cgfsng: respect lxc.cgroup.use

If lxc.cgroup.use is specified then only those controllers listed in there will
be used others will be skipped.

Closes #2447.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 6d472d6a7d337c7ef8557b4445fc368789a592e1..935b868b98936eee992f80c988d2c3d561e51b34 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -695,8 +695,7 @@ static bool controller_found(struct hierarchy **hlist, char *entry)
  */
 static bool all_controllers_found(struct cgroup_ops *ops)
 {
-       char *p;
-       char *saveptr = NULL;
+       char **cur;
        struct hierarchy **hlist = ops->hierarchies;
 
        if (!controller_found(hlist, "freezer")) {
@@ -707,9 +706,9 @@ static bool all_controllers_found(struct cgroup_ops *ops)
        if (!ops->cgroup_use)
                return true;
 
-       for (; (p = strtok_r(ops->cgroup_use, ",", &saveptr)); ops->cgroup_use = NULL)
-               if (!controller_found(hlist, p)) {
-                       ERROR("No %s controller mountpoint found", p);
+       for (cur = ops->cgroup_use; cur && *cur; cur++)
+               if (!controller_found(hlist, *cur)) {
+                       ERROR("No %s controller mountpoint found", *cur);
                        return false;
                }
 
@@ -2251,6 +2250,34 @@ static bool cgfsng_setup_limits(struct cgroup_ops *ops, struct lxc_conf *conf,
        return __cg_unified_setup_limits(ops, &conf->cgroup2);
 }
 
+static bool cgroup_use_wants_controllers(const struct cgroup_ops *ops,
+                                      char **controllers)
+{
+       char **cur_ctrl, **cur_use;
+
+       if (!ops->cgroup_use)
+               return true;
+
+       for (cur_ctrl = controllers; cur_ctrl && *cur_ctrl; cur_ctrl++) {
+               bool found = false;
+
+               for (cur_use = ops->cgroup_use; cur_use && *cur_use; cur_use++) {
+                       if (strcmp(*cur_use, *cur_ctrl) != 0)
+                               continue;
+
+                       found = true;
+                       break;
+               }
+
+               if (found)
+                       continue;
+
+               return false;
+       }
+
+       return true;
+}
+
 /* At startup, parse_hierarchies finds all the info we need about cgroup
  * mountpoints and current cgroups, and stores it in @d.
  */
@@ -2366,6 +2393,10 @@ static bool cg_hybrid_init(struct cgroup_ops *ops)
                        }
                }
 
+               /* Exclude all controllers that cgroup use does not want. */
+               if (!cgroup_use_wants_controllers(ops, controller_list))
+                       goto next;
+
                new = add_hierarchy(&ops->hierarchies, controller_list, mountpoint, base_cgroup, type);
                if (type == CGROUP2_SUPER_MAGIC && !ops->unified)
                        ops->unified = new;
@@ -2498,8 +2529,18 @@ static bool cg_init(struct cgroup_ops *ops)
        const char *tmp;
 
        tmp = lxc_global_config_value("lxc.cgroup.use");
-       if (tmp)
-               ops->cgroup_use = must_copy_string(tmp);
+       if (tmp) {
+               char *chop, *cur, *pin;
+               char *saveptr = NULL;
+
+               pin = must_copy_string(tmp);
+               chop = pin;
+
+               for (; (cur = strtok_r(chop, ",", &saveptr)); chop = NULL)
+                       must_append_string(&ops->cgroup_use, cur);
+
+               free(pin);
+       }
 
        ret = cg_unified_init(ops);
        if (ret < 0)

diff --git a/src/lxc/cgroups/cgroup.c b/src/lxc/cgroups/cgroup.c
index afb2a9e88082fb2831861e6a1d2cf155d7c547cb..f86bd9be87577e62b74ffc0fb86bc6f83160d77a 100644 (file)
--- a/src/lxc/cgroups/cgroup.c
+++ b/src/lxc/cgroups/cgroup.c
@@ -21,6 +21,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
+#include <stdlib.h>
 #include <unistd.h>
 #include <sys/types.h>
 
@@ -63,12 +64,15 @@ struct cgroup_ops *cgroup_init(struct lxc_handler *handler)
 
 void cgroup_exit(struct cgroup_ops *ops)
 {
+       char **cur;
        struct hierarchy **it;
 
        if (!ops)
                return;
 
-       free(ops->cgroup_use);
+       for (cur = ops->cgroup_use; cur && *cur; cur++)
+               free(*cur);
+
        free(ops->cgroup_pattern);
        free(ops->container_cgroup);
 

diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
index eae4ca06e4525b905ebd119e64acedc2b209ac12..8f4af06c184ddf1052eab0133b381d96846548ba 100644 (file)
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -89,7 +89,7 @@ struct cgroup_ops {
        const char *version;
 
        /* What controllers is the container supposed to use. */
-       char *cgroup_use;
+       char **cgroup_use;
        char *cgroup_pattern;
        char *container_cgroup;