3 * Copyright © 2014,2015 Canonical, Inc
4 * Author: Serge Hallyn <serge.hallyn@ubuntu.com>
6 * See COPYING file for details.
9 /* XXX TODO - in debian/control, drop libcgmanager-dev,
10 and add libdbus-glib-1-dev, and libglib2.0-dev to build-deps.
11 make sure lxcfs_mkdir is added to the installed files */
12 #define FUSE_USE_VERSION 26
26 #include <linux/sched.h>
27 #include <sys/socket.h>
28 #include <sys/mount.h>
31 #include "cgmanager.h"
32 #include "config.h" // for VERSION
36 * a null-terminated list of the mounted subsystems. We
37 * detect this at startup.
41 #define LXCFS_DATA ((struct lxcfs_state *) fuse_get_context()->private_data)
46 LXC_TYPE_PROC_MEMINFO
,
47 LXC_TYPE_PROC_CPUINFO
,
50 LXC_TYPE_PROC_DISKSTATS
,
58 char *buf
; // unused as of yet
60 int size
; //actual data size
63 /* reserve buffer size, for cpuall in /proc/stat */
64 #define BUF_RESERVE_SIZE 256
68 * src: a pointer to a char* in which ot append the pid.
69 * sz: the number of characters printed so far, minus trailing \0.
70 * asz: the allocated size so far
71 * pid: the pid to append
73 static void must_strcat_pid(char **src
, size_t *sz
, size_t *asz
, pid_t pid
)
78 sprintf(tmp
, "%d\n", (int)pid
);
82 d
= malloc(BUF_RESERVE_SIZE
);
85 *asz
= BUF_RESERVE_SIZE
;
86 } else if (strlen(tmp
) + sz
+ 1 >= asz
) {
88 d
= realloc(d
, *asz
+ BUF_RESERVE_SIZE
);
91 *asz
+= BUF_RESERVE_SIZE
;
93 memcpy(d
+*sz
, tmp
, strlen(tmp
));
98 static char *must_copy_string(void *parent
, const char *str
)
111 * TODO - return value should denote whether child exited with failure
112 * so callers can return errors. Esp read/write of tasks and cgroup.procs
114 static int wait_for_pid(pid_t pid
)
119 ret
= waitpid(pid
, &status
, 0);
127 if (!WIFEXITED(status
) || WEXITSTATUS(status
) != 0)
133 * Given a open file * to /proc/pid/{u,g}id_map, and an id
134 * valid in the caller's namespace, return the id mapped into
136 * Returns the mapped id, or -1 on error.
139 convert_id_to_ns(FILE *idfile
, unsigned int in_id
)
141 unsigned int nsuid
, // base id for a range in the idfile's namespace
142 hostuid
, // base id for a range in the caller's namespace
143 count
; // number of ids in this range
147 fseek(idfile
, 0L, SEEK_SET
);
148 while (fgets(line
, 400, idfile
)) {
149 ret
= sscanf(line
, "%u %u %u\n", &nsuid
, &hostuid
, &count
);
152 if (hostuid
+ count
< hostuid
|| nsuid
+ count
< nsuid
) {
154 * uids wrapped around - unexpected as this is a procfile,
157 fprintf(stderr
, "pid wrapparound at entry %u %u %u in %s\n",
158 nsuid
, hostuid
, count
, line
);
161 if (hostuid
<= in_id
&& hostuid
+count
> in_id
) {
163 * now since hostuid <= in_id < hostuid+count, and
164 * hostuid+count and nsuid+count do not wrap around,
165 * we know that nsuid+(in_id-hostuid) which must be
166 * less that nsuid+(count) must not wrap around
168 return (in_id
- hostuid
) + nsuid
;
177 * for is_privileged_over,
178 * specify whether we require the calling uid to be root in his
181 #define NS_ROOT_REQD true
182 #define NS_ROOT_OPT false
186 static bool is_privileged_over(pid_t pid
, uid_t uid
, uid_t victim
, bool req_ns_root
)
193 if (victim
== -1 || uid
== -1)
197 * If the request is one not requiring root in the namespace,
198 * then having the same uid suffices. (i.e. uid 1000 has write
199 * access to files owned by uid 1000
201 if (!req_ns_root
&& uid
== victim
)
204 ret
= snprintf(fpath
, PROCLEN
, "/proc/%d/uid_map", pid
);
205 if (ret
< 0 || ret
>= PROCLEN
)
207 FILE *f
= fopen(fpath
, "r");
211 /* if caller's not root in his namespace, reject */
212 nsuid
= convert_id_to_ns(f
, uid
);
217 * If victim is not mapped into caller's ns, reject.
218 * XXX I'm not sure this check is needed given that fuse
219 * will be sending requests where the vfs has converted
221 nsuid
= convert_id_to_ns(f
, victim
);
232 static bool perms_include(int fmode
, mode_t req_mode
)
236 switch (req_mode
& O_ACCMODE
) {
244 r
= S_IROTH
| S_IWOTH
;
249 return ((fmode
& r
) == r
);
252 static char *get_next_cgroup_dir(const char *taskcg
, const char *querycg
)
256 if (strlen(taskcg
) <= strlen(querycg
)) {
257 fprintf(stderr
, "%s: I was fed bad input\n", __func__
);
261 if (strcmp(querycg
, "/") == 0)
262 start
= strdup(taskcg
+ 1);
264 start
= strdup(taskcg
+ strlen(querycg
) + 1);
267 end
= strchr(start
, '/');
273 static void stripnewline(char *x
)
275 size_t l
= strlen(x
);
276 if (l
&& x
[l
-1] == '\n')
280 static char *get_pid_cgroup(pid_t pid
, const char *contrl
)
289 ret
= snprintf(fnam
, PROCLEN
, "/proc/%d/cgroup", pid
);
290 if (ret
< 0 || ret
>= PROCLEN
)
292 if (!(f
= fopen(fnam
, "r")))
295 while (getline(&line
, &len
, f
) != -1) {
299 c1
= strchr(line
, ':');
303 c2
= strchr(c1
, ':');
307 if (strcmp(c1
, contrl
) != 0)
324 * check whether a fuse context may access a cgroup dir or file
326 * If file is not null, it is a cgroup file to check under cg.
327 * If file is null, then we are checking perms on cg itself.
329 * For files we can check the mode of the list_keys result.
330 * For cgroups, we must make assumptions based on the files under the
331 * cgroup, because cgmanager doesn't tell us ownership/perms of cgroups
334 static bool fc_may_access(struct fuse_context
*fc
, const char *contrl
, const char *cg
, const char *file
, mode_t mode
)
336 struct cgm_keys
**list
= NULL
;
346 if (!cgm_list_keys(contrl
, cg
, &list
))
348 for (i
= 0; list
[i
]; i
++) {
349 if (strcmp(list
[i
]->name
, file
) == 0) {
350 struct cgm_keys
*k
= list
[i
];
351 if (is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
)) {
352 if (perms_include(k
->mode
>> 6, mode
)) {
357 if (fc
->gid
== k
->gid
) {
358 if (perms_include(k
->mode
>> 3, mode
)) {
363 ret
= perms_include(k
->mode
, mode
);
373 #define INITSCOPE "/init.scope"
374 static void prune_init_slice(char *cg
)
377 point
= cg
+ strlen(cg
) - strlen(INITSCOPE
);
380 if (strcmp(point
, INITSCOPE
) == 0) {
389 * If caller is in /a/b/c/d, he may only act on things under cg=/a/b/c/d.
390 * If caller is in /a, he may act on /a/b, but not on /b.
391 * if the answer is false and nextcg is not NULL, then *nextcg will point
392 * to a string containing the next cgroup directory under cg, which must be
393 * freed by the caller.
395 static bool caller_is_in_ancestor(pid_t pid
, const char *contrl
, const char *cg
, char **nextcg
)
404 ret
= snprintf(fnam
, PROCLEN
, "/proc/%d/cgroup", pid
);
405 if (ret
< 0 || ret
>= PROCLEN
)
407 if (!(f
= fopen(fnam
, "r")))
410 while (getline(&line
, &len
, f
) != -1) {
411 char *c1
, *c2
, *linecmp
;
414 c1
= strchr(line
, ':');
418 c2
= strchr(c1
, ':');
422 if (strcmp(c1
, contrl
) != 0)
426 prune_init_slice(c2
);
428 * callers pass in '/' for root cgroup, otherwise they pass
429 * in a cgroup without leading '/'
431 linecmp
= *cg
== '/' ? c2
: c2
+1;
432 if (strncmp(linecmp
, cg
, strlen(linecmp
)) != 0) {
434 *nextcg
= get_next_cgroup_dir(linecmp
, cg
);
448 * given /cgroup/freezer/a/b, return "freezer".
449 * the returned char* should NOT be freed.
451 static char *pick_controller_from_path(struct fuse_context
*fc
, const char *path
)
456 if (strlen(path
) < 9)
458 if (*(path
+7) != '/')
464 slash
= strstr(contr
, "/");
468 /* verify that it is a subsystem */
469 char **list
= LXCFS_DATA
? LXCFS_DATA
->subsystems
: NULL
;
473 for (i
= 0; list
[i
]; i
++) {
474 if (strcmp(list
[i
], contr
) == 0)
481 * Find the start of cgroup in /cgroup/controller/the/cgroup/path
482 * Note that the returned value may include files (keynames) etc
484 static const char *find_cgroup_in_path(const char *path
)
488 if (strlen(path
) < 9)
490 p1
= strstr(path
+8, "/");
496 static bool is_child_cgroup(const char *contr
, const char *dir
, const char *f
)
507 if (!cgm_list_children(contr
, dir
, &list
))
509 for (i
= 0; list
[i
]; i
++) {
510 if (strcmp(list
[i
], f
) == 0) {
517 for (i
= 0; list
[i
]; i
++)
523 static struct cgm_keys
*get_cgroup_key(const char *contr
, const char *dir
, const char *f
)
525 struct cgm_keys
**list
= NULL
;
526 struct cgm_keys
*k
= NULL
;
533 if (!cgm_list_keys(contr
, dir
, &list
))
535 for (i
= 0; list
[i
]; i
++) {
536 if (strcmp(list
[i
]->name
, f
) == 0) {
538 // free all the keys we are not returning
540 for (j
= 0; list
[j
]; j
++) {
554 * dir should be freed, file not
556 static void get_cgdir_and_path(const char *cg
, char **dir
, char **file
)
563 *file
= strrchr(cg
, '/');
568 p
= strrchr(*dir
, '/');
573 * FUSE ops for /cgroup
576 static int cg_getattr(const char *path
, struct stat
*sb
)
579 struct fuse_context
*fc
= fuse_get_context();
581 char *fpath
= NULL
, *path1
, *path2
;
582 struct cgm_keys
*k
= NULL
;
584 const char *controller
= NULL
;
591 memset(sb
, 0, sizeof(struct stat
));
593 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
596 sb
->st_uid
= sb
->st_gid
= 0;
597 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
600 if (strcmp(path
, "/cgroup") == 0) {
601 sb
->st_mode
= S_IFDIR
| 00755;
606 controller
= pick_controller_from_path(fc
, path
);
609 cgroup
= find_cgroup_in_path(path
);
611 /* this is just /cgroup/controller, return it as a dir */
612 sb
->st_mode
= S_IFDIR
| 00755;
617 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
627 /* check that cgcopy is either a child cgroup of cgdir, or listed in its keys.
628 * Then check that caller's cgroup is under path if fpath is a child
629 * cgroup, or cgdir if fpath is a file */
631 if (is_child_cgroup(controller
, path1
, path2
)) {
632 if (!caller_is_in_ancestor(fc
->pid
, controller
, cgroup
, NULL
)) {
633 /* this is just /cgroup/controller, return it as a dir */
634 sb
->st_mode
= S_IFDIR
| 00555;
639 if (!fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
)) {
644 // get uid, gid, from '/tasks' file and make up a mode
645 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
646 sb
->st_mode
= S_IFDIR
| 00755;
647 k
= get_cgroup_key(controller
, cgroup
, "tasks");
649 sb
->st_uid
= sb
->st_gid
= 0;
660 if ((k
= get_cgroup_key(controller
, path1
, path2
)) != NULL
) {
661 sb
->st_mode
= S_IFREG
| k
->mode
;
667 if (!caller_is_in_ancestor(fc
->pid
, controller
, path1
, NULL
))
669 if (!fc_may_access(fc
, controller
, path1
, path2
, O_RDONLY
))
681 * TODO - cache these results in a table for use in opendir, free
684 static int cg_opendir(const char *path
, struct fuse_file_info
*fi
)
686 struct fuse_context
*fc
= fuse_get_context();
688 struct file_info
*dir_info
;
689 char *controller
= NULL
;
694 if (strcmp(path
, "/cgroup") == 0) {
698 // return list of keys for the controller, and list of child cgroups
699 controller
= pick_controller_from_path(fc
, path
);
703 cgroup
= find_cgroup_in_path(path
);
705 /* this is just /cgroup/controller, return its contents */
710 if (cgroup
&& !fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
)) {
714 /* we'll free this at cg_releasedir */
715 dir_info
= malloc(sizeof(*dir_info
));
718 dir_info
->controller
= must_copy_string(dir_info
, controller
);
719 dir_info
->cgroup
= must_copy_string(dir_info
, cgroup
);
720 dir_info
->type
= LXC_TYPE_CGDIR
;
721 dir_info
->buf
= NULL
;
722 dir_info
->file
= NULL
;
723 dir_info
->buflen
= 0;
725 fi
->fh
= (unsigned long)dir_info
;
729 static int cg_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
730 struct fuse_file_info
*fi
)
732 struct file_info
*d
= (struct file_info
*)fi
->fh
;
733 struct cgm_keys
**list
= NULL
;
736 struct fuse_context
*fc
= fuse_get_context();
739 if (d
->type
!= LXC_TYPE_CGDIR
) {
740 fprintf(stderr
, "Internal error: file cache info used in readdir\n");
743 if (!d
->cgroup
&& !d
->controller
) {
744 // ls /var/lib/lxcfs/cgroup - just show list of controllers
745 char **list
= LXCFS_DATA
? LXCFS_DATA
->subsystems
: NULL
;
751 for (i
= 0; list
[i
]; i
++) {
752 if (filler(buf
, list
[i
], NULL
, 0) != 0) {
759 if (!cgm_list_keys(d
->controller
, d
->cgroup
, &list
)) {
760 // not a valid cgroup
765 if (!caller_is_in_ancestor(fc
->pid
, d
->controller
, d
->cgroup
, &nextcg
)) {
768 ret
= filler(buf
, nextcg
, NULL
, 0);
779 for (i
= 0; list
[i
]; i
++) {
780 if (filler(buf
, list
[i
]->name
, NULL
, 0) != 0) {
786 // now get the list of child cgroups
788 if (!cgm_list_children(d
->controller
, d
->cgroup
, &clist
)) {
792 for (i
= 0; clist
[i
]; i
++) {
793 if (filler(buf
, clist
[i
], NULL
, 0) != 0) {
803 for (i
= 0; clist
[i
]; i
++)
810 static void do_release_file_info(struct file_info
*f
)
821 static int cg_releasedir(const char *path
, struct fuse_file_info
*fi
)
823 struct file_info
*d
= (struct file_info
*)fi
->fh
;
825 do_release_file_info(d
);
829 static int cg_open(const char *path
, struct fuse_file_info
*fi
)
832 char *fpath
= NULL
, *path1
, *path2
, * cgdir
= NULL
, *controller
;
833 struct cgm_keys
*k
= NULL
;
834 struct file_info
*file_info
;
835 struct fuse_context
*fc
= fuse_get_context();
841 controller
= pick_controller_from_path(fc
, path
);
844 cgroup
= find_cgroup_in_path(path
);
848 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
857 k
= get_cgroup_key(controller
, path1
, path2
);
864 if (!fc_may_access(fc
, controller
, path1
, path2
, fi
->flags
)) {
865 // should never get here
870 /* we'll free this at cg_release */
871 file_info
= malloc(sizeof(*file_info
));
876 file_info
->controller
= must_copy_string(file_info
, controller
);
877 file_info
->cgroup
= must_copy_string(file_info
, path1
);
878 file_info
->file
= must_copy_string(file_info
, path2
);
879 file_info
->type
= LXC_TYPE_CGFILE
;
880 file_info
->buf
= NULL
;
881 file_info
->buflen
= 0;
883 fi
->fh
= (unsigned long)file_info
;
891 static int cg_release(const char *path
, struct fuse_file_info
*fi
)
893 struct file_info
*f
= (struct file_info
*)fi
->fh
;
895 do_release_file_info(f
);
899 static int msgrecv(int sockfd
, void *buf
, size_t len
)
905 FD_SET(sockfd
, &rfds
);
909 if (select(sockfd
+1, &rfds
, NULL
, NULL
, &tv
) <= 0)
911 return recv(sockfd
, buf
, len
, MSG_DONTWAIT
);
914 #define SEND_CREDS_OK 0
915 #define SEND_CREDS_NOTSK 1
916 #define SEND_CREDS_FAIL 2
917 static int send_creds(int sock
, struct ucred
*cred
, char v
, bool pingfirst
)
919 struct msghdr msg
= { 0 };
921 struct cmsghdr
*cmsg
;
922 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
927 if (msgrecv(sock
, buf
, 1) != 1) {
928 fprintf(stderr
, "%s: Error getting reply from server over socketpair\n",
930 return SEND_CREDS_FAIL
;
934 msg
.msg_control
= cmsgbuf
;
935 msg
.msg_controllen
= sizeof(cmsgbuf
);
937 cmsg
= CMSG_FIRSTHDR(&msg
);
938 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct ucred
));
939 cmsg
->cmsg_level
= SOL_SOCKET
;
940 cmsg
->cmsg_type
= SCM_CREDENTIALS
;
941 memcpy(CMSG_DATA(cmsg
), cred
, sizeof(*cred
));
948 iov
.iov_len
= sizeof(buf
);
952 if (sendmsg(sock
, &msg
, 0) < 0) {
953 fprintf(stderr
, "%s: failed at sendmsg: %s\n", __func__
,
956 return SEND_CREDS_NOTSK
;
957 return SEND_CREDS_FAIL
;
960 return SEND_CREDS_OK
;
963 static bool recv_creds(int sock
, struct ucred
*cred
, char *v
)
965 struct msghdr msg
= { 0 };
967 struct cmsghdr
*cmsg
;
968 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
981 if (setsockopt(sock
, SOL_SOCKET
, SO_PASSCRED
, &optval
, sizeof(optval
)) == -1) {
982 fprintf(stderr
, "Failed to set passcred: %s\n", strerror(errno
));
986 if (write(sock
, buf
, 1) != 1) {
987 fprintf(stderr
, "Failed to start write on scm fd: %s\n", strerror(errno
));
993 msg
.msg_control
= cmsgbuf
;
994 msg
.msg_controllen
= sizeof(cmsgbuf
);
997 iov
.iov_len
= sizeof(buf
);
1002 FD_SET(sock
, &rfds
);
1005 if (select(sock
+1, &rfds
, NULL
, NULL
, &tv
) <= 0) {
1006 fprintf(stderr
, "Failed to select for scm_cred: %s\n",
1010 ret
= recvmsg(sock
, &msg
, MSG_DONTWAIT
);
1012 fprintf(stderr
, "Failed to receive scm_cred: %s\n",
1017 cmsg
= CMSG_FIRSTHDR(&msg
);
1019 if (cmsg
&& cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
)) &&
1020 cmsg
->cmsg_level
== SOL_SOCKET
&&
1021 cmsg
->cmsg_type
== SCM_CREDENTIALS
) {
1022 memcpy(cred
, CMSG_DATA(cmsg
), sizeof(*cred
));
1031 * pid_to_ns - reads pids from a ucred over a socket, then writes the
1032 * int value back over the socket. This shifts the pid from the
1033 * sender's pidns into tpid's pidns.
1035 static void pid_to_ns(int sock
, pid_t tpid
)
1040 while (recv_creds(sock
, &cred
, &v
)) {
1043 if (write(sock
, &cred
.pid
, sizeof(pid_t
)) != sizeof(pid_t
))
1050 * pid_to_ns_wrapper: when you setns into a pidns, you yourself remain
1051 * in your old pidns. Only children which you fork will be in the target
1052 * pidns. So the pid_to_ns_wrapper does the setns, then forks a child to
1053 * actually convert pids
1055 static void pid_to_ns_wrapper(int sock
, pid_t tpid
)
1057 int newnsfd
= -1, ret
, cpipe
[2];
1064 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", tpid
);
1065 if (ret
< 0 || ret
>= sizeof(fnam
))
1067 newnsfd
= open(fnam
, O_RDONLY
);
1070 if (setns(newnsfd
, 0) < 0)
1074 if (pipe(cpipe
) < 0)
1085 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
1086 fprintf(stderr
, "%s (child): erorr on write: %s\n",
1087 __func__
, strerror(errno
));
1090 pid_to_ns(sock
, tpid
);
1092 // give the child 1 second to be done forking and
1095 FD_SET(cpipe
[0], &s
);
1098 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
1101 ret
= read(cpipe
[0], &v
, 1);
1102 if (ret
!= sizeof(char) || v
!= '1') {
1106 if (!wait_for_pid(cpid
))
1111 kill(cpid
, SIGKILL
);
1117 * To read cgroup files with a particular pid, we will setns into the child
1118 * pidns, open a pipe, fork a child - which will be the first to really be in
1119 * the child ns - which does the cgm_get_value and writes the data to the pipe.
1121 static bool do_read_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, char **d
)
1123 int sock
[2] = {-1, -1};
1124 char *tmpdata
= NULL
;
1126 pid_t qpid
, cpid
= -1;
1127 bool answer
= false;
1131 size_t sz
= 0, asz
= 0;
1134 if (!cgm_get_value(contrl
, cg
, file
, &tmpdata
))
1138 * Now we read the pids from returned data one by one, pass
1139 * them into a child in the target namespace, read back the
1140 * translated pids, and put them into our to-return data
1143 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
1144 perror("socketpair");
1154 pid_to_ns_wrapper(sock
[1], tpid
);
1156 char *ptr
= tmpdata
;
1159 while (sscanf(ptr
, "%d\n", &qpid
) == 1) {
1161 ret
= send_creds(sock
[0], &cred
, v
, true);
1163 if (ret
== SEND_CREDS_NOTSK
)
1165 if (ret
== SEND_CREDS_FAIL
)
1168 // read converted results
1170 FD_SET(sock
[0], &s
);
1173 ret
= select(sock
[0]+1, &s
, NULL
, NULL
, &tv
);
1175 fprintf(stderr
, "%s: select error waiting for pid from child: %s\n",
1176 __func__
, strerror(errno
));
1179 if (read(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
1180 fprintf(stderr
, "%s: error reading pid from child: %s\n",
1181 __func__
, strerror(errno
));
1184 must_strcat_pid(d
, &sz
, &asz
, qpid
);
1186 ptr
= strchr(ptr
, '\n');
1192 cred
.pid
= getpid();
1194 if (send_creds(sock
[0], &cred
, v
, true) != SEND_CREDS_OK
) {
1195 // failed to ask child to exit
1196 fprintf(stderr
, "%s: failed to ask child to exit: %s\n",
1197 __func__
, strerror(errno
));
1207 if (sock
[0] != -1) {
1214 static int cg_read(const char *path
, char *buf
, size_t size
, off_t offset
,
1215 struct fuse_file_info
*fi
)
1217 struct fuse_context
*fc
= fuse_get_context();
1218 struct file_info
*f
= (struct file_info
*)fi
->fh
;
1219 struct cgm_keys
*k
= NULL
;
1224 if (f
->type
!= LXC_TYPE_CGFILE
) {
1225 fprintf(stderr
, "Internal error: directory cache info used in cg_read\n");
1238 if ((k
= get_cgroup_key(f
->controller
, f
->cgroup
, f
->file
)) == NULL
) {
1244 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_RDONLY
)) { // should never get here
1249 if (strcmp(f
->file
, "tasks") == 0 ||
1250 strcmp(f
->file
, "/tasks") == 0 ||
1251 strcmp(f
->file
, "/cgroup.procs") == 0 ||
1252 strcmp(f
->file
, "cgroup.procs") == 0)
1253 // special case - we have to translate the pids
1254 r
= do_read_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, &data
);
1256 r
= cgm_get_value(f
->controller
, f
->cgroup
, f
->file
, &data
);
1270 memcpy(buf
, data
, s
);
1271 if (s
> 0 && s
< size
&& data
[s
-1] != '\n')
1281 static void pid_from_ns(int sock
, pid_t tpid
)
1297 ret
= select(sock
+1, &s
, NULL
, NULL
, &tv
);
1299 fprintf(stderr
, "%s: bad select before read from parent: %s\n",
1300 __func__
, strerror(errno
));
1303 if ((ret
= read(sock
, &vpid
, sizeof(pid_t
))) != sizeof(pid_t
)) {
1304 fprintf(stderr
, "%s: bad read from parent: %s\n",
1305 __func__
, strerror(errno
));
1308 if (vpid
== -1) // done
1312 if (send_creds(sock
, &cred
, v
, true) != SEND_CREDS_OK
) {
1314 cred
.pid
= getpid();
1315 if (send_creds(sock
, &cred
, v
, false) != SEND_CREDS_OK
)
1322 static void pid_from_ns_wrapper(int sock
, pid_t tpid
)
1324 int newnsfd
= -1, ret
, cpipe
[2];
1331 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", tpid
);
1332 if (ret
< 0 || ret
>= sizeof(fnam
))
1334 newnsfd
= open(fnam
, O_RDONLY
);
1337 if (setns(newnsfd
, 0) < 0)
1341 if (pipe(cpipe
) < 0)
1353 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
1354 fprintf(stderr
, "%s (child): erorr on write: %s\n",
1355 __func__
, strerror(errno
));
1358 pid_from_ns(sock
, tpid
);
1361 // give the child 1 second to be done forking and
1364 FD_SET(cpipe
[0], &s
);
1367 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
1370 ret
= read(cpipe
[0], &v
, 1);
1371 if (ret
!= sizeof(char) || v
!= '1') {
1375 if (!wait_for_pid(cpid
))
1380 kill(cpid
, SIGKILL
);
1385 static bool do_write_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, const char *buf
)
1387 int sock
[2] = {-1, -1};
1388 pid_t qpid
, cpid
= -1;
1389 bool answer
= false, fail
= false;
1392 * write the pids to a socket, have helper in writer's pidns
1393 * call movepid for us
1395 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
1396 perror("socketpair");
1405 pid_from_ns_wrapper(sock
[1], tpid
);
1407 const char *ptr
= buf
;
1408 while (sscanf(ptr
, "%d", &qpid
) == 1) {
1412 if (write(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
1413 fprintf(stderr
, "%s: error writing pid to child: %s\n",
1414 __func__
, strerror(errno
));
1418 if (recv_creds(sock
[0], &cred
, &v
)) {
1420 if (!cgm_move_pid(contrl
, cg
, cred
.pid
))
1425 ptr
= strchr(ptr
, '\n');
1431 /* All good, write the value */
1433 if (write(sock
[0], &qpid
,sizeof(qpid
)) != sizeof(qpid
))
1434 fprintf(stderr
, "Warning: failed to ask child to exit\n");
1442 if (sock
[0] != -1) {
1449 int cg_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
1450 struct fuse_file_info
*fi
)
1452 struct fuse_context
*fc
= fuse_get_context();
1453 char *localbuf
= NULL
;
1454 struct cgm_keys
*k
= NULL
;
1455 struct file_info
*f
= (struct file_info
*)fi
->fh
;
1458 if (f
->type
!= LXC_TYPE_CGFILE
) {
1459 fprintf(stderr
, "Internal error: directory cache info used in cg_write\n");
1469 localbuf
= alloca(size
+1);
1470 localbuf
[size
] = '\0';
1471 memcpy(localbuf
, buf
, size
);
1473 if ((k
= get_cgroup_key(f
->controller
, f
->cgroup
, f
->file
)) == NULL
) {
1478 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_WRONLY
)) {
1483 if (strcmp(f
->file
, "tasks") == 0 ||
1484 strcmp(f
->file
, "/tasks") == 0 ||
1485 strcmp(f
->file
, "/cgroup.procs") == 0 ||
1486 strcmp(f
->file
, "cgroup.procs") == 0)
1487 // special case - we have to translate the pids
1488 r
= do_write_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, localbuf
);
1490 r
= cgm_set_value(f
->controller
, f
->cgroup
, f
->file
, localbuf
);
1500 int cg_chown(const char *path
, uid_t uid
, gid_t gid
)
1502 struct fuse_context
*fc
= fuse_get_context();
1503 char *cgdir
= NULL
, *fpath
= NULL
, *path1
, *path2
, *controller
;
1504 struct cgm_keys
*k
= NULL
;
1511 if (strcmp(path
, "/cgroup") == 0)
1514 controller
= pick_controller_from_path(fc
, path
);
1517 cgroup
= find_cgroup_in_path(path
);
1519 /* this is just /cgroup/controller */
1522 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1532 if (is_child_cgroup(controller
, path1
, path2
)) {
1533 // get uid, gid, from '/tasks' file and make up a mode
1534 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1535 k
= get_cgroup_key(controller
, cgroup
, "tasks");
1538 k
= get_cgroup_key(controller
, path1
, path2
);
1546 * This being a fuse request, the uid and gid must be valid
1547 * in the caller's namespace. So we can just check to make
1548 * sure that the caller is root in his uid, and privileged
1549 * over the file's current owner.
1551 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_REQD
)) {
1556 if (!cgm_chown_file(controller
, cgroup
, uid
, gid
)) {
1570 int cg_chmod(const char *path
, mode_t mode
)
1572 struct fuse_context
*fc
= fuse_get_context();
1573 char * cgdir
= NULL
, *fpath
= NULL
, *path1
, *path2
, *controller
;
1574 struct cgm_keys
*k
= NULL
;
1581 if (strcmp(path
, "/cgroup") == 0)
1584 controller
= pick_controller_from_path(fc
, path
);
1587 cgroup
= find_cgroup_in_path(path
);
1589 /* this is just /cgroup/controller */
1592 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1602 if (is_child_cgroup(controller
, path1
, path2
)) {
1603 // get uid, gid, from '/tasks' file and make up a mode
1604 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1605 k
= get_cgroup_key(controller
, cgroup
, "tasks");
1608 k
= get_cgroup_key(controller
, path1
, path2
);
1616 * This being a fuse request, the uid and gid must be valid
1617 * in the caller's namespace. So we can just check to make
1618 * sure that the caller is root in his uid, and privileged
1619 * over the file's current owner.
1621 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
)) {
1626 if (!cgm_chmod_file(controller
, cgroup
, mode
)) {
1638 int cg_mkdir(const char *path
, mode_t mode
)
1640 struct fuse_context
*fc
= fuse_get_context();
1641 char *fpath
= NULL
, *path1
, *cgdir
= NULL
, *controller
;
1649 controller
= pick_controller_from_path(fc
, path
);
1653 cgroup
= find_cgroup_in_path(path
);
1657 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1663 if (!fc_may_access(fc
, controller
, path1
, NULL
, O_RDWR
)) {
1667 if (!caller_is_in_ancestor(fc
->pid
, controller
, path1
, NULL
)) {
1672 if (fc
->uid
== 0 && fc
->gid
== 0) {
1673 if (!cgm_create(controller
, cgroup
)) {
1679 * exec a helerp so as to get a clean dbus connection
1680 * 17 for lxcfs_mkdir, and spaces and newline and \0. 50 for two ints.
1683 size_t len
= strlen(cgroup
) + strlen(controller
) + 17 + 50;
1684 char *cmd
= alloca(len
);
1685 ret
= snprintf(cmd
, len
, "lxcfs_mkdir %d %d %s %s\n",
1686 fc
->uid
, fc
->gid
, controller
, cgroup
);
1687 if (ret
< 0 || ret
>= len
) {
1703 static int cg_rmdir(const char *path
)
1705 struct fuse_context
*fc
= fuse_get_context();
1706 char *fpath
= NULL
, *cgdir
= NULL
, *controller
;
1713 controller
= pick_controller_from_path(fc
, path
);
1717 cgroup
= find_cgroup_in_path(path
);
1721 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1727 fprintf(stderr
, "rmdir: verifying access to %s:%s (req path %s)\n",
1728 controller
, cgdir
, path
);
1729 if (!fc_may_access(fc
, controller
, cgdir
, NULL
, O_WRONLY
)) {
1733 if (!caller_is_in_ancestor(fc
->pid
, controller
, cgroup
, NULL
)) {
1738 if (!cgm_remove(controller
, cgroup
)) {
1750 static bool startswith(const char *line
, const char *pref
)
1752 if (strncmp(line
, pref
, strlen(pref
)) == 0)
1757 static void get_mem_cached(char *memstat
, unsigned long *v
)
1763 if (startswith(memstat
, "total_cache")) {
1764 sscanf(memstat
+ 11, "%lu", v
);
1768 eol
= strchr(memstat
, '\n');
1775 static void get_blkio_io_value(char *str
, unsigned major
, unsigned minor
, char *iotype
, unsigned long *v
)
1781 snprintf(key
, 32, "%u:%u %s", major
, minor
, iotype
);
1783 size_t len
= strlen(key
);
1787 if (startswith(str
, key
)) {
1788 sscanf(str
+ len
, "%lu", v
);
1791 eol
= strchr(str
, '\n');
1798 static int read_file(const char *path
, char *buf
, size_t size
,
1799 struct file_info
*d
)
1801 size_t linelen
= 0, total_len
= 0, rv
= 0;
1803 char *cache
= d
->buf
;
1804 size_t cache_size
= d
->buflen
;
1805 FILE *f
= fopen(path
, "r");
1809 while (getline(&line
, &linelen
, f
) != -1) {
1810 size_t l
= snprintf(cache
, cache_size
, "%s", line
);
1812 perror("Error writing to cache");
1816 if (l
>= cache_size
) {
1817 fprintf(stderr
, "Internal error: truncated write to cache\n");
1821 if (l
< cache_size
) {
1826 cache
+= cache_size
;
1827 total_len
+= cache_size
;
1833 d
->size
= total_len
;
1834 if (total_len
> size
) total_len
= size
;
1836 /* read from off 0 */
1837 memcpy(buf
, d
->buf
, total_len
);
1846 * FUSE ops for /proc
1849 static int proc_meminfo_read(char *buf
, size_t size
, off_t offset
,
1850 struct fuse_file_info
*fi
)
1852 struct fuse_context
*fc
= fuse_get_context();
1853 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1855 char *memlimit_str
= NULL
, *memusage_str
= NULL
, *memstat_str
= NULL
;
1856 unsigned long memlimit
= 0, memusage
= 0, cached
= 0, hosttotal
= 0;
1858 size_t linelen
= 0, total_len
= 0, rv
= 0;
1859 char *cache
= d
->buf
;
1860 size_t cache_size
= d
->buflen
;
1864 if (offset
> d
->size
)
1866 int left
= d
->size
- offset
;
1867 total_len
= left
> size
? size
: left
;
1868 memcpy(buf
, cache
+ offset
, total_len
);
1872 cg
= get_pid_cgroup(fc
->pid
, "memory");
1874 return read_file("/proc/meminfo", buf
, size
, d
);
1876 if (!cgm_get_value("memory", cg
, "memory.limit_in_bytes", &memlimit_str
))
1878 if (!cgm_get_value("memory", cg
, "memory.usage_in_bytes", &memusage_str
))
1880 if (!cgm_get_value("memory", cg
, "memory.stat", &memstat_str
))
1882 memlimit
= strtoul(memlimit_str
, NULL
, 10);
1883 memusage
= strtoul(memusage_str
, NULL
, 10);
1886 get_mem_cached(memstat_str
, &cached
);
1888 f
= fopen("/proc/meminfo", "r");
1892 while (getline(&line
, &linelen
, f
) != -1) {
1894 char *printme
, lbuf
[100];
1896 memset(lbuf
, 0, 100);
1897 if (startswith(line
, "MemTotal:")) {
1898 sscanf(line
+14, "%lu", &hosttotal
);
1899 if (hosttotal
< memlimit
)
1900 memlimit
= hosttotal
;
1901 snprintf(lbuf
, 100, "MemTotal: %8lu kB\n", memlimit
);
1903 } else if (startswith(line
, "MemFree:")) {
1904 snprintf(lbuf
, 100, "MemFree: %8lu kB\n", memlimit
- memusage
);
1906 } else if (startswith(line
, "MemAvailable:")) {
1907 snprintf(lbuf
, 100, "MemAvailable: %8lu kB\n", memlimit
- memusage
);
1909 } else if (startswith(line
, "Buffers:")) {
1910 snprintf(lbuf
, 100, "Buffers: %8lu kB\n", 0UL);
1912 } else if (startswith(line
, "Cached:")) {
1913 snprintf(lbuf
, 100, "Cached: %8lu kB\n", cached
);
1915 } else if (startswith(line
, "SwapCached:")) {
1916 snprintf(lbuf
, 100, "SwapCached: %8lu kB\n", 0UL);
1921 l
= snprintf(cache
, cache_size
, "%s", printme
);
1923 perror("Error writing to cache");
1928 if (l
>= cache_size
) {
1929 fprintf(stderr
, "Internal error: truncated write to cache\n");
1939 d
->size
= total_len
;
1940 if (total_len
> size
) total_len
= size
;
1941 memcpy(buf
, d
->buf
, total_len
);
1956 * Read the cpuset.cpus for cg
1957 * Return the answer in a newly allocated string which must be freed
1959 static char *get_cpuset(const char *cg
)
1963 if (!cgm_get_value("cpuset", cg
, "cpuset.cpus", &answer
))
1968 bool cpu_in_cpuset(int cpu
, const char *cpuset
);
1970 static bool cpuline_in_cpuset(const char *line
, const char *cpuset
)
1974 if (sscanf(line
, "processor : %d", &cpu
) != 1)
1976 return cpu_in_cpuset(cpu
, cpuset
);
1980 * check whether this is a '^processor" line in /proc/cpuinfo
1982 static bool is_processor_line(const char *line
)
1986 if (sscanf(line
, "processor : %d", &cpu
) == 1)
1991 static int proc_cpuinfo_read(char *buf
, size_t size
, off_t offset
,
1992 struct fuse_file_info
*fi
)
1994 struct fuse_context
*fc
= fuse_get_context();
1995 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1997 char *cpuset
= NULL
;
1999 size_t linelen
= 0, total_len
= 0, rv
= 0;
2000 bool am_printing
= false;
2002 char *cache
= d
->buf
;
2003 size_t cache_size
= d
->buflen
;
2007 if (offset
> d
->size
)
2009 int left
= d
->size
- offset
;
2010 total_len
= left
> size
? size
: left
;
2011 memcpy(buf
, cache
+ offset
, total_len
);
2015 cg
= get_pid_cgroup(fc
->pid
, "cpuset");
2017 return read_file("proc/cpuinfo", buf
, size
, d
);
2019 cpuset
= get_cpuset(cg
);
2023 f
= fopen("/proc/cpuinfo", "r");
2027 while (getline(&line
, &linelen
, f
) != -1) {
2029 if (is_processor_line(line
)) {
2030 am_printing
= cpuline_in_cpuset(line
, cpuset
);
2033 l
= snprintf(cache
, cache_size
, "processor : %d\n", curcpu
);
2035 perror("Error writing to cache");
2039 if (l
>= cache_size
) {
2040 fprintf(stderr
, "Internal error: truncated write to cache\n");
2044 if (l
< cache_size
){
2049 cache
+= cache_size
;
2050 total_len
+= cache_size
;
2058 l
= snprintf(cache
, cache_size
, "%s", line
);
2060 perror("Error writing to cache");
2064 if (l
>= cache_size
) {
2065 fprintf(stderr
, "Internal error: truncated write to cache\n");
2069 if (l
< cache_size
) {
2074 cache
+= cache_size
;
2075 total_len
+= cache_size
;
2082 d
->size
= total_len
;
2083 if (total_len
> size
) total_len
= size
;
2085 /* read from off 0 */
2086 memcpy(buf
, d
->buf
, total_len
);
2097 static int proc_stat_read(char *buf
, size_t size
, off_t offset
,
2098 struct fuse_file_info
*fi
)
2100 struct fuse_context
*fc
= fuse_get_context();
2101 struct file_info
*d
= (struct file_info
*)fi
->fh
;
2103 char *cpuset
= NULL
;
2105 size_t linelen
= 0, total_len
= 0, rv
= 0;
2106 int curcpu
= -1; /* cpu numbering starts at 0 */
2107 unsigned long user
= 0, nice
= 0, system
= 0, idle
= 0, iowait
= 0, irq
= 0, softirq
= 0, steal
= 0, guest
= 0;
2108 unsigned long user_sum
= 0, nice_sum
= 0, system_sum
= 0, idle_sum
= 0, iowait_sum
= 0,
2109 irq_sum
= 0, softirq_sum
= 0, steal_sum
= 0, guest_sum
= 0;
2110 #define CPUALL_MAX_SIZE BUF_RESERVE_SIZE
2111 char cpuall
[CPUALL_MAX_SIZE
];
2112 /* reserve for cpu all */
2113 char *cache
= d
->buf
+ CPUALL_MAX_SIZE
;
2114 size_t cache_size
= d
->buflen
- CPUALL_MAX_SIZE
;
2118 if (offset
> d
->size
)
2120 int left
= d
->size
- offset
;
2121 total_len
= left
> size
? size
: left
;
2122 memcpy(buf
, d
->buf
+ offset
, total_len
);
2126 cg
= get_pid_cgroup(fc
->pid
, "cpuset");
2128 return read_file("/proc/stat", buf
, size
, d
);
2130 cpuset
= get_cpuset(cg
);
2134 f
= fopen("/proc/stat", "r");
2139 if (getline(&line
, &linelen
, f
) < 0) {
2140 fprintf(stderr
, "proc_stat_read read first line failed\n");
2144 while (getline(&line
, &linelen
, f
) != -1) {
2147 char cpu_char
[10]; /* That's a lot of cores */
2150 if (sscanf(line
, "cpu%9[^ ]", cpu_char
) != 1) {
2151 /* not a ^cpuN line containing a number N, just print it */
2152 l
= snprintf(cache
, cache_size
, "%s", line
);
2154 perror("Error writing to cache");
2158 if (l
>= cache_size
) {
2159 fprintf(stderr
, "Internal error: truncated write to cache\n");
2163 if (l
< cache_size
) {
2169 //no more space, break it
2170 cache
+= cache_size
;
2171 total_len
+= cache_size
;
2177 if (sscanf(cpu_char
, "%d", &cpu
) != 1)
2179 if (!cpu_in_cpuset(cpu
, cpuset
))
2183 c
= strchr(line
, ' ');
2186 l
= snprintf(cache
, cache_size
, "cpu%d%s", curcpu
, c
);
2188 perror("Error writing to cache");
2193 if (l
>= cache_size
) {
2194 fprintf(stderr
, "Internal error: truncated write to cache\n");
2203 if (sscanf(line
, "%*s %lu %lu %lu %lu %lu %lu %lu %lu %lu", &user
, &nice
, &system
, &idle
, &iowait
, &irq
,
2204 &softirq
, &steal
, &guest
) != 9)
2208 system_sum
+= system
;
2210 iowait_sum
+= iowait
;
2212 softirq_sum
+= softirq
;
2219 int cpuall_len
= snprintf(cpuall
, CPUALL_MAX_SIZE
, "%s %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
2220 "cpu ", user_sum
, nice_sum
, system_sum
, idle_sum
, iowait_sum
, irq_sum
, softirq_sum
, steal_sum
, guest_sum
);
2221 if (cpuall_len
> 0 && cpuall_len
< CPUALL_MAX_SIZE
){
2222 memcpy(cache
, cpuall
, cpuall_len
);
2223 cache
+= cpuall_len
;
2225 /* shouldn't happen */
2226 fprintf(stderr
, "proc_stat_read copy cpuall failed, cpuall_len=%d\n", cpuall_len
);
2230 memmove(cache
, d
->buf
+ CPUALL_MAX_SIZE
, total_len
);
2231 total_len
+= cpuall_len
;
2232 d
->size
= total_len
;
2233 if (total_len
> size
) total_len
= size
;
2235 memcpy(buf
, d
->buf
, total_len
);
2248 * How to guess what to present for uptime?
2249 * One thing we could do would be to take the date on the caller's
2250 * memory.usage_in_bytes file, which should equal the time of creation
2251 * of his cgroup. However, a task could be in a sub-cgroup of the
2252 * container. The same problem exists if we try to look at the ages
2253 * of processes in the caller's cgroup.
2255 * So we'll fork a task that will enter the caller's pidns, mount a
2256 * fresh procfs, get the age of /proc/1, and pass that back over a pipe.
2258 * For the second uptime #, we'll do as Stéphane had done, just copy
2259 * the number from /proc/uptime. Not sure how to best emulate 'idle'
2260 * time. Maybe someone can come up with a good algorithm and submit a
2261 * patch. Maybe something based on cpushare info?
2264 /* return age of the reaper for $pid, taken from ctime of its procdir */
2265 static long int get_pid1_time(pid_t pid
)
2268 int fd
, cpipe
[2], ret
;
2275 if (unshare(CLONE_NEWNS
))
2278 if (mount(NULL
, "/", NULL
, MS_SLAVE
|MS_REC
, NULL
)) {
2279 perror("rslave mount failed");
2283 ret
= snprintf(fnam
, sizeof(fnam
), "/proc/%d/ns/pid", pid
);
2284 if (ret
< 0 || ret
>= sizeof(fnam
))
2287 fd
= open(fnam
, O_RDONLY
);
2289 perror("get_pid1_time open of ns/pid");
2293 perror("get_pid1_time setns 1");
2299 if (pipe(cpipe
) < 0)
2310 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
2311 fprintf(stderr
, "%s (child): erorr on write: %s\n",
2312 __func__
, strerror(errno
));
2315 umount2("/proc", MNT_DETACH
);
2316 if (mount("proc", "/proc", "proc", 0, NULL
)) {
2317 perror("get_pid1_time mount");
2320 ret
= lstat("/proc/1", &sb
);
2322 perror("get_pid1_time lstat");
2325 return time(NULL
) - sb
.st_ctime
;
2328 // give the child 1 second to be done forking and
2331 FD_SET(cpipe
[0], &s
);
2334 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
2337 ret
= read(cpipe
[0], &v
, 1);
2338 if (ret
!= sizeof(char) || v
!= '1') {
2346 kill(cpid
, SIGKILL
);
2351 static long int getreaperage(pid_t qpid
)
2353 int pid
, mypipe
[2], ret
;
2356 long int mtime
, answer
= 0;
2364 if (!pid
) { // child
2365 mtime
= get_pid1_time(qpid
);
2366 if (write(mypipe
[1], &mtime
, sizeof(mtime
)) != sizeof(mtime
))
2367 fprintf(stderr
, "Warning: bad write from getreaperage\n");
2373 FD_SET(mypipe
[0], &s
);
2376 ret
= select(mypipe
[0]+1, &s
, NULL
, NULL
, &tv
);
2382 fprintf(stderr
, "timed out\n");
2385 if (read(mypipe
[0], &mtime
, sizeof(mtime
)) != sizeof(mtime
)) {
2397 static long int getprocidle(void)
2399 FILE *f
= fopen("/proc/uptime", "r");
2404 ret
= fscanf(f
, "%ld %ld", &age
, &idle
);
2412 * We read /proc/uptime and reuse its second field.
2413 * For the first field, we use the mtime for the reaper for
2414 * the calling pid as returned by getreaperage
2416 static int proc_uptime_read(char *buf
, size_t size
, off_t offset
,
2417 struct fuse_file_info
*fi
)
2419 struct fuse_context
*fc
= fuse_get_context();
2420 struct file_info
*d
= (struct file_info
*)fi
->fh
;
2421 long int reaperage
= getreaperage(fc
->pid
);;
2422 long int idletime
= getprocidle();
2423 size_t total_len
= 0;
2426 if (offset
> d
->size
)
2431 total_len
= snprintf(buf
, size
, "%ld %ld\n", reaperage
, idletime
);
2433 perror("Error writing to cache");
2436 if (total_len
>= size
){
2441 d
->size
= total_len
;
2445 static int proc_diskstats_read(char *buf
, size_t size
, off_t offset
,
2446 struct fuse_file_info
*fi
)
2449 struct fuse_context
*fc
= fuse_get_context();
2450 struct file_info
*d
= (struct file_info
*)fi
->fh
;
2452 char *io_serviced_str
= NULL
, *io_merged_str
= NULL
, *io_service_bytes_str
= NULL
,
2453 *io_wait_time_str
= NULL
, *io_service_time_str
= NULL
;
2454 unsigned long read
= 0, write
= 0;
2455 unsigned long read_merged
= 0, write_merged
= 0;
2456 unsigned long read_sectors
= 0, write_sectors
= 0;
2457 unsigned long read_ticks
= 0, write_ticks
= 0;
2458 unsigned long ios_pgr
= 0, tot_ticks
= 0, rq_ticks
= 0;
2459 unsigned long rd_svctm
= 0, wr_svctm
= 0, rd_wait
= 0, wr_wait
= 0;
2461 size_t linelen
= 0, total_len
= 0, rv
= 0;
2462 unsigned int major
= 0, minor
= 0;
2467 if (offset
> d
->size
)
2472 cg
= get_pid_cgroup(fc
->pid
, "blkio");
2474 return read_file("/proc/diskstats", buf
, size
, d
);
2476 if (!cgm_get_value("blkio", cg
, "blkio.io_serviced", &io_serviced_str
))
2478 if (!cgm_get_value("blkio", cg
, "blkio.io_merged", &io_merged_str
))
2480 if (!cgm_get_value("blkio", cg
, "blkio.io_service_bytes", &io_service_bytes_str
))
2482 if (!cgm_get_value("blkio", cg
, "blkio.io_wait_time", &io_wait_time_str
))
2484 if (!cgm_get_value("blkio", cg
, "blkio.io_service_time", &io_service_time_str
))
2488 f
= fopen("/proc/diskstats", "r");
2492 while (getline(&line
, &linelen
, f
) != -1) {
2494 char *printme
, lbuf
[256];
2496 i
= sscanf(line
, "%u %u %71s", &major
, &minor
, dev_name
);
2498 get_blkio_io_value(io_serviced_str
, major
, minor
, "Read", &read
);
2499 get_blkio_io_value(io_serviced_str
, major
, minor
, "Write", &write
);
2500 get_blkio_io_value(io_merged_str
, major
, minor
, "Read", &read_merged
);
2501 get_blkio_io_value(io_merged_str
, major
, minor
, "Write", &write_merged
);
2502 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Read", &read_sectors
);
2503 read_sectors
= read_sectors
/512;
2504 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Write", &write_sectors
);
2505 write_sectors
= write_sectors
/512;
2507 get_blkio_io_value(io_service_time_str
, major
, minor
, "Read", &rd_svctm
);
2508 rd_svctm
= rd_svctm
/1000000;
2509 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Read", &rd_wait
);
2510 rd_wait
= rd_wait
/1000000;
2511 read_ticks
= rd_svctm
+ rd_wait
;
2513 get_blkio_io_value(io_service_time_str
, major
, minor
, "Write", &wr_svctm
);
2514 wr_svctm
= wr_svctm
/1000000;
2515 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Write", &wr_wait
);
2516 wr_wait
= wr_wait
/1000000;
2517 write_ticks
= wr_svctm
+ wr_wait
;
2519 get_blkio_io_value(io_service_time_str
, major
, minor
, "Total", &tot_ticks
);
2520 tot_ticks
= tot_ticks
/1000000;
2525 memset(lbuf
, 0, 256);
2526 if (read
|| write
|| read_merged
|| write_merged
|| read_sectors
|| write_sectors
|| read_ticks
|| write_ticks
) {
2527 snprintf(lbuf
, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
2528 major
, minor
, dev_name
, read
, read_merged
, read_sectors
, read_ticks
,
2529 write
, write_merged
, write_sectors
, write_ticks
, ios_pgr
, tot_ticks
, rq_ticks
);
2534 l
= snprintf(buf
, size
, "%s", printme
);
2536 perror("Error writing to fuse buf");
2541 fprintf(stderr
, "Internal error: truncated write to cache\n");
2550 d
->size
= total_len
;
2557 free(io_serviced_str
);
2558 free(io_merged_str
);
2559 free(io_service_bytes_str
);
2560 free(io_wait_time_str
);
2561 free(io_service_time_str
);
2565 static off_t
get_procfile_size(const char *which
)
2567 FILE *f
= fopen(which
, "r");
2570 ssize_t sz
, answer
= 0;
2574 while ((sz
= getline(&line
, &len
, f
)) != -1)
2582 static int proc_getattr(const char *path
, struct stat
*sb
)
2584 struct timespec now
;
2586 memset(sb
, 0, sizeof(struct stat
));
2587 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
2589 sb
->st_uid
= sb
->st_gid
= 0;
2590 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
2591 if (strcmp(path
, "/proc") == 0) {
2592 sb
->st_mode
= S_IFDIR
| 00555;
2596 if (strcmp(path
, "/proc/meminfo") == 0 ||
2597 strcmp(path
, "/proc/cpuinfo") == 0 ||
2598 strcmp(path
, "/proc/uptime") == 0 ||
2599 strcmp(path
, "/proc/stat") == 0 ||
2600 strcmp(path
, "/proc/diskstats") == 0) {
2602 sb
->st_mode
= S_IFREG
| 00444;
2610 static int proc_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
2611 struct fuse_file_info
*fi
)
2613 if (filler(buf
, "cpuinfo", NULL
, 0) != 0 ||
2614 filler(buf
, "meminfo", NULL
, 0) != 0 ||
2615 filler(buf
, "stat", NULL
, 0) != 0 ||
2616 filler(buf
, "uptime", NULL
, 0) != 0 ||
2617 filler(buf
, "diskstats", NULL
, 0) != 0)
2622 static int proc_open(const char *path
, struct fuse_file_info
*fi
)
2625 struct file_info
*info
;
2627 if (strcmp(path
, "/proc/meminfo") == 0)
2628 type
= LXC_TYPE_PROC_MEMINFO
;
2629 else if (strcmp(path
, "/proc/cpuinfo") == 0)
2630 type
= LXC_TYPE_PROC_CPUINFO
;
2631 else if (strcmp(path
, "/proc/uptime") == 0)
2632 type
= LXC_TYPE_PROC_UPTIME
;
2633 else if (strcmp(path
, "/proc/stat") == 0)
2634 type
= LXC_TYPE_PROC_STAT
;
2635 else if (strcmp(path
, "/proc/diskstats") == 0)
2636 type
= LXC_TYPE_PROC_DISKSTATS
;
2640 info
= malloc(sizeof(*info
));
2644 memset(info
, 0, sizeof(*info
));
2647 info
->buflen
= get_procfile_size(path
) + BUF_RESERVE_SIZE
;
2649 info
->buf
= malloc(info
->buflen
);
2650 } while (!info
->buf
);
2651 memset(info
->buf
, 0, info
->buflen
);
2652 /* set actual size to buffer size */
2653 info
->size
= info
->buflen
;
2655 fi
->fh
= (unsigned long)info
;
2659 static int proc_release(const char *path
, struct fuse_file_info
*fi
)
2661 struct file_info
*f
= (struct file_info
*)fi
->fh
;
2663 do_release_file_info(f
);
2667 static int proc_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2668 struct fuse_file_info
*fi
)
2670 struct file_info
*f
= (struct file_info
*) fi
->fh
;
2673 case LXC_TYPE_PROC_MEMINFO
:
2674 return proc_meminfo_read(buf
, size
, offset
, fi
);
2675 case LXC_TYPE_PROC_CPUINFO
:
2676 return proc_cpuinfo_read(buf
, size
, offset
, fi
);
2677 case LXC_TYPE_PROC_UPTIME
:
2678 return proc_uptime_read(buf
, size
, offset
, fi
);
2679 case LXC_TYPE_PROC_STAT
:
2680 return proc_stat_read(buf
, size
, offset
, fi
);
2681 case LXC_TYPE_PROC_DISKSTATS
:
2682 return proc_diskstats_read(buf
, size
, offset
, fi
);
2690 * these just delegate to the /proc and /cgroup ops as
2694 static int lxcfs_getattr(const char *path
, struct stat
*sb
)
2696 if (strcmp(path
, "/") == 0) {
2697 sb
->st_mode
= S_IFDIR
| 00755;
2701 if (strncmp(path
, "/cgroup", 7) == 0) {
2702 return cg_getattr(path
, sb
);
2704 if (strncmp(path
, "/proc", 5) == 0) {
2705 return proc_getattr(path
, sb
);
2710 static int lxcfs_opendir(const char *path
, struct fuse_file_info
*fi
)
2712 if (strcmp(path
, "/") == 0)
2715 if (strncmp(path
, "/cgroup", 7) == 0) {
2716 return cg_opendir(path
, fi
);
2718 if (strcmp(path
, "/proc") == 0)
2723 static int lxcfs_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
2724 struct fuse_file_info
*fi
)
2726 if (strcmp(path
, "/") == 0) {
2727 if (filler(buf
, "proc", NULL
, 0) != 0 ||
2728 filler(buf
, "cgroup", NULL
, 0) != 0)
2732 if (strncmp(path
, "/cgroup", 7) == 0)
2733 return cg_readdir(path
, buf
, filler
, offset
, fi
);
2734 if (strcmp(path
, "/proc") == 0)
2735 return proc_readdir(path
, buf
, filler
, offset
, fi
);
2739 static int lxcfs_releasedir(const char *path
, struct fuse_file_info
*fi
)
2741 if (strcmp(path
, "/") == 0)
2743 if (strncmp(path
, "/cgroup", 7) == 0) {
2744 return cg_releasedir(path
, fi
);
2746 if (strcmp(path
, "/proc") == 0)
2751 static int lxcfs_open(const char *path
, struct fuse_file_info
*fi
)
2753 if (strncmp(path
, "/cgroup", 7) == 0)
2754 return cg_open(path
, fi
);
2755 if (strncmp(path
, "/proc", 5) == 0)
2756 return proc_open(path
, fi
);
2761 static int lxcfs_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2762 struct fuse_file_info
*fi
)
2764 if (strncmp(path
, "/cgroup", 7) == 0)
2765 return cg_read(path
, buf
, size
, offset
, fi
);
2766 if (strncmp(path
, "/proc", 5) == 0)
2767 return proc_read(path
, buf
, size
, offset
, fi
);
2772 int lxcfs_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
2773 struct fuse_file_info
*fi
)
2775 if (strncmp(path
, "/cgroup", 7) == 0) {
2776 return cg_write(path
, buf
, size
, offset
, fi
);
2782 static int lxcfs_flush(const char *path
, struct fuse_file_info
*fi
)
2787 static int lxcfs_release(const char *path
, struct fuse_file_info
*fi
)
2789 if (strncmp(path
, "/cgroup", 7) == 0)
2790 return cg_release(path
, fi
);
2791 if (strncmp(path
, "/proc", 5) == 0)
2792 return proc_release(path
, fi
);
2797 static int lxcfs_fsync(const char *path
, int datasync
, struct fuse_file_info
*fi
)
2802 int lxcfs_mkdir(const char *path
, mode_t mode
)
2804 if (strncmp(path
, "/cgroup", 7) == 0)
2805 return cg_mkdir(path
, mode
);
2810 int lxcfs_chown(const char *path
, uid_t uid
, gid_t gid
)
2812 if (strncmp(path
, "/cgroup", 7) == 0)
2813 return cg_chown(path
, uid
, gid
);
2819 * cat first does a truncate before doing ops->write. This doesn't
2820 * really make sense for cgroups. So just return 0 always but do
2823 int lxcfs_truncate(const char *path
, off_t newsize
)
2825 if (strncmp(path
, "/cgroup", 7) == 0)
2830 int lxcfs_rmdir(const char *path
)
2832 if (strncmp(path
, "/cgroup", 7) == 0)
2833 return cg_rmdir(path
);
2837 int lxcfs_chmod(const char *path
, mode_t mode
)
2839 if (strncmp(path
, "/cgroup", 7) == 0)
2840 return cg_chmod(path
, mode
);
2844 const struct fuse_operations lxcfs_ops
= {
2845 .getattr
= lxcfs_getattr
,
2849 .mkdir
= lxcfs_mkdir
,
2851 .rmdir
= lxcfs_rmdir
,
2855 .chmod
= lxcfs_chmod
,
2856 .chown
= lxcfs_chown
,
2857 .truncate
= lxcfs_truncate
,
2862 .release
= lxcfs_release
,
2863 .write
= lxcfs_write
,
2866 .flush
= lxcfs_flush
,
2867 .fsync
= lxcfs_fsync
,
2872 .removexattr
= NULL
,
2874 .opendir
= lxcfs_opendir
,
2875 .readdir
= lxcfs_readdir
,
2876 .releasedir
= lxcfs_releasedir
,
2887 static void usage(const char *me
)
2889 fprintf(stderr
, "Usage:\n");
2890 fprintf(stderr
, "\n");
2891 fprintf(stderr
, "%s mountpoint\n", me
);
2892 fprintf(stderr
, "%s -h\n", me
);
2896 static bool is_help(char *w
)
2898 if (strcmp(w
, "-h") == 0 ||
2899 strcmp(w
, "--help") == 0 ||
2900 strcmp(w
, "-help") == 0 ||
2901 strcmp(w
, "help") == 0)
2906 void swallow_arg(int *argcp
, char *argv
[], char *which
)
2910 for (i
= 1; argv
[i
]; i
++) {
2911 if (strcmp(argv
[i
], which
) != 0)
2913 for (; argv
[i
]; i
++) {
2914 argv
[i
] = argv
[i
+1];
2921 void swallow_option(int *argcp
, char *argv
[], char *opt
, char *v
)
2925 for (i
= 1; argv
[i
]; i
++) {
2928 if (strcmp(argv
[i
], opt
) != 0)
2930 if (strcmp(argv
[i
+1], v
) != 0) {
2931 fprintf(stderr
, "Warning: unexpected fuse option %s\n", v
);
2934 for (; argv
[i
+1]; i
++) {
2935 argv
[i
] = argv
[i
+2];
2942 int main(int argc
, char *argv
[])
2945 struct lxcfs_state
*d
= NULL
;
2947 * what we pass to fuse_main is:
2948 * argv[0] -s -f -o allow_other,directio argv[1] NULL
2950 int nargs
= 5, cnt
= 0;
2953 /* accomodate older init scripts */
2954 swallow_arg(&argc
, argv
, "-s");
2955 swallow_arg(&argc
, argv
, "-f");
2956 swallow_option(&argc
, argv
, "-o", "allow_other");
2958 if (argc
== 2 && strcmp(argv
[1], "--version") == 0) {
2959 fprintf(stderr
, "%s\n", VERSION
);
2962 if (argc
!= 2 || is_help(argv
[1]))
2966 d
= malloc(sizeof(*d
));
2969 newargv
[cnt
++] = argv
[0];
2970 newargv
[cnt
++] = "-f";
2971 newargv
[cnt
++] = "-o";
2972 newargv
[cnt
++] = "allow_other,direct_io";
2973 newargv
[cnt
++] = argv
[1];
2974 newargv
[cnt
++] = NULL
;
2976 if (!cgm_escape_cgroup())
2977 fprintf(stderr
, "WARNING: failed to escape to root cgroup\n");
2979 if (!cgm_get_controllers(&d
->subsystems
))
2982 ret
= fuse_main(nargs
, newargv
, &lxcfs_ops
, d
);
2983 cgm_dbus_disconnect();