr) | |
250 | { | |
251 | bitarr[bit / NBITS] |= (1 << (bit % NBITS)); | |
252 | } | |
253 | ||
254 | static void clear_bit(unsigned bit, uint32_t *bitarr) | |
255 | { | |
256 | bitarr[bit / NBITS] &= ~(1 << (bit % NBITS)); | |
257 | } | |
258 | ||
259 | static bool is_set(unsigned bit, uint32_t *bitarr) | |
260 | { | |
261 | return (bitarr[bit / NBITS] & (1 << (bit % NBITS))) != 0; | |
262 | } | |
263 | ||
264 | /* Create cpumask from cpulist aka turn: | |
265 | * | |
266 | * 0,2-3 | |
267 | * | |
d5d468f6 | 268 | * into bit array |
a54694f8 CB |
269 | * |
270 | * 1 0 1 1 | |
271 | */ | |
272 | static uint32_t *lxc_cpumask(char *buf, size_t nbits) | |
273 | { | |
274 | char *token; | |
d5d468f6 CB |
275 | size_t arrlen; |
276 | uint32_t *bitarr; | |
a54694f8 | 277 | char *saveptr = NULL; |
d5d468f6 CB |
278 | |
279 | arrlen = BITS_TO_LONGS(nbits); | |
280 | bitarr = calloc(arrlen, sizeof(uint32_t)); | |
a54694f8 CB |
281 | if (!bitarr) |
282 | return NULL; | |
283 | ||
284 | for (; (token = strtok_r(buf, ",", &saveptr)); buf = NULL) { | |
285 | errno = 0; | |
d5d468f6 CB |
286 | unsigned end, start; |
287 | char *range; | |
a54694f8 | 288 | |
d5d468f6 CB |
289 | start = strtoul(token, NULL, 0); |
290 | end = start; | |
291 | range = strchr(token, '-'); | |
a54694f8 CB |
292 | if (range) |
293 | end = strtoul(range + 1, NULL, 0); | |
d5d468f6 | 294 | |
a54694f8 CB |
295 | if (!(start <= end)) { |
296 | free(bitarr); | |
297 | return NULL; | |
298 | } | |
299 | ||
300 | if (end >= nbits) { | |
301 | free(bitarr); | |
302 | return NULL; | |
303 | } | |
304 | ||
305 | while (start <= end) | |
306 | set_bit(start++, bitarr); | |
307 | } | |
308 | ||
309 | return bitarr; | |
310 | } | |
311 | ||
a54694f8 CB |
312 | /* Turn cpumask into simple, comma-separated cpulist. */ |
313 | static char *lxc_cpumask_to_cpulist(uint32_t *bitarr, size_t nbits) | |
314 | { | |
a54694f8 | 315 | int ret; |
414c6719 | 316 | size_t i; |
a54694f8 | 317 | char **cpulist = NULL; |
414c6719 | 318 | char numstr[LXC_NUMSTRLEN64] = {0}; |
a54694f8 CB |
319 | |
320 | for (i = 0; i <= nbits; i++) { | |
414c6719 CB |
321 | if (!is_set(i, bitarr)) |
322 | continue; | |
323 | ||
324 | ret = snprintf(numstr, LXC_NUMSTRLEN64, "%zu", i); | |
325 | if (ret < 0 || (size_t)ret >= LXC_NUMSTRLEN64) { | |
326 | lxc_free_array((void **)cpulist, free); | |
327 | return NULL; | |
328 | } | |
329 | ||
330 | ret = lxc_append_string(&cpulist, numstr); | |
331 | if (ret < 0) { | |
332 | lxc_free_array((void **)cpulist, free); | |
333 | return NULL; | |
a54694f8 CB |
334 | } |
335 | } | |
414c6719 CB |
336 | |
337 | if (!cpulist) | |
338 | return NULL; | |
339 | ||
a54694f8 CB |
340 | return lxc_string_join(",", (const char **)cpulist, false); |
341 | } | |
342 | ||
343 | static ssize_t get_max_cpus(char *cpulist) | |
344 | { | |
345 | char *c1, *c2; | |
346 | char *maxcpus = cpulist; | |
347 | size_t cpus = 0; | |
348 | ||
349 | c1 = strrchr(maxcpus, ','); | |
350 | if (c1) | |
351 | c1++; | |
352 | ||
353 | c2 = strrchr(maxcpus, '-'); | |
354 | if (c2) | |
355 | c2++; | |
356 | ||
357 | if (!c1 && !c2) | |
358 | c1 = maxcpus; | |
359 | else if (c1 > c2) | |
360 | c2 = c1; | |
361 | else if (c1 < c2) | |
362 | c1 = c2; | |
333987b9 | 363 | else if (!c1 && c2) |
a54694f8 CB |
364 | c1 = c2; |
365 | ||
a54694f8 CB |
366 | errno = 0; |
367 | cpus = strtoul(c1, NULL, 0); | |
368 | if (errno != 0) | |
369 | return -1; | |
370 | ||
371 | return cpus; | |
372 | } | |
373 | ||
6f9584d8 | 374 | #define __ISOL_CPUS "/sys/devices/system/cpu/isolated" |
a3926f6a | 375 | static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized) |
a54694f8 | 376 | { |
a54694f8 CB |
377 | int ret; |
378 | ssize_t i; | |
59ac3b88 CB |
379 | char *lastslash, *fpath, oldv; |
380 | ssize_t maxisol = 0, maxposs = 0; | |
381 | char *cpulist = NULL, *isolcpus = NULL, *posscpus = NULL; | |
382 | uint32_t *isolmask = NULL, *possmask = NULL; | |
6f9584d8 | 383 | bool bret = false, flipped_bit = false; |
a54694f8 CB |
384 | |
385 | lastslash = strrchr(path, '/'); | |
59ac3b88 CB |
386 | if (!lastslash) { |
387 | ERROR("Failed to detect \"/\" in \"%s\"", path); | |
a54694f8 CB |
388 | return bret; |
389 | } | |
390 | oldv = *lastslash; | |
391 | *lastslash = '\0'; | |
392 | fpath = must_make_path(path, "cpuset.cpus", NULL); | |
393 | posscpus = read_file(fpath); | |
6f9584d8 | 394 | if (!posscpus) { |
59ac3b88 | 395 | SYSERROR("Failed to read file \"%s\"", fpath); |
6f9584d8 CB |
396 | goto on_error; |
397 | } | |
a54694f8 CB |
398 | |
399 | /* Get maximum number of cpus found in possible cpuset. */ | |
400 | maxposs = get_max_cpus(posscpus); | |
401 | if (maxposs < 0) | |
6f9584d8 | 402 | goto on_error; |
a54694f8 | 403 | |
6f9584d8 CB |
404 | if (!file_exists(__ISOL_CPUS)) { |
405 | /* This system doesn't expose isolated cpus. */ | |
59ac3b88 | 406 | DEBUG("The path \""__ISOL_CPUS"\" to read isolated cpus from does not exist"); |
65d29cbc CB |
407 | cpulist = posscpus; |
408 | /* No isolated cpus but we weren't already initialized by | |
409 | * someone. We should simply copy the parents cpuset.cpus | |
410 | * values. | |
411 | */ | |
412 | if (!am_initialized) { | |
59ac3b88 | 413 | DEBUG("Copying cpu settings of parent cgroup"); |
65d29cbc CB |
414 | goto copy_parent; |
415 | } | |
416 | /* No isolated cpus but we were already initialized by someone. | |
417 | * Nothing more to do for us. | |
418 | */ | |
6f9584d8 CB |
419 | goto on_success; |
420 | } | |
421 | ||
422 | isolcpus = read_file(__ISOL_CPUS); | |
423 | if (!isolcpus) { | |
59ac3b88 | 424 | SYSERROR("Failed to read file \""__ISOL_CPUS"\""); |
6f9584d8 CB |
425 | goto on_error; |
426 | } | |
a54694f8 | 427 | if (!isdigit(isolcpus[0])) { |
59ac3b88 | 428 | TRACE("No isolated cpus detected"); |
a54694f8 CB |
429 | cpulist = posscpus; |
430 | /* No isolated cpus but we weren't already initialized by | |
431 | * someone. We should simply copy the parents cpuset.cpus | |
432 | * values. | |
433 | */ | |
6f9584d8 | 434 | if (!am_initialized) { |
59ac3b88 | 435 | DEBUG("Copying cpu settings of parent cgroup"); |
a54694f8 | 436 | goto copy_parent; |
6f9584d8 | 437 | } |
a54694f8 CB |
438 | /* No isolated cpus but we were already initialized by someone. |
439 | * Nothing more to do for us. | |
440 | */ | |
6f9584d8 | 441 | goto on_success; |
a54694f8 CB |
442 | } |
443 | ||
444 | /* Get maximum number of cpus found in isolated cpuset. */ | |
445 | maxisol = get_max_cpus(isolcpus); | |
446 | if (maxisol < 0) | |
6f9584d8 | 447 | goto on_error; |
a54694f8 CB |
448 | |
449 | if (maxposs < maxisol) | |
450 | maxposs = maxisol; | |
451 | maxposs++; | |
452 | ||
453 | possmask = lxc_cpumask(posscpus, maxposs); | |
6f9584d8 | 454 | if (!possmask) { |
59ac3b88 | 455 | ERROR("Failed to create cpumask for possible cpus"); |
6f9584d8 CB |
456 | goto on_error; |
457 | } | |
a54694f8 CB |
458 | |
459 | isolmask = lxc_cpumask(isolcpus, maxposs); | |
6f9584d8 | 460 | if (!isolmask) { |
59ac3b88 | 461 | ERROR("Failed to create cpumask for isolated cpus"); |
6f9584d8 CB |
462 | goto on_error; |
463 | } | |
a54694f8 CB |
464 | |
465 | for (i = 0; i <= maxposs; i++) { | |
59ac3b88 CB |
466 | if (!is_set(i, isolmask) || !is_set(i, possmask)) |
467 | continue; | |
468 | ||
469 | flipped_bit = true; | |
470 | clear_bit(i, possmask); | |
a54694f8 CB |
471 | } |
472 | ||
6f9584d8 | 473 | if (!flipped_bit) { |
59ac3b88 | 474 | DEBUG("No isolated cpus present in cpuset"); |
6f9584d8 CB |
475 | goto on_success; |
476 | } | |
59ac3b88 | 477 | DEBUG("Removed isolated cpus from cpuset"); |
6f9584d8 | 478 | |
a54694f8 | 479 | cpulist = lxc_cpumask_to_cpulist(possmask, maxposs); |
6f9584d8 | 480 | if (!cpulist) { |
59ac3b88 | 481 | ERROR("Failed to create cpu list"); |
6f9584d8 CB |
482 | goto on_error; |
483 | } | |
a54694f8 CB |
484 | |
485 | copy_parent: | |
486 | *lastslash = oldv; | |
dcbc861e | 487 | free(fpath); |
a54694f8 | 488 | fpath = must_make_path(path, "cpuset.cpus", NULL); |
7cea5905 | 489 | ret = lxc_write_to_file(fpath, cpulist, strlen(cpulist), false, 0666); |
6f9584d8 | 490 | if (ret < 0) { |
59ac3b88 | 491 | SYSERROR("Failed to write cpu list to \"%s\"", fpath); |
6f9584d8 CB |
492 | goto on_error; |
493 | } | |
494 | ||
495 | on_success: | |
496 | bret = true; | |
a54694f8 | 497 | |
6f9584d8 | 498 | on_error: |
a54694f8 CB |
499 | free(fpath); |
500 | ||
501 | free(isolcpus); | |
502 | free(isolmask); | |
503 | ||
504 | if (posscpus != cpulist) | |
505 | free(posscpus); | |
506 | free(possmask); | |
507 | ||
508 | free(cpulist); | |
509 | return bret; | |
510 | } | |
511 | ||
e3a3fecf SH |
512 | /* Copy contents of parent(@path)/@file to @path/@file */ |
513 | static bool copy_parent_file(char *path, char *file) | |
514 | { | |
e3a3fecf | 515 | int ret; |
b095a8eb CB |
516 | char *fpath, *lastslash, oldv; |
517 | int len = 0; | |
518 | char *value = NULL; | |
e3a3fecf SH |
519 | |
520 | lastslash = strrchr(path, '/'); | |
b095a8eb CB |
521 | if (!lastslash) { |
522 | ERROR("Failed to detect \"/\" in \"%s\"", path); | |
e3a3fecf SH |
523 | return false; |
524 | } | |
525 | oldv = *lastslash; | |
526 | *lastslash = '\0'; | |
527 | fpath = must_make_path(path, file, NULL); | |
528 | len = lxc_read_from_file(fpath, NULL, 0); | |
529 | if (len <= 0) | |
b095a8eb CB |
530 | goto on_error; |
531 | ||
e3a3fecf | 532 | value = must_alloc(len + 1); |
b095a8eb CB |
533 | ret = lxc_read_from_file(fpath, value, len); |
534 | if (ret != len) | |
535 | goto on_error; | |
e3a3fecf | 536 | free(fpath); |
b095a8eb | 537 | |
e3a3fecf SH |
538 | *lastslash = oldv; |
539 | fpath = must_make_path(path, file, NULL); | |
7cea5905 | 540 | ret = lxc_write_to_file(fpath, value, len, false, 0666); |
e3a3fecf | 541 | if (ret < 0) |
b095a8eb | 542 | SYSERROR("Failed to write \"%s\" to file \"%s\"", value, fpath); |
e3a3fecf SH |
543 | free(fpath); |
544 | free(value); | |
545 | return ret >= 0; | |
546 | ||
b095a8eb CB |
547 | on_error: |
548 | SYSERROR("Failed to read file \"%s\"", fpath); | |
e3a3fecf SH |
549 | free(fpath); |
550 | free(value); | |
551 | return false; | |
552 | } | |
553 | ||
7793add3 CB |
554 | /* Initialize the cpuset hierarchy in first directory of @gname and set |
555 | * cgroup.clone_children so that children inherit settings. Since the | |
556 | * h->base_path is populated by init or ourselves, we know it is already | |
557 | * initialized. | |
e3a3fecf | 558 | */ |
a3926f6a | 559 | static bool cg_legacy_handle_cpuset_hierarchy(struct hierarchy *h, char *cgname) |
e3a3fecf | 560 | { |
7793add3 CB |
561 | int ret; |
562 | char v; | |
563 | char *cgpath, *clonechildrenpath, *slash; | |
e3a3fecf SH |
564 | |
565 | if (!string_in_list(h->controllers, "cpuset")) | |
566 | return true; | |
567 | ||
568 | if (*cgname == '/') | |
569 | cgname++; | |
570 | slash = strchr(cgname, '/'); | |
571 | if (slash) | |
572 | *slash = '\0'; | |
573 | ||
574 | cgpath = must_make_path(h->mountpoint, h->base_cgroup, cgname, NULL); | |
575 | if (slash) | |
576 | *slash = '/'; | |
7793add3 CB |
577 | |
578 | ret = mkdir(cgpath, 0755); | |
579 | if (ret < 0) { | |
580 | if (errno != EEXIST) { | |
581 | SYSERROR("Failed to create directory \"%s\"", cgpath); | |
582 | free(cgpath); | |
583 | return false; | |
584 | } | |
e3a3fecf | 585 | } |
6f9584d8 | 586 | |
7793add3 CB |
587 | clonechildrenpath = |
588 | must_make_path(cgpath, "cgroup.clone_children", NULL); | |
6328fd9c CB |
589 | /* unified hierarchy doesn't have clone_children */ |
590 | if (!file_exists(clonechildrenpath)) { | |
e3a3fecf SH |
591 | free(clonechildrenpath); |
592 | free(cgpath); | |
593 | return true; | |
594 | } | |
7793add3 CB |
595 | |
596 | ret = lxc_read_from_file(clonechildrenpath, &v, 1); | |
597 | if (ret < 0) { | |
598 | SYSERROR("Failed to read file \"%s\"", clonechildrenpath); | |
e3a3fecf SH |
599 | free(clonechildrenpath); |
600 | free(cgpath); | |
601 | return false; | |
602 | } | |
603 | ||
a54694f8 | 604 | /* Make sure any isolated cpus are removed from cpuset.cpus. */ |
a3926f6a | 605 | if (!cg_legacy_filter_and_set_cpus(cgpath, v == '1')) { |
7793add3 | 606 | SYSERROR("Failed to remove isolated cpus"); |
6f9584d8 CB |
607 | free(clonechildrenpath); |
608 | free(cgpath); | |
a54694f8 | 609 | return false; |
6f9584d8 | 610 | } |
a54694f8 | 611 | |
7793add3 CB |
612 | /* Already set for us by someone else. */ |
613 | if (v == '1') { | |
614 | DEBUG("\"cgroup.clone_children\" was already set to \"1\""); | |
e3a3fecf SH |
615 | free(clonechildrenpath); |
616 | free(cgpath); | |
617 | return true; | |
618 | } | |
619 | ||
620 | /* copy parent's settings */ | |
a54694f8 | 621 | if (!copy_parent_file(cgpath, "cpuset.mems")) { |
7793add3 | 622 | SYSERROR("Failed to copy \"cpuset.mems\" settings"); |
e3a3fecf SH |
623 | free(cgpath); |
624 | free(clonechildrenpath); | |
625 | return false; | |
626 | } | |
627 | free(cgpath); | |
628 | ||
7cea5905 | 629 | ret = lxc_write_to_file(clonechildrenpath, "1", 1, false, 0666); |
7793add3 | 630 | if (ret < 0) { |
e3a3fecf | 631 | /* Set clone_children so children inherit our settings */ |
7793add3 | 632 | SYSERROR("Failed to write 1 to \"%s\"", clonechildrenpath); |
e3a3fecf SH |
633 | free(clonechildrenpath); |
634 | return false; | |
635 | } | |
636 | free(clonechildrenpath); | |
637 | return true; | |
638 | } | |
639 | ||
5c0089ae CB |
640 | /* Given two null-terminated lists of strings, return true if any string is in |
641 | * both. | |
ccb4cabe SH |
642 | */ |
643 | static bool controller_lists_intersect(char **l1, char **l2) | |
644 | { | |
645 | int i; | |
646 | ||
647 | if (!l1 || !l2) | |
648 | return false; | |
649 | ||
650 | for (i = 0; l1[i]; i++) { | |
651 | if (string_in_list(l2, l1[i])) | |
652 | return true; | |
653 | } | |
5c0089ae | 654 | |
ccb4cabe SH |
655 | return false; |
656 | } | |
657 | ||
258449e5 CB |
658 | /* For a null-terminated list of controllers @clist, return true if any of those |
659 | * controllers is already listed the null-terminated list of hierarchies @hlist. | |
660 | * Realistically, if one is present, all must be present. | |
ccb4cabe SH |
661 | */ |
662 | static bool controller_list_is_dup(struct hierarchy **hlist, char **clist) | |
663 | { | |
664 | int i; | |
665 | ||
666 | if (!hlist) | |
667 | return false; | |
258449e5 | 668 | |
ccb4cabe SH |
669 | for (i = 0; hlist[i]; i++) |
670 | if (controller_lists_intersect(hlist[i]->controllers, clist)) | |
671 | return true; | |
ccb4cabe | 672 | |
258449e5 | 673 | return false; |
ccb4cabe SH |
674 | } |
675 | ||
f57ac67f CB |
676 | /* Return true if the controller @entry is found in the null-terminated list of |
677 | * hierarchies @hlist. | |
ccb4cabe SH |
678 | */ |
679 | static bool controller_found(struct hierarchy **hlist, char *entry) | |
680 | { | |
681 | int i; | |
d6337a5f | 682 | |
ccb4cabe SH |
683 | if (!hlist) |
684 | return false; | |
685 | ||
686 | for (i = 0; hlist[i]; i++) | |
687 | if (string_in_list(hlist[i]->controllers, entry)) | |
688 | return true; | |
d6337a5f | 689 | |
ccb4cabe SH |
690 | return false; |
691 | } | |
692 | ||
e1c27ab0 CB |
693 | /* Return true if all of the controllers which we require have been found. The |
694 | * required list is freezer and anything in lxc.cgroup.use. | |
ccb4cabe | 695 | */ |
2202afc9 | 696 | static bool all_controllers_found(struct cgroup_ops *ops) |
ccb4cabe | 697 | { |
b7b18fc5 | 698 | char **cur; |
2202afc9 | 699 | struct hierarchy **hlist = ops->hierarchies; |
ccb4cabe | 700 | |
ccb4cabe | 701 | if (!controller_found(hlist, "freezer")) { |
2202afc9 | 702 | ERROR("No freezer controller mountpoint found"); |
ccb4cabe SH |
703 | return false; |
704 | } | |
705 | ||
2202afc9 | 706 | if (!ops->cgroup_use) |
ccb4cabe | 707 | return true; |
c2712f64 | 708 | |
b7b18fc5 CB |
709 | for (cur = ops->cgroup_use; cur && *cur; cur++) |
710 | if (!controller_found(hlist, *cur)) { | |
711 | ERROR("No %s controller mountpoint found", *cur); | |
ccb4cabe SH |
712 | return false; |
713 | } | |
c2712f64 | 714 | |
ccb4cabe SH |
715 | return true; |
716 | } | |
717 | ||
f205f10c CB |
718 | /* Get the controllers from a mountinfo line There are other ways we could get |
719 | * this info. For lxcfs, field 3 is /cgroup/controller-list. For cgroupfs, we | |
720 | * could parse the mount options. But we simply assume that the mountpoint must | |
721 | * be /sys/fs/cgroup/controller-list | |
ccb4cabe | 722 | */ |
a3926f6a CB |
723 | static char **cg_hybrid_get_controllers(char **klist, char **nlist, char *line, |
724 | int type) | |
ccb4cabe | 725 | { |
f205f10c CB |
726 | /* The fourth field is /sys/fs/cgroup/comma-delimited-controller-list |
727 | * for legacy hierarchies. | |
728 | */ | |
ccb4cabe | 729 | int i; |
411ac6d8 | 730 | char *dup, *p2, *tok; |
d6337a5f | 731 | char *p = line, *saveptr = NULL, *sep = ","; |
411ac6d8 | 732 | char **aret = NULL; |
6328fd9c | 733 | |
ccb4cabe | 734 | for (i = 0; i < 4; i++) { |
235f1815 | 735 | p = strchr(p, ' '); |
ccb4cabe SH |
736 | if (!p) |
737 | return NULL; | |
738 | p++; | |
739 | } | |
a55f31bd | 740 | |
f205f10c CB |
741 | /* Note, if we change how mountinfo works, then our caller will need to |
742 | * verify /sys/fs/cgroup/ in this field. | |
743 | */ | |
744 | if (strncmp(p, "/sys/fs/cgroup/", 15) != 0) { | |
2202afc9 | 745 | ERROR("Found hierarchy not under /sys/fs/cgroup: \"%s\"", p); |
ccb4cabe | 746 | return NULL; |
5059aae9 | 747 | } |
d6337a5f | 748 | |
ccb4cabe | 749 | p += 15; |
235f1815 | 750 | p2 = strchr(p, ' '); |
ccb4cabe | 751 | if (!p2) { |
2202afc9 | 752 | ERROR("Corrupt mountinfo"); |
ccb4cabe SH |
753 | return NULL; |
754 | } | |
755 | *p2 = '\0'; | |
6328fd9c | 756 | |
d6337a5f CB |
757 | if (type == CGROUP_SUPER_MAGIC) { |
758 | /* strdup() here for v1 hierarchies. Otherwise strtok_r() will | |
759 | * destroy mountpoints such as "/sys/fs/cgroup/cpu,cpuacct". | |
760 | */ | |
761 | dup = strdup(p); | |
762 | if (!dup) | |
763 | return NULL; | |
764 | ||
765 | for (tok = strtok_r(dup, sep, &saveptr); tok; | |
766 | tok = strtok_r(NULL, sep, &saveptr)) | |
767 | must_append_controller(klist, nlist, &aret, tok); | |
768 | ||
769 | free(dup); | |
411ac6d8 | 770 | } |
d6337a5f | 771 | *p2 = ' '; |
f205f10c | 772 | |
d6337a5f CB |
773 | return aret; |
774 | } | |
411ac6d8 | 775 | |
d6337a5f CB |
776 | static char **cg_unified_make_empty_controller(void) |
777 | { | |
778 | int newentry; | |
779 | char **aret = NULL; | |
780 | ||
781 | newentry = append_null_to_list((void ***)&aret); | |
782 | aret[newentry] = NULL; | |
783 | return aret; | |
784 | } | |
785 | ||
786 | static char **cg_unified_get_controllers(const char *file) | |
787 | { | |
788 | char *buf, *tok; | |
789 | char *saveptr = NULL, *sep = " \t\n"; | |
790 | char **aret = NULL; | |
791 | ||
792 | buf = read_file(file); | |
793 | if (!buf) | |
411ac6d8 | 794 | return NULL; |
6328fd9c | 795 | |
d6337a5f CB |
796 | for (tok = strtok_r(buf, sep, &saveptr); tok; |
797 | tok = strtok_r(NULL, sep, &saveptr)) { | |
798 | int newentry; | |
799 | char *copy; | |
800 | ||
801 | newentry = append_null_to_list((void ***)&aret); | |
802 | copy = must_copy_string(tok); | |
803 | aret[newentry] = copy; | |
ccb4cabe SH |
804 | } |
805 | ||
d6337a5f | 806 | free(buf); |
ccb4cabe SH |
807 | return aret; |
808 | } | |
809 | ||
2202afc9 | 810 | static struct hierarchy *add_hierarchy(struct hierarchy ***h, char **clist, char *mountpoint, |
d6337a5f | 811 | char *base_cgroup, int type) |
ccb4cabe SH |
812 | { |
813 | struct hierarchy *new; | |
814 | int newentry; | |
815 | ||
816 | new = must_alloc(sizeof(*new)); | |
817 | new->controllers = clist; | |
818 | new->mountpoint = mountpoint; | |
819 | new->base_cgroup = base_cgroup; | |
820 | new->fullcgpath = NULL; | |
d6337a5f | 821 | new->version = type; |
6328fd9c | 822 | |
2202afc9 CB |
823 | newentry = append_null_to_list((void ***)h); |
824 | (*h)[newentry] = new; | |
d6337a5f | 825 | return new; |
ccb4cabe SH |
826 | } |
827 | ||
798c3b33 CB |
828 | /* Get a copy of the mountpoint from @line, which is a line from |
829 | * /proc/self/mountinfo. | |
ccb4cabe | 830 | */ |
a3926f6a | 831 | static char *cg_hybrid_get_mountpoint(char *line) |
ccb4cabe SH |
832 | { |
833 | int i; | |
ccb4cabe | 834 | size_t len; |
798c3b33 CB |
835 | char *p2; |
836 | char *p = line, *sret = NULL; | |
ccb4cabe SH |
837 | |
838 | for (i = 0; i < 4; i++) { | |
235f1815 | 839 | p = strchr(p, ' '); |
ccb4cabe SH |
840 | if (!p) |
841 | return NULL; | |
842 | p++; | |
843 | } | |
d6337a5f | 844 | |
798c3b33 | 845 | if (strncmp(p, "/sys/fs/cgroup/", 15) != 0) |
d6337a5f CB |
846 | return NULL; |
847 | ||
848 | p2 = strchr(p + 15, ' '); | |
849 | if (!p2) | |
850 | return NULL; | |
851 | *p2 = '\0'; | |
852 | ||
ccb4cabe SH |
853 | len = strlen(p); |
854 | sret = must_alloc(len + 1); | |
855 | memcpy(sret, p, len); | |
856 | sret[len] = '\0'; | |
857 | return sret; | |
858 | } | |
859 | ||
f523291e | 860 | /* Given a multi-line string, return a null-terminated copy of the current line. */ |
ccb4cabe SH |
861 | static char *copy_to_eol(char *p) |
862 | { | |
235f1815 | 863 | char *p2 = strchr(p, '\n'), *sret; |
ccb4cabe SH |
864 | size_t len; |
865 | ||
866 | if (!p2) | |
867 | return NULL; | |
868 | ||
869 | len = p2 - p; | |
870 | sret = must_alloc(len + 1); | |
871 | memcpy(sret, p, len); | |
872 | sret[len] = '\0'; | |
873 | return sret; | |
874 | } | |
875 | ||
bced39de CB |
876 | /* cgline: pointer to character after the first ':' in a line in a \n-terminated |
877 | * /proc/self/cgroup file. Check whether controller c is present. | |
ccb4cabe SH |
878 | */ |
879 | static bool controller_in_clist(char *cgline, char *c) | |
880 | { | |
881 | char *tok, *saveptr = NULL, *eol, *tmp; | |
882 | size_t len; | |
883 | ||
235f1815 | 884 | eol = strchr(cgline, ':'); |
ccb4cabe SH |
885 | if (!eol) |
886 | return false; | |
887 | ||
888 | len = eol - cgline; | |
889 | tmp = alloca(len + 1); | |
890 | memcpy(tmp, cgline, len); | |
891 | tmp[len] = '\0'; | |
892 | ||
893 | for (tok = strtok_r(tmp, ",", &saveptr); tok; | |
d6337a5f | 894 | tok = strtok_r(NULL, ",", &saveptr)) { |
ccb4cabe SH |
895 | if (strcmp(tok, c) == 0) |
896 | return true; | |
897 | } | |
d6337a5f | 898 | |
ccb4cabe SH |
899 | return false; |
900 | } | |
901 | ||
c3ef912e CB |
902 | /* @basecginfo is a copy of /proc/$$/cgroup. Return the current cgroup for |
903 | * @controller. | |
ccb4cabe | 904 | */ |
c3ef912e CB |
905 | static char *cg_hybrid_get_current_cgroup(char *basecginfo, char *controller, |
906 | int type) | |
ccb4cabe SH |
907 | { |
908 | char *p = basecginfo; | |
6328fd9c | 909 | |
d6337a5f CB |
910 | for (;;) { |
911 | bool is_cgv2_base_cgroup = false; | |
912 | ||
6328fd9c | 913 | /* cgroup v2 entry in "/proc/<pid>/cgroup": "0::/some/path" */ |
d6337a5f CB |
914 | if ((type == CGROUP2_SUPER_MAGIC) && (*p == '0')) |
915 | is_cgv2_base_cgroup = true; | |
ccb4cabe | 916 | |
235f1815 | 917 | p = strchr(p, ':'); |
ccb4cabe SH |
918 | if (!p) |
919 | return NULL; | |
920 | p++; | |
d6337a5f CB |
921 | |
922 | if (is_cgv2_base_cgroup || (controller && controller_in_clist(p, controller))) { | |
235f1815 | 923 | p = strchr(p, ':'); |
ccb4cabe SH |
924 | if (!p) |
925 | return NULL; | |
926 | p++; | |
927 | return copy_to_eol(p); | |
928 | } | |
929 | ||
235f1815 | 930 | p = strchr(p, '\n'); |
ccb4cabe SH |
931 | if (!p) |
932 | return NULL; | |
933 | p++; | |
934 | } | |
935 | } | |
936 | ||
ccb4cabe SH |
937 | static void must_append_string(char ***list, char *entry) |
938 | { | |
6dfb18bf | 939 | int newentry; |
ccb4cabe SH |
940 | char *copy; |
941 | ||
6dfb18bf | 942 | newentry = append_null_to_list((void ***)list); |
ccb4cabe SH |
943 | copy = must_copy_string(entry); |
944 | (*list)[newentry] = copy; | |
945 | } | |
946 | ||
d6337a5f | 947 | static int get_existing_subsystems(char ***klist, char ***nlist) |
ccb4cabe SH |
948 | { |
949 | FILE *f; | |
950 | char *line = NULL; | |
951 | size_t len = 0; | |
952 | ||
d6337a5f CB |
953 | f = fopen("/proc/self/cgroup", "r"); |
954 | if (!f) | |
955 | return -1; | |
956 | ||
ccb4cabe SH |
957 | while (getline(&line, &len, f) != -1) { |
958 | char *p, *p2, *tok, *saveptr = NULL; | |
235f1815 | 959 | p = strchr(line, ':'); |
ccb4cabe SH |
960 | if (!p) |
961 | continue; | |
962 | p++; | |
235f1815 | 963 | p2 = strchr(p, ':'); |
ccb4cabe SH |
964 | if (!p2) |
965 | continue; | |
966 | *p2 = '\0'; | |
ff8d6ee9 | 967 | |
6328fd9c CB |
968 | /* If the kernel has cgroup v2 support, then /proc/self/cgroup |
969 | * contains an entry of the form: | |
ff8d6ee9 CB |
970 | * |
971 | * 0::/some/path | |
972 | * | |
6328fd9c | 973 | * In this case we use "cgroup2" as controller name. |
ff8d6ee9 | 974 | */ |
6328fd9c CB |
975 | if ((p2 - p) == 0) { |
976 | must_append_string(klist, "cgroup2"); | |
ff8d6ee9 | 977 | continue; |
6328fd9c | 978 | } |
ff8d6ee9 | 979 | |
ccb4cabe | 980 | for (tok = strtok_r(p, ",", &saveptr); tok; |
d6337a5f | 981 | tok = strtok_r(NULL, ",", &saveptr)) { |
ccb4cabe SH |
982 | if (strncmp(tok, "name=", 5) == 0) |
983 | must_append_string(nlist, tok); | |
984 | else | |
985 | must_append_string(klist, tok); | |
986 | } | |
987 | } | |
988 | ||
989 | free(line); | |
990 | fclose(f); | |
d6337a5f | 991 | return 0; |
ccb4cabe SH |
992 | } |
993 | ||
994 | static void trim(char *s) | |
995 | { | |
7689dfd7 CB |
996 | size_t len; |
997 | ||
998 | len = strlen(s); | |
2c28d76b | 999 | while ((len > 1) && (s[len - 1] == '\n')) |
ccb4cabe SH |
1000 | s[--len] = '\0'; |
1001 | } | |
1002 | ||
2202afc9 | 1003 | static void lxc_cgfsng_print_hierarchies(struct cgroup_ops *ops) |
ccb4cabe SH |
1004 | { |
1005 | int i; | |
27d84737 | 1006 | struct hierarchy **it; |
41c33dbe | 1007 | |
2202afc9 CB |
1008 | if (!ops->hierarchies) { |
1009 | TRACE(" No hierarchies found"); | |
ccb4cabe SH |
1010 | return; |
1011 | } | |
27d84737 | 1012 | |
2202afc9 CB |
1013 | TRACE(" Hierarchies:"); |
1014 | for (i = 0, it = ops->hierarchies; it && *it; it++, i++) { | |
ccb4cabe | 1015 | int j; |
27d84737 CB |
1016 | char **cit; |
1017 | ||
2202afc9 CB |
1018 | TRACE(" %d: base_cgroup: %s", i, (*it)->base_cgroup ? (*it)->base_cgroup : "(null)"); |
1019 | TRACE(" mountpoint: %s", (*it)->mountpoint ? (*it)->mountpoint : "(null)"); | |
1020 | TRACE(" controllers:"); | |
a7b0cc4c | 1021 | for (j = 0, cit = (*it)->controllers; cit && *cit; cit++, j++) |
2202afc9 | 1022 | TRACE(" %d: %s", j, *cit); |
ccb4cabe SH |
1023 | } |
1024 | } | |
41c33dbe | 1025 | |
a3926f6a CB |
1026 | static void lxc_cgfsng_print_basecg_debuginfo(char *basecginfo, char **klist, |
1027 | char **nlist) | |
41c33dbe SH |
1028 | { |
1029 | int k; | |
a7b0cc4c | 1030 | char **it; |
41c33dbe | 1031 | |
2202afc9 CB |
1032 | TRACE("basecginfo is:"); |
1033 | TRACE("%s", basecginfo); | |
41c33dbe | 1034 | |
a7b0cc4c | 1035 | for (k = 0, it = klist; it && *it; it++, k++) |
2202afc9 | 1036 | TRACE("kernel subsystem %d: %s", k, *it); |
0f71dd9b | 1037 | |
a7b0cc4c | 1038 | for (k = 0, it = nlist; it && *it; it++, k++) |
2202afc9 | 1039 | TRACE("named subsystem %d: %s", k, *it); |
41c33dbe | 1040 | } |
ccb4cabe | 1041 | |
2202afc9 CB |
1042 | static int cgroup_rmdir(struct hierarchy **hierarchies, |
1043 | const char *container_cgroup) | |
c71d83e1 | 1044 | { |
2202afc9 | 1045 | int i; |
d6337a5f | 1046 | |
2202afc9 CB |
1047 | if (!container_cgroup || !hierarchies) |
1048 | return 0; | |
d6337a5f | 1049 | |
2202afc9 CB |
1050 | for (i = 0; hierarchies[i]; i++) { |
1051 | int ret; | |
1052 | struct hierarchy *h = hierarchies[i]; | |
d6337a5f | 1053 | |
2202afc9 CB |
1054 | if (!h->fullcgpath) |
1055 | continue; | |
1056 | ||
1057 | ret = recursive_destroy(h->fullcgpath); | |
1058 | if (ret < 0) | |
1059 | WARN("Failed to destroy \"%s\"", h->fullcgpath); | |
1060 | ||
1061 | free(h->fullcgpath); | |
1062 | h->fullcgpath = NULL; | |
1063 | } | |
d6337a5f | 1064 | |
c71d83e1 | 1065 | return 0; |
d6337a5f CB |
1066 | } |
1067 | ||
2202afc9 CB |
1068 | struct generic_userns_exec_data { |
1069 | struct hierarchy **hierarchies; | |
1070 | const char *container_cgroup; | |
1071 | struct lxc_conf *conf; | |
1072 | uid_t origuid; /* target uid in parent namespace */ | |
1073 | char *path; | |
1074 | }; | |
d6337a5f | 1075 | |
2202afc9 CB |
1076 | static int cgroup_rmdir_wrapper(void *data) |
1077 | { | |
1078 | int ret; | |
1079 | struct generic_userns_exec_data *arg = data; | |
1080 | uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid; | |
1081 | gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid; | |
d6337a5f | 1082 | |
2202afc9 CB |
1083 | ret = setresgid(nsgid, nsgid, nsgid); |
1084 | if (ret < 0) { | |
1085 | SYSERROR("Failed to setresgid(%d, %d, %d)", (int)nsgid, | |
1086 | (int)nsgid, (int)nsgid); | |
1087 | return -1; | |
1088 | } | |
d6337a5f | 1089 | |
2202afc9 CB |
1090 | ret = setresuid(nsuid, nsuid, nsuid); |
1091 | if (ret < 0) { | |
1092 | SYSERROR("Failed to setresuid(%d, %d, %d)", (int)nsuid, | |
1093 | (int)nsuid, (int)nsuid); | |
1094 | return -1; | |
1095 | } | |
d6337a5f | 1096 | |
2202afc9 CB |
1097 | ret = setgroups(0, NULL); |
1098 | if (ret < 0 && errno != EPERM) { | |
1099 | SYSERROR("Failed to setgroups(0, NULL)"); | |
1100 | return -1; | |
1101 | } | |
d6337a5f | 1102 | |
2202afc9 | 1103 | return cgroup_rmdir(arg->hierarchies, arg->container_cgroup); |
d6337a5f CB |
1104 | } |
1105 | ||
2202afc9 | 1106 | static void cgfsng_destroy(struct cgroup_ops *ops, struct lxc_handler *handler) |
d6337a5f CB |
1107 | { |
1108 | int ret; | |
2202afc9 | 1109 | struct generic_userns_exec_data wrap; |
bd8ef4e4 | 1110 | |
4160c3a0 | 1111 | wrap.origuid = 0; |
2202afc9 CB |
1112 | wrap.container_cgroup = ops->container_cgroup; |
1113 | wrap.hierarchies = ops->hierarchies; | |
1114 | wrap.conf = handler->conf; | |
4160c3a0 | 1115 | |
2202afc9 CB |
1116 | if (handler->conf && !lxc_list_empty(&handler->conf->id_map)) |
1117 | ret = userns_exec_1(handler->conf, cgroup_rmdir_wrapper, &wrap, | |
bd8ef4e4 | 1118 | "cgroup_rmdir_wrapper"); |
ccb4cabe | 1119 | else |
2202afc9 | 1120 | ret = cgroup_rmdir(ops->hierarchies, ops->container_cgroup); |
bd8ef4e4 CB |
1121 | if (ret < 0) { |
1122 | WARN("Failed to destroy cgroups"); | |
ccb4cabe | 1123 | return; |
ccb4cabe | 1124 | } |
ccb4cabe SH |
1125 | } |
1126 | ||
a3926f6a | 1127 | static bool cg_unified_create_cgroup(struct hierarchy *h, char *cgname) |
0c3deb94 | 1128 | { |
0c3deb94 | 1129 | size_t i, parts_len; |
389d44ec | 1130 | char **it; |
0c3deb94 CB |
1131 | size_t full_len = 0; |
1132 | char *add_controllers = NULL, *cgroup = NULL; | |
1133 | char **parts = NULL; | |
1134 | bool bret = false; | |
1135 | ||
1136 | if (h->version != CGROUP2_SUPER_MAGIC) | |
1137 | return true; | |
1138 | ||
1139 | if (!h->controllers) | |
1140 | return true; | |
1141 | ||
1142 | /* For now we simply enable all controllers that we have detected by | |
1143 | * creating a string like "+memory +pids +cpu +io". | |
1144 | * TODO: In the near future we might want to support "-<controller>" | |
1145 | * etc. but whether supporting semantics like this make sense will need | |
1146 | * some thinking. | |
1147 | */ | |
1148 | for (it = h->controllers; it && *it; it++) { | |
64e82f8b DJ |
1149 | full_len += strlen(*it) + 2; |
1150 | add_controllers = must_realloc(add_controllers, full_len + 1); | |
1151 | ||
1152 | if (h->controllers[0] == *it) | |
1153 | add_controllers[0] = '\0'; | |
1154 | ||
3ebe2fbd DJ |
1155 | (void)strlcat(add_controllers, "+", full_len + 1); |
1156 | (void)strlcat(add_controllers, *it, full_len + 1); | |
64e82f8b DJ |
1157 | |
1158 | if ((it + 1) && *(it + 1)) | |
3ebe2fbd | 1159 | (void)strlcat(add_controllers, " ", full_len + 1); |
0c3deb94 CB |
1160 | } |
1161 | ||
1162 | parts = lxc_string_split(cgname, '/'); | |
1163 | if (!parts) | |
1164 | goto on_error; | |
64e82f8b | 1165 | |
0c3deb94 CB |
1166 | parts_len = lxc_array_len((void **)parts); |
1167 | if (parts_len > 0) | |
1168 | parts_len--; | |
1169 | ||
1170 | cgroup = must_make_path(h->mountpoint, h->base_cgroup, NULL); | |
1171 | for (i = 0; i < parts_len; i++) { | |
1172 | int ret; | |
1173 | char *target; | |
1174 | ||
1175 | cgroup = must_append_path(cgroup, parts[i], NULL); | |
1176 | target = must_make_path(cgroup, "cgroup.subtree_control", NULL); | |
7cea5905 | 1177 | ret = lxc_write_to_file(target, add_controllers, full_len, false, 0666); |
0c3deb94 CB |
1178 | free(target); |
1179 | if (ret < 0) { | |
1180 | SYSERROR("Could not enable \"%s\" controllers in the " | |
1181 | "unified cgroup \"%s\"", add_controllers, cgroup); | |
1182 | goto on_error; | |
1183 | } | |
1184 | } | |
1185 | ||
1186 | bret = true; | |
1187 | ||
1188 | on_error: | |
1189 | lxc_free_array((void **)parts, free); | |
1190 | free(add_controllers); | |
1191 | free(cgroup); | |
1192 | return bret; | |
1193 | } | |
1194 | ||
ccb4cabe SH |
1195 | static bool create_path_for_hierarchy(struct hierarchy *h, char *cgname) |
1196 | { | |
0c3deb94 CB |
1197 | int ret; |
1198 | ||
e3a3fecf | 1199 | h->fullcgpath = must_make_path(h->mountpoint, h->base_cgroup, cgname, NULL); |
4b4205e3 CB |
1200 | if (dir_exists(h->fullcgpath)) { |
1201 | ERROR("The cgroup \"%s\" already existed", h->fullcgpath); | |
d8da679e | 1202 | return false; |
6f9584d8 | 1203 | } |
0c3deb94 | 1204 | |
a3926f6a | 1205 | if (!cg_legacy_handle_cpuset_hierarchy(h, cgname)) { |
4b4205e3 | 1206 | ERROR("Failed to handle legacy cpuset controller"); |
0c3deb94 CB |
1207 | return false; |
1208 | } | |
1209 | ||
1210 | ret = mkdir_p(h->fullcgpath, 0755); | |
1211 | if (ret < 0) { | |
1212 | ERROR("Failed to create cgroup \"%s\"", h->fullcgpath); | |
e3a3fecf | 1213 | return false; |
6f9584d8 | 1214 | } |
0c3deb94 | 1215 | |
a3926f6a | 1216 | return cg_unified_create_cgroup(h, cgname); |
ccb4cabe SH |
1217 | } |
1218 | ||
1219 | static void remove_path_for_hierarchy(struct hierarchy *h, char *cgname) | |
1220 | { | |
e56639fb CB |
1221 | int ret; |
1222 | ||
1223 | ret = rmdir(h->fullcgpath); | |
1224 | if (ret < 0) | |
1225 | SYSERROR("Failed to rmdir(\"%s\") from failed creation attempt", h->fullcgpath); | |
1226 | ||
ccb4cabe SH |
1227 | free(h->fullcgpath); |
1228 | h->fullcgpath = NULL; | |
1229 | } | |
1230 | ||
cecad0c1 CB |
1231 | /* Try to create the same cgroup in all hierarchies. Start with cgroup_pattern; |
1232 | * next cgroup_pattern-1, -2, ..., -999. | |
ccb4cabe | 1233 | */ |
2202afc9 CB |
1234 | static inline bool cgfsng_create(struct cgroup_ops *ops, |
1235 | struct lxc_handler *handler) | |
ccb4cabe | 1236 | { |
bb30b52a | 1237 | int i; |
ccb4cabe | 1238 | size_t len; |
0c3deb94 | 1239 | char *container_cgroup, *offset, *tmp; |
7d531e9b | 1240 | int idx = 0; |
2202afc9 | 1241 | struct lxc_conf *conf = handler->conf; |
ccb4cabe | 1242 | |
2202afc9 CB |
1243 | if (ops->container_cgroup) { |
1244 | WARN("cgfsng_create called a second time: %s", ops->container_cgroup); | |
ccb4cabe | 1245 | return false; |
2202afc9 | 1246 | } |
43654d34 | 1247 | |
2202afc9 | 1248 | if (!conf) |
ccb4cabe | 1249 | return false; |
ccb4cabe | 1250 | |
2202afc9 | 1251 | if (conf->cgroup_meta.dir) |
3ec12d39 | 1252 | tmp = lxc_string_join("/", (const char *[]){conf->cgroup_meta.dir, handler->name, NULL}, false); |
43654d34 | 1253 | else |
2202afc9 | 1254 | tmp = lxc_string_replace("%n", handler->name, ops->cgroup_pattern); |
ccb4cabe SH |
1255 | if (!tmp) { |
1256 | ERROR("Failed expanding cgroup name pattern"); | |
1257 | return false; | |
1258 | } | |
64e82f8b | 1259 | |
1a0e70ac | 1260 | len = strlen(tmp) + 5; /* leave room for -NNN\0 */ |
0c3deb94 | 1261 | container_cgroup = must_alloc(len); |
64e82f8b | 1262 | (void)strlcpy(container_cgroup, tmp, len); |
ccb4cabe | 1263 | free(tmp); |
0c3deb94 | 1264 | offset = container_cgroup + len - 5; |
ccb4cabe SH |
1265 | |
1266 | again: | |
95adfe93 SH |
1267 | if (idx == 1000) { |
1268 | ERROR("Too many conflicting cgroup names"); | |
ccb4cabe | 1269 | goto out_free; |
95adfe93 | 1270 | } |
cecad0c1 | 1271 | |
66b66624 | 1272 | if (idx) { |
bb30b52a CB |
1273 | int ret; |
1274 | ||
66b66624 CB |
1275 | ret = snprintf(offset, 5, "-%d", idx); |
1276 | if (ret < 0 || (size_t)ret >= 5) { | |
1277 | FILE *f = fopen("/dev/null", "w"); | |
97ebced3 | 1278 | if (f) { |
66b66624 CB |
1279 | fprintf(f, "Workaround for GCC7 bug: " |
1280 | "https://gcc.gnu.org/bugzilla/" | |
1281 | "show_bug.cgi?id=78969"); | |
1282 | fclose(f); | |
1283 | } | |
1284 | } | |
1285 | } | |
cecad0c1 | 1286 | |
2202afc9 CB |
1287 | for (i = 0; ops->hierarchies[i]; i++) { |
1288 | if (!create_path_for_hierarchy(ops->hierarchies[i], container_cgroup)) { | |
ccb4cabe | 1289 | int j; |
2202afc9 CB |
1290 | ERROR("Failed to create cgroup \"%s\"", ops->hierarchies[i]->fullcgpath); |
1291 | free(ops->hierarchies[i]->fullcgpath); | |
1292 | ops->hierarchies[i]->fullcgpath = NULL; | |
ccb4cabe | 1293 | for (j = 0; j < i; j++) |
2202afc9 | 1294 | remove_path_for_hierarchy(ops->hierarchies[j], container_cgroup); |
ccb4cabe SH |
1295 | idx++; |
1296 | goto again; | |
1297 | } | |
1298 | } | |
cecad0c1 | 1299 | |
2202afc9 | 1300 | ops->container_cgroup = container_cgroup; |
cecad0c1 | 1301 | |
ccb4cabe SH |
1302 | return true; |
1303 | ||
1304 | out_free: | |
0c3deb94 | 1305 | free(container_cgroup); |
cecad0c1 | 1306 | |
ccb4cabe SH |
1307 | return false; |
1308 | } | |
1309 | ||
2202afc9 | 1310 | static bool cgfsng_enter(struct cgroup_ops *ops, pid_t pid) |
ccb4cabe | 1311 | { |
ccb4cabe | 1312 | int i, len; |
08768001 | 1313 | char pidstr[25]; |
ccb4cabe SH |
1314 | |
1315 | len = snprintf(pidstr, 25, "%d", pid); | |
08768001 | 1316 | if (len < 0 || len >= 25) |
ccb4cabe SH |
1317 | return false; |
1318 | ||
2202afc9 | 1319 | for (i = 0; ops->hierarchies[i]; i++) { |
08768001 CB |
1320 | int ret; |
1321 | char *fullpath; | |
1322 | ||
2202afc9 | 1323 | fullpath = must_make_path(ops->hierarchies[i]->fullcgpath, |
08768001 | 1324 | "cgroup.procs", NULL); |
7cea5905 | 1325 | ret = lxc_write_to_file(fullpath, pidstr, len, false, 0666); |
08768001 CB |
1326 | if (ret != 0) { |
1327 | SYSERROR("Failed to enter cgroup \"%s\"", fullpath); | |
ccb4cabe SH |
1328 | free(fullpath); |
1329 | return false; | |
1330 | } | |
1331 | free(fullpath); | |
1332 | } | |
1333 | ||
1334 | return true; | |
1335 | } | |
1336 | ||
6efacf80 CB |
1337 | static int chowmod(char *path, uid_t chown_uid, gid_t chown_gid, |
1338 | mode_t chmod_mode) | |
1339 | { | |
1340 | int ret; | |
1341 | ||
1342 | ret = chown(path, chown_uid, chown_gid); | |
1343 | if (ret < 0) { | |
a24c5678 | 1344 | SYSWARN("Failed to chown(%s, %d, %d)", path, (int)chown_uid, (int)chown_gid); |
6efacf80 CB |
1345 | return -1; |
1346 | } | |
1347 | ||
1348 | ret = chmod(path, chmod_mode); | |
1349 | if (ret < 0) { | |
a24c5678 | 1350 | SYSWARN("Failed to chmod(%s, %d)", path, (int)chmod_mode); |
6efacf80 CB |
1351 | return -1; |
1352 | } | |
1353 | ||
1354 | return 0; | |
1355 | } | |
1356 | ||
1357 | /* chgrp the container cgroups to container group. We leave | |
c0888dfe SH |
1358 | * the container owner as cgroup owner. So we must make the |
1359 | * directories 775 so that the container can create sub-cgroups. | |
43647298 SH |
1360 | * |
1361 | * Also chown the tasks and cgroup.procs files. Those may not | |
1362 | * exist depending on kernel version. | |
c0888dfe | 1363 | */ |
ccb4cabe SH |
1364 | static int chown_cgroup_wrapper(void *data) |
1365 | { | |
6efacf80 | 1366 | int i, ret; |
4160c3a0 CB |
1367 | uid_t destuid; |
1368 | struct generic_userns_exec_data *arg = data; | |
1369 | uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid; | |
1370 | gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid; | |
ccb4cabe | 1371 | |
6efacf80 CB |
1372 | ret = setresgid(nsgid, nsgid, nsgid); |
1373 | if (ret < 0) { | |
1374 | SYSERROR("Failed to setresgid(%d, %d, %d)", | |
1375 | (int)nsgid, (int)nsgid, (int)nsgid); | |
1376 | return -1; | |
1377 | } | |
1378 | ||
1379 | ret = setresuid(nsuid, nsuid, nsuid); | |
1380 | if (ret < 0) { | |
1381 | SYSERROR("Failed to setresuid(%d, %d, %d)", | |
1382 | (int)nsuid, (int)nsuid, (int)nsuid); | |
1383 | return -1; | |
1384 | } | |
1385 | ||
1386 | ret = setgroups(0, NULL); | |
1387 | if (ret < 0 && errno != EPERM) { | |
1388 | SYSERROR("Failed to setgroups(0, NULL)"); | |
1389 | return -1; | |
1390 | } | |
ccb4cabe SH |
1391 | |
1392 | destuid = get_ns_uid(arg->origuid); | |
1393 | ||
2202afc9 | 1394 | for (i = 0; arg->hierarchies[i]; i++) { |
6efacf80 | 1395 | char *fullpath; |
2202afc9 | 1396 | char *path = arg->hierarchies[i]->fullcgpath; |
43647298 | 1397 | |
63e42fee | 1398 | ret = chowmod(path, destuid, nsgid, 0775); |
6efacf80 | 1399 | if (ret < 0) |
ccb4cabe | 1400 | return -1; |
c0888dfe | 1401 | |
6efacf80 CB |
1402 | /* Failures to chown() these are inconvenient but not |
1403 | * detrimental We leave these owned by the container launcher, | |
1404 | * so that container root can write to the files to attach. We | |
1405 | * chmod() them 664 so that container systemd can write to the | |
1406 | * files (which systemd in wily insists on doing). | |
ab8f5424 | 1407 | */ |
6efacf80 | 1408 | |
2202afc9 | 1409 | if (arg->hierarchies[i]->version == CGROUP_SUPER_MAGIC) { |
6efacf80 CB |
1410 | fullpath = must_make_path(path, "tasks", NULL); |
1411 | (void)chowmod(fullpath, destuid, nsgid, 0664); | |
1412 | free(fullpath); | |
1413 | } | |
43647298 SH |
1414 | |
1415 | fullpath = must_make_path(path, "cgroup.procs", NULL); | |
2202afc9 | 1416 | (void)chowmod(fullpath, destuid, nsgid, 0664); |
ccb4cabe | 1417 | free(fullpath); |
0e17357c | 1418 | |
2202afc9 | 1419 | if (arg->hierarchies[i]->version != CGROUP2_SUPER_MAGIC) |
0e17357c CB |
1420 | continue; |
1421 | ||
1422 | fullpath = must_make_path(path, "cgroup.subtree_control", NULL); | |
6efacf80 | 1423 | (void)chowmod(fullpath, destuid, nsgid, 0664); |
0e17357c CB |
1424 | free(fullpath); |
1425 | ||
1426 | fullpath = must_make_path(path, "cgroup.threads", NULL); | |
6efacf80 | 1427 | (void)chowmod(fullpath, destuid, nsgid, 0664); |
0e17357c | 1428 | free(fullpath); |
ccb4cabe SH |
1429 | } |
1430 | ||
1431 | return 0; | |
1432 | } | |
1433 | ||
2202afc9 | 1434 | static bool cgfsng_chown(struct cgroup_ops *ops, struct lxc_conf *conf) |
ccb4cabe | 1435 | { |
4160c3a0 | 1436 | struct generic_userns_exec_data wrap; |
ccb4cabe | 1437 | |
ccb4cabe SH |
1438 | if (lxc_list_empty(&conf->id_map)) |
1439 | return true; | |
1440 | ||
ccb4cabe | 1441 | wrap.origuid = geteuid(); |
4160c3a0 | 1442 | wrap.path = NULL; |
2202afc9 | 1443 | wrap.hierarchies = ops->hierarchies; |
4160c3a0 | 1444 | wrap.conf = conf; |
ccb4cabe | 1445 | |
c9b7c33e CB |
1446 | if (userns_exec_1(conf, chown_cgroup_wrapper, &wrap, |
1447 | "chown_cgroup_wrapper") < 0) { | |
f7faba6c | 1448 | ERROR("Error requesting cgroup chown in new user namespace"); |
ccb4cabe SH |
1449 | return false; |
1450 | } | |
1451 | ||
1452 | return true; | |
1453 | } | |
1454 | ||
8aa1044f SH |
1455 | /* cgroup-full:* is done, no need to create subdirs */ |
1456 | static bool cg_mount_needs_subdirs(int type) | |
1457 | { | |
1458 | if (type >= LXC_AUTO_CGROUP_FULL_RO) | |
1459 | return false; | |
a3926f6a | 1460 | |
8aa1044f SH |
1461 | return true; |
1462 | } | |
1463 | ||
886cac86 CB |
1464 | /* After $rootfs/sys/fs/container/controller/the/cg/path has been created, |
1465 | * remount controller ro if needed and bindmount the cgroupfs onto | |
1466 | * controll/the/cg/path. | |
8aa1044f | 1467 | */ |
6812d833 CB |
1468 | static int cg_legacy_mount_controllers(int type, struct hierarchy *h, |
1469 | char *controllerpath, char *cgpath, | |
1470 | const char *container_cgroup) | |
8aa1044f | 1471 | { |
5285689c | 1472 | int ret, remount_flags; |
886cac86 CB |
1473 | char *sourcepath; |
1474 | int flags = MS_BIND; | |
1475 | ||
8aa1044f | 1476 | if (type == LXC_AUTO_CGROUP_RO || type == LXC_AUTO_CGROUP_MIXED) { |
886cac86 CB |
1477 | ret = mount(controllerpath, controllerpath, "cgroup", MS_BIND, NULL); |
1478 | if (ret < 0) { | |
1479 | SYSERROR("Failed to bind mount \"%s\" onto \"%s\"", | |
1480 | controllerpath, controllerpath); | |
8aa1044f SH |
1481 | return -1; |
1482 | } | |
886cac86 | 1483 | |
5285689c CB |
1484 | remount_flags = add_required_remount_flags(controllerpath, |
1485 | controllerpath, | |
1486 | flags | MS_REMOUNT); | |
886cac86 | 1487 | ret = mount(controllerpath, controllerpath, "cgroup", |
8186c5c7 CB |
1488 | remount_flags | MS_REMOUNT | MS_BIND | MS_RDONLY, |
1489 | NULL); | |
886cac86 CB |
1490 | if (ret < 0) { |
1491 | SYSERROR("Failed to remount \"%s\" ro", controllerpath); | |
8aa1044f SH |
1492 | return -1; |
1493 | } | |
886cac86 | 1494 | |
8aa1044f SH |
1495 | INFO("Remounted %s read-only", controllerpath); |
1496 | } | |
886cac86 CB |
1497 | |
1498 | sourcepath = must_make_path(h->mountpoint, h->base_cgroup, | |
1499 | container_cgroup, NULL); | |
8aa1044f SH |
1500 | if (type == LXC_AUTO_CGROUP_RO) |
1501 | flags |= MS_RDONLY; | |
886cac86 CB |
1502 | |
1503 | ret = mount(sourcepath, cgpath, "cgroup", flags, NULL); | |
1504 | if (ret < 0) { | |
1505 | SYSERROR("Failed to mount \"%s\" onto \"%s\"", h->controllers[0], cgpath); | |
8aa1044f | 1506 | free(sourcepath); |
8aa1044f SH |
1507 | return -1; |
1508 | } | |
886cac86 | 1509 | INFO("Mounted \"%s\" onto \"%s\"", h->controllers[0], cgpath); |
f8c40ffa L |
1510 | |
1511 | if (flags & MS_RDONLY) { | |
5285689c CB |
1512 | remount_flags = add_required_remount_flags(sourcepath, cgpath, |
1513 | flags | MS_REMOUNT); | |
1514 | ret = mount(sourcepath, cgpath, "cgroup", remount_flags, NULL); | |
886cac86 CB |
1515 | if (ret < 0) { |
1516 | SYSERROR("Failed to remount \"%s\" ro", cgpath); | |
f8c40ffa | 1517 | free(sourcepath); |
f8c40ffa L |
1518 | return -1; |
1519 | } | |
5285689c | 1520 | INFO("Remounted %s read-only", cgpath); |
f8c40ffa L |
1521 | } |
1522 | ||
8aa1044f | 1523 | free(sourcepath); |
886cac86 | 1524 | INFO("Completed second stage cgroup automounts for \"%s\"", cgpath); |
8aa1044f SH |
1525 | return 0; |
1526 | } | |
1527 | ||
6812d833 CB |
1528 | /* __cg_mount_direct |
1529 | * | |
1530 | * Mount cgroup hierarchies directly without using bind-mounts. The main | |
1531 | * uses-cases are mounting cgroup hierarchies in cgroup namespaces and mounting | |
1532 | * cgroups for the LXC_AUTO_CGROUP_FULL option. | |
1533 | */ | |
1534 | static int __cg_mount_direct(int type, struct hierarchy *h, | |
1535 | const char *controllerpath) | |
b635e92d CB |
1536 | { |
1537 | int ret; | |
1538 | char *controllers = NULL; | |
a760603e CB |
1539 | char *fstype = "cgroup2"; |
1540 | unsigned long flags = 0; | |
b635e92d | 1541 | |
a760603e CB |
1542 | flags |= MS_NOSUID; |
1543 | flags |= MS_NOEXEC; | |
1544 | flags |= MS_NODEV; | |
1545 | flags |= MS_RELATIME; | |
1546 | ||
1547 | if (type == LXC_AUTO_CGROUP_RO || type == LXC_AUTO_CGROUP_FULL_RO) | |
1548 | flags |= MS_RDONLY; | |
1549 | ||
d6337a5f | 1550 | if (h->version != CGROUP2_SUPER_MAGIC) { |
a760603e CB |
1551 | controllers = lxc_string_join(",", (const char **)h->controllers, false); |
1552 | if (!controllers) | |
1553 | return -ENOMEM; | |
1554 | fstype = "cgroup"; | |
b635e92d CB |
1555 | } |
1556 | ||
a760603e | 1557 | ret = mount("cgroup", controllerpath, fstype, flags, controllers); |
b635e92d CB |
1558 | free(controllers); |
1559 | if (ret < 0) { | |
6812d833 | 1560 | SYSERROR("Failed to mount \"%s\" with cgroup filesystem type %s", controllerpath, fstype); |
b635e92d CB |
1561 | return -1; |
1562 | } | |
1563 | ||
6812d833 | 1564 | DEBUG("Mounted \"%s\" with cgroup filesystem type %s", controllerpath, fstype); |
b635e92d CB |
1565 | return 0; |
1566 | } | |
1567 | ||
6812d833 CB |
1568 | static inline int cg_mount_in_cgroup_namespace(int type, struct hierarchy *h, |
1569 | const char *controllerpath) | |
1570 | { | |
1571 | return __cg_mount_direct(type, h, controllerpath); | |
1572 | } | |
1573 | ||
1574 | static inline int cg_mount_cgroup_full(int type, struct hierarchy *h, | |
1575 | const char *controllerpath) | |
1576 | { | |
1577 | if (type < LXC_AUTO_CGROUP_FULL_RO || type > LXC_AUTO_CGROUP_FULL_MIXED) | |
1578 | return 0; | |
1579 | ||
1580 | return __cg_mount_direct(type, h, controllerpath); | |
1581 | } | |
1582 | ||
2202afc9 CB |
1583 | static bool cgfsng_mount(struct cgroup_ops *ops, struct lxc_handler *handler, |
1584 | const char *root, int type) | |
ccb4cabe | 1585 | { |
3f69fb12 | 1586 | int i, ret; |
8aa1044f | 1587 | char *tmpfspath = NULL; |
affd10fa | 1588 | bool has_cgns = false, retval = false, wants_force_mount = false; |
8aa1044f SH |
1589 | |
1590 | if ((type & LXC_AUTO_CGROUP_MASK) == 0) | |
1591 | return true; | |
1592 | ||
3f69fb12 SY |
1593 | if (type & LXC_AUTO_CGROUP_FORCE) { |
1594 | type &= ~LXC_AUTO_CGROUP_FORCE; | |
1595 | wants_force_mount = true; | |
1596 | } | |
b635e92d | 1597 | |
3f69fb12 SY |
1598 | if (!wants_force_mount){ |
1599 | if (!lxc_list_empty(&handler->conf->keepcaps)) | |
1600 | wants_force_mount = !in_caplist(CAP_SYS_ADMIN, &handler->conf->keepcaps); | |
1601 | else | |
1602 | wants_force_mount = in_caplist(CAP_SYS_ADMIN, &handler->conf->caps); | |
1603 | } | |
8aa1044f | 1604 | |
3f69fb12 SY |
1605 | has_cgns = cgns_supported(); |
1606 | if (has_cgns && !wants_force_mount) | |
1607 | return true; | |
8aa1044f SH |
1608 | |
1609 | if (type == LXC_AUTO_CGROUP_NOSPEC) | |
1610 | type = LXC_AUTO_CGROUP_MIXED; | |
1611 | else if (type == LXC_AUTO_CGROUP_FULL_NOSPEC) | |
1612 | type = LXC_AUTO_CGROUP_FULL_MIXED; | |
1613 | ||
1614 | /* Mount tmpfs */ | |
3f69fb12 | 1615 | tmpfspath = must_make_path(root, "/sys/fs/cgroup", NULL); |
6812d833 | 1616 | ret = safe_mount(NULL, tmpfspath, "tmpfs", |
3f69fb12 SY |
1617 | MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME, |
1618 | "size=10240k,mode=755", root); | |
1619 | if (ret < 0) | |
1620 | goto on_error; | |
8aa1044f | 1621 | |
2202afc9 | 1622 | for (i = 0; ops->hierarchies[i]; i++) { |
8aa1044f | 1623 | char *controllerpath, *path2; |
2202afc9 | 1624 | struct hierarchy *h = ops->hierarchies[i]; |
8aa1044f | 1625 | char *controller = strrchr(h->mountpoint, '/'); |
8aa1044f SH |
1626 | |
1627 | if (!controller) | |
1628 | continue; | |
1629 | controller++; | |
affd10fa | 1630 | |
8aa1044f SH |
1631 | controllerpath = must_make_path(tmpfspath, controller, NULL); |
1632 | if (dir_exists(controllerpath)) { | |
1633 | free(controllerpath); | |
1634 | continue; | |
1635 | } | |
affd10fa | 1636 | |
3f69fb12 SY |
1637 | ret = mkdir(controllerpath, 0755); |
1638 | if (ret < 0) { | |
8aa1044f SH |
1639 | SYSERROR("Error creating cgroup path: %s", controllerpath); |
1640 | free(controllerpath); | |
3f69fb12 | 1641 | goto on_error; |
8aa1044f | 1642 | } |
b635e92d | 1643 | |
3f69fb12 | 1644 | if (has_cgns && wants_force_mount) { |
b635e92d CB |
1645 | /* If cgroup namespaces are supported but the container |
1646 | * will not have CAP_SYS_ADMIN after it has started we | |
1647 | * need to mount the cgroups manually. | |
1648 | */ | |
3f69fb12 | 1649 | ret = cg_mount_in_cgroup_namespace(type, h, controllerpath); |
b635e92d | 1650 | free(controllerpath); |
3f69fb12 SY |
1651 | if (ret < 0) |
1652 | goto on_error; | |
1653 | ||
b635e92d CB |
1654 | continue; |
1655 | } | |
1656 | ||
6812d833 | 1657 | ret = cg_mount_cgroup_full(type, h, controllerpath); |
3f69fb12 | 1658 | if (ret < 0) { |
8aa1044f | 1659 | free(controllerpath); |
3f69fb12 | 1660 | goto on_error; |
8aa1044f | 1661 | } |
3f69fb12 | 1662 | |
8aa1044f SH |
1663 | if (!cg_mount_needs_subdirs(type)) { |
1664 | free(controllerpath); | |
1665 | continue; | |
1666 | } | |
3f69fb12 SY |
1667 | |
1668 | path2 = must_make_path(controllerpath, h->base_cgroup, | |
2202afc9 | 1669 | ops->container_cgroup, NULL); |
3f69fb12 SY |
1670 | ret = mkdir_p(path2, 0755); |
1671 | if (ret < 0) { | |
8aa1044f | 1672 | free(controllerpath); |
8e0c6620 | 1673 | free(path2); |
3f69fb12 | 1674 | goto on_error; |
8aa1044f | 1675 | } |
2f62fb00 | 1676 | |
6812d833 | 1677 | ret = cg_legacy_mount_controllers(type, h, controllerpath, |
2202afc9 | 1678 | path2, ops->container_cgroup); |
8aa1044f SH |
1679 | free(controllerpath); |
1680 | free(path2); | |
3f69fb12 SY |
1681 | if (ret < 0) |
1682 | goto on_error; | |
8aa1044f SH |
1683 | } |
1684 | retval = true; | |
1685 | ||
3f69fb12 | 1686 | on_error: |
8aa1044f SH |
1687 | free(tmpfspath); |
1688 | return retval; | |
ccb4cabe SH |
1689 | } |
1690 | ||
1691 | static int recursive_count_nrtasks(char *dirname) | |
1692 | { | |
74f96976 | 1693 | struct dirent *direntp; |
ccb4cabe SH |
1694 | DIR *dir; |
1695 | int count = 0, ret; | |
1696 | char *path; | |
1697 | ||
1698 | dir = opendir(dirname); | |
1699 | if (!dir) | |
1700 | return 0; | |
1701 | ||
74f96976 | 1702 | while ((direntp = readdir(dir))) { |
ccb4cabe SH |
1703 | struct stat mystat; |
1704 | ||
ccb4cabe SH |
1705 | if (!strcmp(direntp->d_name, ".") || |
1706 | !strcmp(direntp->d_name, "..")) | |
1707 | continue; | |
1708 | ||
1709 | path = must_make_path(dirname, direntp->d_name, NULL); | |
1710 | ||
1711 | if (lstat(path, &mystat)) | |
1712 | goto next; | |
1713 | ||
1714 | if (!S_ISDIR(mystat.st_mode)) | |
1715 | goto next; | |
1716 | ||
1717 | count += recursive_count_nrtasks(path); | |
13c49955 | 1718 | next: |
ccb4cabe SH |
1719 | free(path); |
1720 | } | |
1721 | ||
1722 | path = must_make_path(dirname, "cgroup.procs", NULL); | |
1723 | ret = lxc_count_file_lines(path); | |
1724 | if (ret != -1) | |
1725 | count += ret; | |
1726 | free(path); | |
1727 | ||
13c49955 | 1728 | (void)closedir(dir); |
ccb4cabe SH |
1729 | |
1730 | return count; | |
1731 | } | |
1732 | ||
2202afc9 | 1733 | static int cgfsng_nrtasks(struct cgroup_ops *ops) |
3135c5d4 | 1734 | { |
ccb4cabe | 1735 | int count; |
3135c5d4 | 1736 | char *path; |
ccb4cabe | 1737 | |
2202afc9 | 1738 | if (!ops->container_cgroup || !ops->hierarchies) |
ccb4cabe | 1739 | return -1; |
a3926f6a | 1740 | |
2202afc9 | 1741 | path = must_make_path(ops->hierarchies[0]->fullcgpath, NULL); |
ccb4cabe SH |
1742 | count = recursive_count_nrtasks(path); |
1743 | free(path); | |
1744 | return count; | |
1745 | } | |
1746 | ||
11c23867 | 1747 | /* Only root needs to escape to the cgroup of its init. */ |
2202afc9 | 1748 | static bool cgfsng_escape(const struct cgroup_ops *ops) |
ccb4cabe | 1749 | { |
ccb4cabe SH |
1750 | int i; |
1751 | ||
1752 | if (geteuid()) | |
1753 | return true; | |
1754 | ||
2202afc9 | 1755 | for (i = 0; ops->hierarchies[i]; i++) { |
11c23867 CB |
1756 | int ret; |
1757 | char *fullpath; | |
1758 | ||
2202afc9 CB |
1759 | fullpath = must_make_path(ops->hierarchies[i]->mountpoint, |
1760 | ops->hierarchies[i]->base_cgroup, | |
11c23867 | 1761 | "cgroup.procs", NULL); |
7cea5905 | 1762 | ret = lxc_write_to_file(fullpath, "0", 2, false, 0666); |
11c23867 CB |
1763 | if (ret != 0) { |
1764 | SYSERROR("Failed to escape to cgroup \"%s\"", fullpath); | |
ccb4cabe | 1765 | free(fullpath); |
6df334d1 | 1766 | return false; |
ccb4cabe SH |
1767 | } |
1768 | free(fullpath); | |
1769 | } | |
1770 | ||
6df334d1 | 1771 | return true; |
ccb4cabe SH |
1772 | } |
1773 | ||
2202afc9 | 1774 | static int cgfsng_num_hierarchies(struct cgroup_ops *ops) |
36662416 TA |
1775 | { |
1776 | int i; | |
1777 | ||
2202afc9 | 1778 | for (i = 0; ops->hierarchies[i]; i++) |
36662416 TA |
1779 | ; |
1780 | ||
1781 | return i; | |
1782 | } | |
1783 | ||
2202afc9 | 1784 | static bool cgfsng_get_hierarchies(struct cgroup_ops *ops, int n, char ***out) |
36662416 TA |
1785 | { |
1786 | int i; | |
1787 | ||
1788 | /* sanity check n */ | |
6b38e644 | 1789 | for (i = 0; i < n; i++) |
2202afc9 | 1790 | if (!ops->hierarchies[i]) |
36662416 | 1791 | return false; |
36662416 | 1792 | |
2202afc9 | 1793 | *out = ops->hierarchies[i]->controllers; |
36662416 TA |
1794 | |
1795 | return true; | |
1796 | } | |
1797 | ||
ccb4cabe SH |
1798 | #define THAWED "THAWED" |
1799 | #define THAWED_LEN (strlen(THAWED)) | |
1800 | ||
d6337a5f CB |
1801 | /* TODO: If the unified cgroup hierarchy grows a freezer controller this needs |
1802 | * to be adapted. | |
1803 | */ | |
2202afc9 | 1804 | static bool cgfsng_unfreeze(struct cgroup_ops *ops) |
ccb4cabe | 1805 | { |
d6337a5f | 1806 | int ret; |
ccb4cabe | 1807 | char *fullpath; |
d6337a5f | 1808 | struct hierarchy *h; |
ccb4cabe | 1809 | |
2202afc9 | 1810 | h = get_hierarchy(ops, "freezer"); |
457ca9aa | 1811 | if (!h) |
ccb4cabe | 1812 | return false; |
d6337a5f | 1813 | |
ccb4cabe | 1814 | fullpath = must_make_path(h->fullcgpath, "freezer.state", NULL); |
7cea5905 | 1815 | ret = lxc_write_to_file(fullpath, THAWED, THAWED_LEN, false, 0666); |
ccb4cabe | 1816 | free(fullpath); |
d6337a5f CB |
1817 | if (ret < 0) |
1818 | return false; | |
1819 | ||
ccb4cabe SH |
1820 | return true; |
1821 | } | |
1822 | ||
2202afc9 CB |
1823 | static const char *cgfsng_get_cgroup(struct cgroup_ops *ops, |
1824 | const char *controller) | |
ccb4cabe | 1825 | { |
d6337a5f CB |
1826 | struct hierarchy *h; |
1827 | ||
2202afc9 | 1828 | h = get_hierarchy(ops, controller); |
106f1f38 | 1829 | if (!h) { |
2202afc9 CB |
1830 | WARN("Failed to find hierarchy for controller \"%s\"", |
1831 | controller ? controller : "(null)"); | |
ccb4cabe | 1832 | return NULL; |
106f1f38 | 1833 | } |
ccb4cabe | 1834 | |
371f834d SH |
1835 | return h->fullcgpath ? h->fullcgpath + strlen(h->mountpoint) : NULL; |
1836 | } | |
1837 | ||
c40c8209 CB |
1838 | /* Given a cgroup path returned from lxc_cmd_get_cgroup_path, build a full path, |
1839 | * which must be freed by the caller. | |
371f834d | 1840 | */ |
c40c8209 CB |
1841 | static inline char *build_full_cgpath_from_monitorpath(struct hierarchy *h, |
1842 | const char *inpath, | |
1843 | const char *filename) | |
371f834d | 1844 | { |
371f834d | 1845 | return must_make_path(h->mountpoint, inpath, filename, NULL); |
ccb4cabe SH |
1846 | } |
1847 | ||
25f66a8f CB |
1848 | /* Technically, we're always at a delegation boundary here (This is especially |
1849 | * true when cgroup namespaces are available.). The reasoning is that in order | |
c2aed66d | 1850 | * for us to have been able to start a container in the first place the root |
25f66a8f | 1851 | * cgroup must have been a leaf node. Now, either the container's init system |
c2aed66d CB |
1852 | * has populated the cgroup and kept it as a leaf node or it has created |
1853 | * subtrees. In the former case we will simply attach to the leaf node we | |
1854 | * created when we started the container in the latter case we create our own | |
1855 | * cgroup for the attaching process. | |
1856 | */ | |
a3926f6a CB |
1857 | static int __cg_unified_attach(const struct hierarchy *h, const char *name, |
1858 | const char *lxcpath, const char *pidstr, | |
1859 | size_t pidstr_len, const char *controller) | |
c2aed66d CB |
1860 | { |
1861 | int ret; | |
1862 | size_t len; | |
1863 | int fret = -1, idx = 0; | |
1864 | char *base_path = NULL, *container_cgroup = NULL, *full_path = NULL; | |
1865 | ||
1866 | container_cgroup = lxc_cmd_get_cgroup_path(name, lxcpath, controller); | |
1867 | /* not running */ | |
1868 | if (!container_cgroup) | |
1869 | return 0; | |
1870 | ||
1871 | base_path = must_make_path(h->mountpoint, container_cgroup, NULL); | |
1872 | full_path = must_make_path(base_path, "cgroup.procs", NULL); | |
1873 | /* cgroup is populated */ | |
7cea5905 | 1874 | ret = lxc_write_to_file(full_path, pidstr, pidstr_len, false, 0666); |
c2aed66d CB |
1875 | if (ret < 0 && errno != EBUSY) |
1876 | goto on_error; | |
1877 | ||
1878 | if (ret == 0) | |
1879 | goto on_success; | |
1880 | ||
1881 | free(full_path); | |
1882 | ||
1883 | len = strlen(base_path) + sizeof("/lxc-1000") - 1 + | |
1884 | sizeof("/cgroup-procs") - 1; | |
1885 | full_path = must_alloc(len + 1); | |
1886 | do { | |
1887 | if (idx) | |
1888 | ret = snprintf(full_path, len + 1, "%s/lxc-%d", | |
1889 | base_path, idx); | |
1890 | else | |
1891 | ret = snprintf(full_path, len + 1, "%s/lxc", base_path); | |
1892 | if (ret < 0 || (size_t)ret >= len + 1) | |
1893 | goto on_error; | |
1894 | ||
1895 | ret = mkdir_p(full_path, 0755); | |
1896 | if (ret < 0 && errno != EEXIST) | |
1897 | goto on_error; | |
1898 | ||
3ebe2fbd | 1899 | (void)strlcat(full_path, "/cgroup.procs", len + 1); |
7cea5905 | 1900 | ret = lxc_write_to_file(full_path, pidstr, len, false, 0666); |
c2aed66d CB |
1901 | if (ret == 0) |
1902 | goto on_success; | |
1903 | ||
1904 | /* this is a non-leaf node */ | |
1905 | if (errno != EBUSY) | |
1906 | goto on_error; | |
1907 | ||
1908 | } while (++idx > 0 && idx < 1000); | |
1909 | ||
1910 | on_success: | |
1911 | if (idx < 1000) | |
1912 | fret = 0; | |
1913 | ||
1914 | on_error: | |
1915 | free(base_path); | |
1916 | free(container_cgroup); | |
1917 | free(full_path); | |
1918 | ||
1919 | return fret; | |
1920 | } | |
1921 | ||
2202afc9 CB |
1922 | static bool cgfsng_attach(struct cgroup_ops *ops, const char *name, |
1923 | const char *lxcpath, pid_t pid) | |
ccb4cabe | 1924 | { |
c2aed66d | 1925 | int i, len, ret; |
ccb4cabe | 1926 | char pidstr[25]; |
ccb4cabe SH |
1927 | |
1928 | len = snprintf(pidstr, 25, "%d", pid); | |
0cb10e11 | 1929 | if (len < 0 || len >= 25) |
ccb4cabe SH |
1930 | return false; |
1931 | ||
2202afc9 | 1932 | for (i = 0; ops->hierarchies[i]; i++) { |
c2aed66d CB |
1933 | char *path; |
1934 | char *fullpath = NULL; | |
2202afc9 | 1935 | struct hierarchy *h = ops->hierarchies[i]; |
ccb4cabe | 1936 | |
c2aed66d | 1937 | if (h->version == CGROUP2_SUPER_MAGIC) { |
a3926f6a CB |
1938 | ret = __cg_unified_attach(h, name, lxcpath, pidstr, len, |
1939 | h->controllers[0]); | |
c2aed66d CB |
1940 | if (ret < 0) |
1941 | return false; | |
1942 | ||
1943 | continue; | |
1944 | } | |
1945 | ||
ccb4cabe | 1946 | path = lxc_cmd_get_cgroup_path(name, lxcpath, h->controllers[0]); |
c2aed66d CB |
1947 | /* not running */ |
1948 | if (!path) | |
ccb4cabe SH |
1949 | continue; |
1950 | ||
371f834d | 1951 | fullpath = build_full_cgpath_from_monitorpath(h, path, "cgroup.procs"); |
71cb9afb | 1952 | free(path); |
7cea5905 | 1953 | ret = lxc_write_to_file(fullpath, pidstr, len, false, 0666); |
c2aed66d | 1954 | if (ret < 0) { |
ccb4cabe SH |
1955 | SYSERROR("Failed to attach %d to %s", (int)pid, fullpath); |
1956 | free(fullpath); | |
ccb4cabe SH |
1957 | return false; |
1958 | } | |
ccb4cabe SH |
1959 | free(fullpath); |
1960 | } | |
1961 | ||
ccb4cabe SH |
1962 | return true; |
1963 | } | |
1964 | ||
e2bd2b13 CB |
1965 | /* Called externally (i.e. from 'lxc-cgroup') to query cgroup limits. Here we |
1966 | * don't have a cgroup_data set up, so we ask the running container through the | |
1967 | * commands API for the cgroup path. | |
ccb4cabe | 1968 | */ |
2202afc9 CB |
1969 | static int cgfsng_get(struct cgroup_ops *ops, const char *filename, char *value, |
1970 | size_t len, const char *name, const char *lxcpath) | |
ccb4cabe | 1971 | { |
ccb4cabe | 1972 | int ret = -1; |
0069cc61 CB |
1973 | size_t controller_len; |
1974 | char *controller, *p, *path; | |
1975 | struct hierarchy *h; | |
ccb4cabe | 1976 | |
0069cc61 CB |
1977 | controller_len = strlen(filename); |
1978 | controller = alloca(controller_len + 1); | |
64e82f8b DJ |
1979 | (void)strlcpy(controller, filename, controller_len + 1); |
1980 | ||
0069cc61 CB |
1981 | p = strchr(controller, '.'); |
1982 | if (p) | |
ccb4cabe SH |
1983 | *p = '\0'; |
1984 | ||
0069cc61 CB |
1985 | path = lxc_cmd_get_cgroup_path(name, lxcpath, controller); |
1986 | /* not running */ | |
1987 | if (!path) | |
ccb4cabe SH |
1988 | return -1; |
1989 | ||
2202afc9 | 1990 | h = get_hierarchy(ops, controller); |
ccb4cabe | 1991 | if (h) { |
0069cc61 CB |
1992 | char *fullpath; |
1993 | ||
1994 | fullpath = build_full_cgpath_from_monitorpath(h, path, filename); | |
ccb4cabe SH |
1995 | ret = lxc_read_from_file(fullpath, value, len); |
1996 | free(fullpath); | |
1997 | } | |
ccb4cabe SH |
1998 | free(path); |
1999 | ||
2000 | return ret; | |
2001 | } | |
2002 | ||
eec533e3 CB |
2003 | /* Called externally (i.e. from 'lxc-cgroup') to set new cgroup limits. Here we |
2004 | * don't have a cgroup_data set up, so we ask the running container through the | |
2005 | * commands API for the cgroup path. | |
ccb4cabe | 2006 | */ |
2202afc9 CB |
2007 | static int cgfsng_set(struct cgroup_ops *ops, const char *filename, |
2008 | const char *value, const char *name, const char *lxcpath) | |
ccb4cabe | 2009 | { |
ccb4cabe | 2010 | int ret = -1; |
87777968 CB |
2011 | size_t controller_len; |
2012 | char *controller, *p, *path; | |
2013 | struct hierarchy *h; | |
ccb4cabe | 2014 | |
87777968 CB |
2015 | controller_len = strlen(filename); |
2016 | controller = alloca(controller_len + 1); | |
64e82f8b DJ |
2017 | (void)strlcpy(controller, filename, controller_len + 1); |
2018 | ||
87777968 CB |
2019 | p = strchr(controller, '.'); |
2020 | if (p) | |
ccb4cabe SH |
2021 | *p = '\0'; |
2022 | ||
87777968 CB |
2023 | path = lxc_cmd_get_cgroup_path(name, lxcpath, controller); |
2024 | /* not running */ | |
2025 | if (!path) | |
ccb4cabe SH |
2026 | return -1; |
2027 | ||
2202afc9 | 2028 | h = get_hierarchy(ops, controller); |
ccb4cabe | 2029 | if (h) { |
87777968 CB |
2030 | char *fullpath; |
2031 | ||
2032 | fullpath = build_full_cgpath_from_monitorpath(h, path, filename); | |
7cea5905 | 2033 | ret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666); |
ccb4cabe SH |
2034 | free(fullpath); |
2035 | } | |
ccb4cabe SH |
2036 | free(path); |
2037 | ||
2038 | return ret; | |
2039 | } | |
2040 | ||
91d1a13a | 2041 | /* take devices cgroup line |
72add155 SH |
2042 | * /dev/foo rwx |
2043 | * and convert it to a valid | |
2044 | * type major:minor mode | |
91d1a13a CB |
2045 | * line. Return <0 on error. Dest is a preallocated buffer long enough to hold |
2046 | * the output. | |
72add155 SH |
2047 | */ |
2048 | static int convert_devpath(const char *invalue, char *dest) | |
2049 | { | |
2a06d041 CB |
2050 | int n_parts; |
2051 | char *p, *path, type; | |
72add155 | 2052 | unsigned long minor, major; |
91d1a13a | 2053 | struct stat sb; |
2a06d041 CB |
2054 | int ret = -EINVAL; |
2055 | char *mode = NULL; | |
72add155 SH |
2056 | |
2057 | path = must_copy_string(invalue); | |
2058 | ||
91d1a13a CB |
2059 | /* Read path followed by mode. Ignore any trailing text. |
2060 | * A ' # comment' would be legal. Technically other text is not | |
2061 | * legal, we could check for that if we cared to. | |
72add155 SH |
2062 | */ |
2063 | for (n_parts = 1, p = path; *p && n_parts < 3; p++) { | |
2c2d6c49 SH |
2064 | if (*p != ' ') |
2065 | continue; | |
2066 | *p = '\0'; | |
91d1a13a | 2067 | |
2c2d6c49 SH |
2068 | if (n_parts != 1) |
2069 | break; | |
2070 | p++; | |
2071 | n_parts++; | |
91d1a13a | 2072 | |
2c2d6c49 SH |
2073 | while (*p == ' ') |
2074 | p++; | |
91d1a13a | 2075 | |
2c2d6c49 | 2076 | mode = p; |
91d1a13a | 2077 | |
2c2d6c49 SH |
2078 | if (*p == '\0') |
2079 | goto out; | |
72add155 | 2080 | } |
2c2d6c49 SH |
2081 | |
2082 | if (n_parts == 1) | |
72add155 | 2083 | goto out; |
72add155 SH |
2084 | |
2085 | ret = stat(path, &sb); | |
2086 | if (ret < 0) | |
2087 | goto out; | |
2088 | ||
72add155 SH |
2089 | mode_t m = sb.st_mode & S_IFMT; |
2090 | switch (m) { | |
2091 | case S_IFBLK: | |
2092 | type = 'b'; | |
2093 | break; | |
2094 | case S_IFCHR: | |
2095 | type = 'c'; | |
2096 | break; | |
2c2d6c49 | 2097 | default: |
91d1a13a | 2098 | ERROR("Unsupported device type %i for \"%s\"", m, path); |
72add155 SH |
2099 | ret = -EINVAL; |
2100 | goto out; | |
2101 | } | |
2c2d6c49 SH |
2102 | |
2103 | major = MAJOR(sb.st_rdev); | |
2104 | minor = MINOR(sb.st_rdev); | |
2105 | ret = snprintf(dest, 50, "%c %lu:%lu %s", type, major, minor, mode); | |
72add155 | 2106 | if (ret < 0 || ret >= 50) { |
2a06d041 CB |
2107 | ERROR("Error on configuration value \"%c %lu:%lu %s\" (max 50 " |
2108 | "chars)", type, major, minor, mode); | |
72add155 SH |
2109 | ret = -ENAMETOOLONG; |
2110 | goto out; | |
2111 | } | |
2112 | ret = 0; | |
2113 | ||
2114 | out: | |
2115 | free(path); | |
2116 | return ret; | |
2117 | } | |
2118 | ||
90e97284 CB |
2119 | /* Called from setup_limits - here we have the container's cgroup_data because |
2120 | * we created the cgroups. | |
ccb4cabe | 2121 | */ |
2202afc9 CB |
2122 | static int cg_legacy_set_data(struct cgroup_ops *ops, const char *filename, |
2123 | const char *value) | |
ccb4cabe | 2124 | { |
ab1a6cac | 2125 | size_t len; |
90e97284 | 2126 | char *fullpath, *p; |
1a0e70ac CB |
2127 | /* "b|c <2^64-1>:<2^64-1> r|w|m" = 47 chars max */ |
2128 | char converted_value[50]; | |
b3646d7e CB |
2129 | struct hierarchy *h; |
2130 | int ret = 0; | |
2131 | char *controller = NULL; | |
ccb4cabe | 2132 | |
ab1a6cac CB |
2133 | len = strlen(filename); |
2134 | controller = alloca(len + 1); | |
64e82f8b DJ |
2135 | (void)strlcpy(controller, filename, len + 1); |
2136 | ||
ab1a6cac CB |
2137 | p = strchr(controller, '.'); |
2138 | if (p) | |
ccb4cabe SH |
2139 | *p = '\0'; |
2140 | ||
c8bf519d | 2141 | if (strcmp("devices.allow", filename) == 0 && value[0] == '/') { |
72add155 SH |
2142 | ret = convert_devpath(value, converted_value); |
2143 | if (ret < 0) | |
c8bf519d | 2144 | return ret; |
72add155 | 2145 | value = converted_value; |
c8bf519d | 2146 | } |
2147 | ||
2202afc9 | 2148 | h = get_hierarchy(ops, controller); |
b3646d7e CB |
2149 | if (!h) { |
2150 | ERROR("Failed to setup limits for the \"%s\" controller. " | |
2151 | "The controller seems to be unused by \"cgfsng\" cgroup " | |
2152 | "driver or not enabled on the cgroup hierarchy", | |
2153 | controller); | |
d1953b26 | 2154 | errno = ENOENT; |
ab1a6cac | 2155 | return -ENOENT; |
ccb4cabe | 2156 | } |
b3646d7e CB |
2157 | |
2158 | fullpath = must_make_path(h->fullcgpath, filename, NULL); | |
7cea5905 | 2159 | ret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666); |
b3646d7e | 2160 | free(fullpath); |
ccb4cabe SH |
2161 | return ret; |
2162 | } | |
2163 | ||
2202afc9 | 2164 | static bool __cg_legacy_setup_limits(struct cgroup_ops *ops, |
a3926f6a CB |
2165 | struct lxc_list *cgroup_settings, |
2166 | bool do_devices) | |
ccb4cabe | 2167 | { |
c347df58 | 2168 | struct lxc_list *iterator, *next, *sorted_cgroup_settings; |
ccb4cabe | 2169 | struct lxc_cgroup *cg; |
ccb4cabe SH |
2170 | bool ret = false; |
2171 | ||
2172 | if (lxc_list_empty(cgroup_settings)) | |
2173 | return true; | |
2174 | ||
2175 | sorted_cgroup_settings = sort_cgroup_settings(cgroup_settings); | |
6b38e644 | 2176 | if (!sorted_cgroup_settings) |
ccb4cabe | 2177 | return false; |
ccb4cabe | 2178 | |
ccb4cabe SH |
2179 | lxc_list_for_each(iterator, sorted_cgroup_settings) { |
2180 | cg = iterator->elem; | |
2181 | ||
2182 | if (do_devices == !strncmp("devices", cg->subsystem, 7)) { | |
2202afc9 | 2183 | if (cg_legacy_set_data(ops, cg->subsystem, cg->value)) { |
ccb4cabe | 2184 | if (do_devices && (errno == EACCES || errno == EPERM)) { |
c347df58 CB |
2185 | WARN("Failed to set \"%s\" to \"%s\"", |
2186 | cg->subsystem, cg->value); | |
ccb4cabe SH |
2187 | continue; |
2188 | } | |
c347df58 CB |
2189 | WARN("Failed to set \"%s\" to \"%s\"", |
2190 | cg->subsystem, cg->value); | |
ccb4cabe SH |
2191 | goto out; |
2192 | } | |
c347df58 CB |
2193 | DEBUG("Set controller \"%s\" set to \"%s\"", |
2194 | cg->subsystem, cg->value); | |
ccb4cabe | 2195 | } |
ccb4cabe SH |
2196 | } |
2197 | ||
2198 | ret = true; | |
6b38e644 | 2199 | INFO("Limits for the legacy cgroup hierarchies have been setup"); |
ccb4cabe | 2200 | out: |
ccb4cabe SH |
2201 | lxc_list_for_each_safe(iterator, sorted_cgroup_settings, next) { |
2202 | lxc_list_del(iterator); | |
2203 | free(iterator); | |
2204 | } | |
2205 | free(sorted_cgroup_settings); | |
2206 | return ret; | |
2207 | } | |
2208 | ||
2202afc9 | 2209 | static bool __cg_unified_setup_limits(struct cgroup_ops *ops, |
a3926f6a | 2210 | struct lxc_list *cgroup_settings) |
6b38e644 CB |
2211 | { |
2212 | struct lxc_list *iterator; | |
2202afc9 | 2213 | struct hierarchy *h = ops->unified; |
6b38e644 CB |
2214 | |
2215 | if (lxc_list_empty(cgroup_settings)) | |
2216 | return true; | |
2217 | ||
2218 | if (!h) | |
2219 | return false; | |
2220 | ||
2221 | lxc_list_for_each(iterator, cgroup_settings) { | |
2222 | int ret; | |
2223 | char *fullpath; | |
2224 | struct lxc_cgroup *cg = iterator->elem; | |
2225 | ||
2226 | fullpath = must_make_path(h->fullcgpath, cg->subsystem, NULL); | |
7cea5905 | 2227 | ret = lxc_write_to_file(fullpath, cg->value, strlen(cg->value), false, 0666); |
6b38e644 CB |
2228 | free(fullpath); |
2229 | if (ret < 0) { | |
b2ac2cb7 CB |
2230 | SYSERROR("Failed to set \"%s\" to \"%s\"", |
2231 | cg->subsystem, cg->value); | |
6b38e644 CB |
2232 | return false; |
2233 | } | |
2234 | TRACE("Set \"%s\" to \"%s\"", cg->subsystem, cg->value); | |
2235 | } | |
2236 | ||
2237 | INFO("Limits for the unified cgroup hierarchy have been setup"); | |
2238 | return true; | |
2239 | } | |
2240 | ||
2202afc9 | 2241 | static bool cgfsng_setup_limits(struct cgroup_ops *ops, struct lxc_conf *conf, |
6b38e644 CB |
2242 | bool do_devices) |
2243 | { | |
2244 | bool bret; | |
2245 | ||
2202afc9 | 2246 | bret = __cg_legacy_setup_limits(ops, &conf->cgroup, do_devices); |
6b38e644 CB |
2247 | if (!bret) |
2248 | return false; | |
2249 | ||
2202afc9 CB |
2250 | return __cg_unified_setup_limits(ops, &conf->cgroup2); |
2251 | } | |
2252 | ||
b7b18fc5 CB |
2253 | static bool cgroup_use_wants_controllers(const struct cgroup_ops *ops, |
2254 | char **controllers) | |
2255 | { | |
2256 | char **cur_ctrl, **cur_use; | |
2257 | ||
2258 | if (!ops->cgroup_use) | |
2259 | return true; | |
2260 | ||
2261 | for (cur_ctrl = controllers; cur_ctrl && *cur_ctrl; cur_ctrl++) { | |
2262 | bool found = false; | |
2263 | ||
2264 | for (cur_use = ops->cgroup_use; cur_use && *cur_use; cur_use++) { | |
2265 | if (strcmp(*cur_use, *cur_ctrl) != 0) | |
2266 | continue; | |
2267 | ||
2268 | found = true; | |
2269 | break; | |
2270 | } | |
2271 | ||
2272 | if (found) | |
2273 | continue; | |
2274 | ||
2275 | return false; | |
2276 | } | |
2277 | ||
2278 | return true; | |
2279 | } | |
2280 | ||
2202afc9 CB |
2281 | /* At startup, parse_hierarchies finds all the info we need about cgroup |
2282 | * mountpoints and current cgroups, and stores it in @d. | |
2283 | */ | |
2284 | static bool cg_hybrid_init(struct cgroup_ops *ops) | |
2285 | { | |
2286 | int ret; | |
2287 | char *basecginfo; | |
2288 | bool will_escape; | |
2289 | FILE *f; | |
2290 | size_t len = 0; | |
2291 | char *line = NULL; | |
2292 | char **klist = NULL, **nlist = NULL; | |
2293 | ||
2294 | /* Root spawned containers escape the current cgroup, so use init's | |
2295 | * cgroups as our base in that case. | |
2296 | */ | |
2297 | will_escape = (geteuid() == 0); | |
2298 | if (will_escape) | |
2299 | basecginfo = read_file("/proc/1/cgroup"); | |
2300 | else | |
2301 | basecginfo = read_file("/proc/self/cgroup"); | |
2302 | if (!basecginfo) | |
2303 | return false; | |
2304 | ||
2305 | ret = get_existing_subsystems(&klist, &nlist); | |
2306 | if (ret < 0) { | |
2307 | ERROR("Failed to retrieve available legacy cgroup controllers"); | |
2308 | free(basecginfo); | |
2309 | return false; | |
2310 | } | |
2311 | ||
2312 | f = fopen("/proc/self/mountinfo", "r"); | |
2313 | if (!f) { | |
2314 | ERROR("Failed to open \"/proc/self/mountinfo\""); | |
2315 | free(basecginfo); | |
2316 | return false; | |
2317 | } | |
2318 | ||
2319 | lxc_cgfsng_print_basecg_debuginfo(basecginfo, klist, nlist); | |
2320 | ||
2321 | while (getline(&line, &len, f) != -1) { | |
2322 | int type; | |
2323 | bool writeable; | |
2324 | struct hierarchy *new; | |
2325 | char *base_cgroup = NULL, *mountpoint = NULL; | |
2326 | char **controller_list = NULL; | |
2327 | ||
2328 | type = get_cgroup_version(line); | |
2329 | if (type == 0) | |
2330 | continue; | |
2331 | ||
2332 | if (type == CGROUP2_SUPER_MAGIC && ops->unified) | |
2333 | continue; | |
2334 | ||
2335 | if (ops->cgroup_layout == CGROUP_LAYOUT_UNKNOWN) { | |
2336 | if (type == CGROUP2_SUPER_MAGIC) | |
2337 | ops->cgroup_layout = CGROUP_LAYOUT_UNIFIED; | |
2338 | else if (type == CGROUP_SUPER_MAGIC) | |
2339 | ops->cgroup_layout = CGROUP_LAYOUT_LEGACY; | |
2340 | } else if (ops->cgroup_layout == CGROUP_LAYOUT_UNIFIED) { | |
2341 | if (type == CGROUP_SUPER_MAGIC) | |
2342 | ops->cgroup_layout = CGROUP_LAYOUT_HYBRID; | |
2343 | } else if (ops->cgroup_layout == CGROUP_LAYOUT_LEGACY) { | |
2344 | if (type == CGROUP2_SUPER_MAGIC) | |
2345 | ops->cgroup_layout = CGROUP_LAYOUT_HYBRID; | |
2346 | } | |
2347 | ||
2348 | controller_list = cg_hybrid_get_controllers(klist, nlist, line, type); | |
2349 | if (!controller_list && type == CGROUP_SUPER_MAGIC) | |
2350 | continue; | |
2351 | ||
2352 | if (type == CGROUP_SUPER_MAGIC) | |
2353 | if (controller_list_is_dup(ops->hierarchies, controller_list)) | |
2354 | goto next; | |
2355 | ||
2356 | mountpoint = cg_hybrid_get_mountpoint(line); | |
2357 | if (!mountpoint) { | |
2358 | ERROR("Failed parsing mountpoint from \"%s\"", line); | |
2359 | goto next; | |
2360 | } | |
2361 | ||
2362 | if (type == CGROUP_SUPER_MAGIC) | |
2363 | base_cgroup = cg_hybrid_get_current_cgroup(basecginfo, controller_list[0], CGROUP_SUPER_MAGIC); | |
2364 | else | |
2365 | base_cgroup = cg_hybrid_get_current_cgroup(basecginfo, NULL, CGROUP2_SUPER_MAGIC); | |
2366 | if (!base_cgroup) { | |
2367 | ERROR("Failed to find current cgroup"); | |
2368 | goto next; | |
2369 | } | |
2370 | ||
2371 | trim(base_cgroup); | |
2372 | prune_init_scope(base_cgroup); | |
2373 | if (type == CGROUP2_SUPER_MAGIC) | |
2374 | writeable = test_writeable_v2(mountpoint, base_cgroup); | |
2375 | else | |
2376 | writeable = test_writeable_v1(mountpoint, base_cgroup); | |
2377 | if (!writeable) | |
2378 | goto next; | |
2379 | ||
2380 | if (type == CGROUP2_SUPER_MAGIC) { | |
2381 | char *cgv2_ctrl_path; | |
2382 | ||
2383 | cgv2_ctrl_path = must_make_path(mountpoint, base_cgroup, | |
2384 | "cgroup.controllers", | |
2385 | NULL); | |
2386 | ||
2387 | controller_list = cg_unified_get_controllers(cgv2_ctrl_path); | |
2388 | free(cgv2_ctrl_path); | |
2389 | if (!controller_list) { | |
2390 | controller_list = cg_unified_make_empty_controller(); | |
2391 | TRACE("No controllers are enabled for " | |
2392 | "delegation in the unified hierarchy"); | |
2393 | } | |
2394 | } | |
2395 | ||
b7b18fc5 CB |
2396 | /* Exclude all controllers that cgroup use does not want. */ |
2397 | if (!cgroup_use_wants_controllers(ops, controller_list)) | |
2398 | goto next; | |
2399 | ||
2202afc9 CB |
2400 | new = add_hierarchy(&ops->hierarchies, controller_list, mountpoint, base_cgroup, type); |
2401 | if (type == CGROUP2_SUPER_MAGIC && !ops->unified) | |
2402 | ops->unified = new; | |
2403 | ||
2404 | continue; | |
2405 | ||
2406 | next: | |
2407 | free_string_list(controller_list); | |
2408 | free(mountpoint); | |
2409 | free(base_cgroup); | |
2410 | } | |
2411 | ||
2412 | free_string_list(klist); | |
2413 | free_string_list(nlist); | |
2414 | ||
2415 | free(basecginfo); | |
2416 | ||
2417 | fclose(f); | |
2418 | free(line); | |
2419 | ||
2420 | TRACE("Writable cgroup hierarchies:"); | |
2421 | lxc_cgfsng_print_hierarchies(ops); | |
2422 | ||
2423 | /* verify that all controllers in cgroup.use and all crucial | |
2424 | * controllers are accounted for | |
2425 | */ | |
2426 | if (!all_controllers_found(ops)) | |
2427 | return false; | |
2428 | ||
2429 | return true; | |
2430 | } | |
2431 | ||
2432 | static int cg_is_pure_unified(void) | |
2433 | { | |
2434 | ||
2435 | int ret; | |
2436 | struct statfs fs; | |
2437 | ||
2438 | ret = statfs("/sys/fs/cgroup", &fs); | |
2439 | if (ret < 0) | |
2440 | return -ENOMEDIUM; | |
2441 | ||
2442 | if (is_fs_type(&fs, CGROUP2_SUPER_MAGIC)) | |
2443 | return CGROUP2_SUPER_MAGIC; | |
2444 | ||
2445 | return 0; | |
2446 | } | |
2447 | ||
2448 | /* Get current cgroup from /proc/self/cgroup for the cgroupfs v2 hierarchy. */ | |
2449 | static char *cg_unified_get_current_cgroup(void) | |
2450 | { | |
2451 | char *basecginfo, *base_cgroup; | |
2452 | bool will_escape; | |
2453 | char *copy = NULL; | |
2454 | ||
2455 | will_escape = (geteuid() == 0); | |
2456 | if (will_escape) | |
2457 | basecginfo = read_file("/proc/1/cgroup"); | |
2458 | else | |
2459 | basecginfo = read_file("/proc/self/cgroup"); | |
2460 | if (!basecginfo) | |
2461 | return NULL; | |
2462 | ||
2463 | base_cgroup = strstr(basecginfo, "0::/"); | |
2464 | if (!base_cgroup) | |
2465 | goto cleanup_on_err; | |
2466 | ||
2467 | base_cgroup = base_cgroup + 3; | |
2468 | copy = copy_to_eol(base_cgroup); | |
2469 | if (!copy) | |
2470 | goto cleanup_on_err; | |
2471 | ||
2472 | cleanup_on_err: | |
2473 | free(basecginfo); | |
2474 | if (copy) | |
2475 | trim(copy); | |
2476 | ||
2477 | return copy; | |
2478 | } | |
2479 | ||
2480 | static int cg_unified_init(struct cgroup_ops *ops) | |
2481 | { | |
2482 | int ret; | |
2483 | char *mountpoint, *subtree_path; | |
2484 | char **delegatable; | |
2485 | char *base_cgroup = NULL; | |
2486 | ||
2487 | ret = cg_is_pure_unified(); | |
2488 | if (ret == -ENOMEDIUM) | |
2489 | return -ENOMEDIUM; | |
2490 | ||
2491 | if (ret != CGROUP2_SUPER_MAGIC) | |
2492 | return 0; | |
2493 | ||
2494 | base_cgroup = cg_unified_get_current_cgroup(); | |
2495 | if (!base_cgroup) | |
2496 | return -EINVAL; | |
2497 | prune_init_scope(base_cgroup); | |
2498 | ||
2499 | /* We assume that we have already been given controllers to delegate | |
2500 | * further down the hierarchy. If not it is up to the user to delegate | |
2501 | * them to us. | |
2502 | */ | |
2503 | mountpoint = must_copy_string("/sys/fs/cgroup"); | |
2504 | subtree_path = must_make_path(mountpoint, base_cgroup, | |
2505 | "cgroup.subtree_control", NULL); | |
2506 | delegatable = cg_unified_get_controllers(subtree_path); | |
2507 | free(subtree_path); | |
2508 | if (!delegatable) | |
2509 | delegatable = cg_unified_make_empty_controller(); | |
2510 | if (!delegatable[0]) | |
2511 | TRACE("No controllers are enabled for delegation"); | |
2512 | ||
2513 | /* TODO: If the user requested specific controllers via lxc.cgroup.use | |
2514 | * we should verify here. The reason I'm not doing it right is that I'm | |
2515 | * not convinced that lxc.cgroup.use will be the future since it is a | |
2516 | * global property. I much rather have an option that lets you request | |
2517 | * controllers per container. | |
2518 | */ | |
2519 | ||
2520 | add_hierarchy(&ops->hierarchies, delegatable, mountpoint, base_cgroup, CGROUP2_SUPER_MAGIC); | |
2521 | ||
2522 | ops->cgroup_layout = CGROUP_LAYOUT_UNIFIED; | |
2523 | return CGROUP2_SUPER_MAGIC; | |
2524 | } | |
2525 | ||
2526 | static bool cg_init(struct cgroup_ops *ops) | |
2527 | { | |
2528 | int ret; | |
2529 | const char *tmp; | |
2530 | ||
2531 | tmp = lxc_global_config_value("lxc.cgroup.use"); | |
b7b18fc5 CB |
2532 | if (tmp) { |
2533 | char *chop, *cur, *pin; | |
2534 | char *saveptr = NULL; | |
2535 | ||
2536 | pin = must_copy_string(tmp); | |
2537 | chop = pin; | |
2538 | ||
2539 | for (; (cur = strtok_r(chop, ",", &saveptr)); chop = NULL) | |
2540 | must_append_string(&ops->cgroup_use, cur); | |
2541 | ||
2542 | free(pin); | |
2543 | } | |
2202afc9 CB |
2544 | |
2545 | ret = cg_unified_init(ops); | |
2546 | if (ret < 0) | |
2547 | return false; | |
2548 | ||
2549 | if (ret == CGROUP2_SUPER_MAGIC) | |
2550 | return true; | |
2551 | ||
2552 | return cg_hybrid_init(ops); | |
2553 | } | |
2554 | ||
2555 | static bool cgfsng_data_init(struct cgroup_ops *ops) | |
2556 | { | |
2557 | const char *cgroup_pattern; | |
2558 | ||
2559 | /* copy system-wide cgroup information */ | |
2560 | cgroup_pattern = lxc_global_config_value("lxc.cgroup.pattern"); | |
2561 | if (!cgroup_pattern) { | |
2562 | /* lxc.cgroup.pattern is only NULL on error. */ | |
2563 | ERROR("Failed to retrieve cgroup pattern"); | |
2564 | return false; | |
2565 | } | |
2566 | ops->cgroup_pattern = must_copy_string(cgroup_pattern); | |
2567 | ||
2568 | return true; | |
2569 | } | |
2570 | ||
2571 | struct cgroup_ops *cgfsng_ops_init(void) | |
2572 | { | |
2573 | struct cgroup_ops *cgfsng_ops; | |
2574 | ||
2575 | cgfsng_ops = malloc(sizeof(struct cgroup_ops)); | |
2576 | if (!cgfsng_ops) | |
2577 | return NULL; | |
2578 | ||
2579 | memset(cgfsng_ops, 0, sizeof(struct cgroup_ops)); | |
2580 | cgfsng_ops->cgroup_layout = CGROUP_LAYOUT_UNKNOWN; | |
2581 | ||
2582 | if (!cg_init(cgfsng_ops)) { | |
2583 | free(cgfsng_ops); | |
2584 | return NULL; | |
2585 | } | |
2586 | ||
2587 | cgfsng_ops->data_init = cgfsng_data_init; | |
2588 | cgfsng_ops->destroy = cgfsng_destroy; | |
2589 | cgfsng_ops->create = cgfsng_create; | |
2590 | cgfsng_ops->enter = cgfsng_enter; | |
2591 | cgfsng_ops->escape = cgfsng_escape; | |
2592 | cgfsng_ops->num_hierarchies = cgfsng_num_hierarchies; | |
2593 | cgfsng_ops->get_hierarchies = cgfsng_get_hierarchies; | |
2594 | cgfsng_ops->get_cgroup = cgfsng_get_cgroup; | |
2595 | cgfsng_ops->get = cgfsng_get; | |
2596 | cgfsng_ops->set = cgfsng_set; | |
2597 | cgfsng_ops->unfreeze = cgfsng_unfreeze; | |
2598 | cgfsng_ops->setup_limits = cgfsng_setup_limits; | |
2599 | cgfsng_ops->driver = "cgfsng"; | |
2600 | cgfsng_ops->version = "1.0.0"; | |
2601 | cgfsng_ops->attach = cgfsng_attach; | |
2602 | cgfsng_ops->chown = cgfsng_chown; | |
2603 | cgfsng_ops->mount = cgfsng_mount; | |
2604 | cgfsng_ops->nrtasks = cgfsng_nrtasks; | |
2605 | ||
2606 | return cgfsng_ops; | |
2607 | } |