3 * Copyright © 2014 Canonical, Inc
4 * Author: Serge Hallyn <serge.hallyn@ubuntu.com>
6 * See COPYING file for details.
9 #define FUSE_USE_VERSION 26
23 #include <linux/sched.h>
24 #include <sys/socket.h>
25 #include <sys/mount.h>
28 #include <nih/alloc.h>
29 #include <nih/string.h>
31 #include "cgmanager.h"
35 * a null-terminated, nih-allocated list of the mounted subsystems. We
36 * detect this at startup.
40 #define LXCFS_DATA ((struct lxcfs_state *) fuse_get_context()->private_data)
45 LXC_TYPE_PROC_MEMINFO
,
46 LXC_TYPE_PROC_CPUINFO
,
49 LXC_TYPE_PROC_DISKSTATS
,
57 char *buf
; // unused as of yet
59 int size
; //actual data size
62 /* reserve buffer size, for cpuall in /proc/stat */
63 #define BUF_RESERVE_SIZE 256
65 static char *must_copy_string(void *parent
, const char *str
)
69 return NIH_MUST( nih_strdup(parent
, str
) );
73 * TODO - return value should denote whether child exited with failure
74 * so callers can return errors. Esp read/write of tasks and cgroup.procs
76 static int wait_for_pid(pid_t pid
)
81 ret
= waitpid(pid
, &status
, 0);
89 if (!WIFEXITED(status
) || WEXITSTATUS(status
) != 0)
95 * Given a open file * to /proc/pid/{u,g}id_map, and an id
96 * valid in the caller's namespace, return the id mapped into
98 * Returns the mapped id, or -1 on error.
101 convert_id_to_ns(FILE *idfile
, unsigned int in_id
)
103 unsigned int nsuid
, // base id for a range in the idfile's namespace
104 hostuid
, // base id for a range in the caller's namespace
105 count
; // number of ids in this range
109 fseek(idfile
, 0L, SEEK_SET
);
110 while (fgets(line
, 400, idfile
)) {
111 ret
= sscanf(line
, "%u %u %u\n", &nsuid
, &hostuid
, &count
);
114 if (hostuid
+ count
< hostuid
|| nsuid
+ count
< nsuid
) {
116 * uids wrapped around - unexpected as this is a procfile,
119 fprintf(stderr
, "pid wrapparound at entry %u %u %u in %s\n",
120 nsuid
, hostuid
, count
, line
);
123 if (hostuid
<= in_id
&& hostuid
+count
> in_id
) {
125 * now since hostuid <= in_id < hostuid+count, and
126 * hostuid+count and nsuid+count do not wrap around,
127 * we know that nsuid+(in_id-hostuid) which must be
128 * less that nsuid+(count) must not wrap around
130 return (in_id
- hostuid
) + nsuid
;
139 * for is_privileged_over,
140 * specify whether we require the calling uid to be root in his
143 #define NS_ROOT_REQD true
144 #define NS_ROOT_OPT false
146 static bool is_privileged_over(pid_t pid
, uid_t uid
, uid_t victim
, bool req_ns_root
)
148 nih_local
char *fpath
= NULL
;
152 if (victim
== -1 || uid
== -1)
156 * If the request is one not requiring root in the namespace,
157 * then having the same uid suffices. (i.e. uid 1000 has write
158 * access to files owned by uid 1000
160 if (!req_ns_root
&& uid
== victim
)
163 fpath
= NIH_MUST( nih_sprintf(NULL
, "/proc/%d/uid_map", pid
) );
164 FILE *f
= fopen(fpath
, "r");
168 /* if caller's not root in his namespace, reject */
169 nsuid
= convert_id_to_ns(f
, uid
);
174 * If victim is not mapped into caller's ns, reject.
175 * XXX I'm not sure this check is needed given that fuse
176 * will be sending requests where the vfs has converted
178 nsuid
= convert_id_to_ns(f
, victim
);
189 static bool perms_include(int fmode
, mode_t req_mode
)
193 switch (req_mode
& O_ACCMODE
) {
201 r
= S_IROTH
| S_IWOTH
;
206 return ((fmode
& r
) == r
);
209 static char *get_next_cgroup_dir(const char *taskcg
, const char *querycg
)
213 if (strlen(taskcg
) <= strlen(querycg
)) {
214 fprintf(stderr
, "%s: I was fed bad input\n", __func__
);
218 if (strcmp(querycg
, "/") == 0)
219 start
= NIH_MUST( nih_strdup(NULL
, taskcg
+ 1) );
221 start
= NIH_MUST( nih_strdup(NULL
, taskcg
+ strlen(querycg
) + 1) );
222 end
= strchr(start
, '/');
229 * check whether a fuse context may access a cgroup dir or file
231 * If file is not null, it is a cgroup file to check under cg.
232 * If file is null, then we are checking perms on cg itself.
234 * For files we can check the mode of the list_keys result.
235 * For cgroups, we must make assumptions based on the files under the
236 * cgroup, because cgmanager doesn't tell us ownership/perms of cgroups
239 static bool fc_may_access(struct fuse_context
*fc
, const char *contrl
, const char *cg
, const char *file
, mode_t mode
)
241 nih_local
struct cgm_keys
**list
= NULL
;
250 if (!cgm_list_keys(contrl
, cg
, &list
))
252 for (i
= 0; list
[i
]; i
++) {
253 if (strcmp(list
[i
]->name
, file
) == 0) {
254 struct cgm_keys
*k
= list
[i
];
255 if (is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
)) {
256 if (perms_include(k
->mode
>> 6, mode
))
259 if (fc
->gid
== k
->gid
) {
260 if (perms_include(k
->mode
>> 3, mode
))
263 return perms_include(k
->mode
, mode
);
270 static void stripnewline(char *x
)
272 size_t l
= strlen(x
);
273 if (l
&& x
[l
-1] == '\n')
278 * If caller is in /a/b/c/d, he may only act on things under cg=/a/b/c/d.
279 * If caller is in /a, he may act on /a/b, but not on /b.
280 * if the answer is false and nextcg is not NULL, then *nextcg will point
281 * to a nih_alloc'd string containing the next cgroup directory under cg
283 static bool caller_is_in_ancestor(pid_t pid
, const char *contrl
, const char *cg
, char **nextcg
)
285 nih_local
char *fnam
= NULL
;
291 fnam
= NIH_MUST( nih_sprintf(NULL
, "/proc/%d/cgroup", pid
) );
292 if (!(f
= fopen(fnam
, "r")))
295 while (getline(&line
, &len
, f
) != -1) {
296 char *c1
, *c2
, *linecmp
;
299 c1
= strchr(line
, ':');
303 c2
= strchr(c1
, ':');
307 if (strcmp(c1
, contrl
) != 0)
312 * callers pass in '/' for root cgroup, otherwise they pass
313 * in a cgroup without leading '/'
315 linecmp
= *cg
== '/' ? c2
: c2
+1;
316 if (strncmp(linecmp
, cg
, strlen(linecmp
)) != 0) {
318 *nextcg
= get_next_cgroup_dir(linecmp
, cg
);
332 * given /cgroup/freezer/a/b, return "freezer". this will be nih-allocated
333 * and needs to be nih_freed.
335 static char *pick_controller_from_path(struct fuse_context
*fc
, const char *path
)
340 if (strlen(path
) < 9)
342 if (*(path
+7) != '/')
345 ret
= nih_strdup(NULL
, p1
);
348 slash
= strstr(ret
, "/");
352 /* verify that it is a subsystem */
353 char **list
= LXCFS_DATA
? LXCFS_DATA
->subsystems
: NULL
;
359 for (i
= 0; list
[i
]; i
++) {
360 if (strcmp(list
[i
], ret
) == 0)
368 * Find the start of cgroup in /cgroup/controller/the/cgroup/path
369 * Note that the returned value may include files (keynames) etc
371 static const char *find_cgroup_in_path(const char *path
)
375 if (strlen(path
) < 9)
377 p1
= strstr(path
+8, "/");
383 static bool is_child_cgroup(const char *contr
, const char *dir
, const char *f
)
385 nih_local
char **list
= NULL
;
393 if (!cgm_list_children(contr
, dir
, &list
))
395 for (i
= 0; list
[i
]; i
++) {
396 if (strcmp(list
[i
], f
) == 0)
403 static struct cgm_keys
*get_cgroup_key(const char *contr
, const char *dir
, const char *f
)
405 nih_local
struct cgm_keys
**list
= NULL
;
413 if (!cgm_list_keys(contr
, dir
, &list
))
415 for (i
= 0; list
[i
]; i
++) {
416 if (strcmp(list
[i
]->name
, f
) == 0) {
417 k
= NIH_MUST( nih_alloc(NULL
, (sizeof(*k
))) );
418 k
->name
= NIH_MUST( nih_strdup(k
, list
[i
]->name
) );
419 k
->uid
= list
[i
]->uid
;
420 k
->gid
= list
[i
]->gid
;
421 k
->mode
= list
[i
]->mode
;
429 static void get_cgdir_and_path(const char *cg
, char **dir
, char **file
)
433 *dir
= NIH_MUST( nih_strdup(NULL
, cg
) );
434 *file
= strrchr(cg
, '/');
439 p
= strrchr(*dir
, '/');
444 * FUSE ops for /cgroup
447 static int cg_getattr(const char *path
, struct stat
*sb
)
450 struct fuse_context
*fc
= fuse_get_context();
451 nih_local
char * cgdir
= NULL
;
452 char *fpath
= NULL
, *path1
, *path2
;
453 nih_local
struct cgm_keys
*k
= NULL
;
455 nih_local
char *controller
= NULL
;
461 memset(sb
, 0, sizeof(struct stat
));
463 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
466 sb
->st_uid
= sb
->st_gid
= 0;
467 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
470 if (strcmp(path
, "/cgroup") == 0) {
471 sb
->st_mode
= S_IFDIR
| 00755;
476 controller
= pick_controller_from_path(fc
, path
);
479 cgroup
= find_cgroup_in_path(path
);
481 /* this is just /cgroup/controller, return it as a dir */
482 sb
->st_mode
= S_IFDIR
| 00755;
487 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
497 /* check that cgcopy is either a child cgroup of cgdir, or listed in its keys.
498 * Then check that caller's cgroup is under path if fpath is a child
499 * cgroup, or cgdir if fpath is a file */
501 if (is_child_cgroup(controller
, path1
, path2
)) {
502 if (!caller_is_in_ancestor(fc
->pid
, controller
, cgroup
, NULL
)) {
503 /* this is just /cgroup/controller, return it as a dir */
504 sb
->st_mode
= S_IFDIR
| 00555;
508 if (!fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
))
511 // get uid, gid, from '/tasks' file and make up a mode
512 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
513 sb
->st_mode
= S_IFDIR
| 00755;
514 k
= get_cgroup_key(controller
, cgroup
, "tasks");
516 sb
->st_uid
= sb
->st_gid
= 0;
525 if ((k
= get_cgroup_key(controller
, path1
, path2
)) != NULL
) {
526 if (!caller_is_in_ancestor(fc
->pid
, controller
, path1
, NULL
))
528 if (!fc_may_access(fc
, controller
, path1
, path2
, O_RDONLY
))
531 sb
->st_mode
= S_IFREG
| k
->mode
;
543 * TODO - cache these results in a table for use in opendir, free
546 static int cg_opendir(const char *path
, struct fuse_file_info
*fi
)
548 struct fuse_context
*fc
= fuse_get_context();
549 nih_local
struct cgm_keys
**list
= NULL
;
551 struct file_info
*dir_info
;
552 nih_local
char *controller
= NULL
;
557 if (strcmp(path
, "/cgroup") == 0) {
561 // return list of keys for the controller, and list of child cgroups
562 controller
= pick_controller_from_path(fc
, path
);
566 cgroup
= find_cgroup_in_path(path
);
568 /* this is just /cgroup/controller, return its contents */
573 if (cgroup
&& !fc_may_access(fc
, controller
, cgroup
, NULL
, O_RDONLY
))
576 /* we'll free this at cg_releasedir */
577 dir_info
= NIH_MUST( nih_alloc(NULL
, sizeof(*dir_info
)) );
578 dir_info
->controller
= must_copy_string(dir_info
, controller
);
579 dir_info
->cgroup
= must_copy_string(dir_info
, cgroup
);
580 dir_info
->type
= LXC_TYPE_CGDIR
;
581 dir_info
->buf
= NULL
;
582 dir_info
->file
= NULL
;
583 dir_info
->buflen
= 0;
585 fi
->fh
= (unsigned long)dir_info
;
589 static int cg_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
590 struct fuse_file_info
*fi
)
592 struct file_info
*d
= (struct file_info
*)fi
->fh
;
593 nih_local
struct cgm_keys
**list
= NULL
;
595 nih_local
char *nextcg
= NULL
;
596 struct fuse_context
*fc
= fuse_get_context();
598 if (d
->type
!= LXC_TYPE_CGDIR
) {
599 fprintf(stderr
, "Internal error: file cache info used in readdir\n");
602 if (!d
->cgroup
&& !d
->controller
) {
603 // ls /var/lib/lxcfs/cgroup - just show list of controllers
604 char **list
= LXCFS_DATA
? LXCFS_DATA
->subsystems
: NULL
;
610 for (i
= 0; list
[i
]; i
++) {
611 if (filler(buf
, list
[i
], NULL
, 0) != 0) {
618 if (!cgm_list_keys(d
->controller
, d
->cgroup
, &list
))
619 // not a valid cgroup
622 if (!caller_is_in_ancestor(fc
->pid
, d
->controller
, d
->cgroup
, &nextcg
)) {
625 ret
= filler(buf
, nextcg
, NULL
, 0);
632 for (i
= 0; list
[i
]; i
++) {
633 if (filler(buf
, list
[i
]->name
, NULL
, 0) != 0) {
638 // now get the list of child cgroups
639 nih_local
char **clist
= NULL
;
641 if (!cgm_list_children(d
->controller
, d
->cgroup
, &clist
))
643 for (i
= 0; clist
[i
]; i
++) {
644 if (filler(buf
, clist
[i
], NULL
, 0) != 0) {
651 static void do_release_file_info(struct file_info
*f
)
654 * all file_info fields which are nih_alloc()d with f as parent
655 * will be automatically freed
660 static int cg_releasedir(const char *path
, struct fuse_file_info
*fi
)
662 struct file_info
*d
= (struct file_info
*)fi
->fh
;
664 do_release_file_info(d
);
668 static int cg_open(const char *path
, struct fuse_file_info
*fi
)
670 nih_local
char *controller
= NULL
;
672 char *fpath
= NULL
, *path1
, *path2
;
673 nih_local
char * cgdir
= NULL
;
674 nih_local
struct cgm_keys
*k
= NULL
;
675 struct file_info
*file_info
;
676 struct fuse_context
*fc
= fuse_get_context();
681 controller
= pick_controller_from_path(fc
, path
);
684 cgroup
= find_cgroup_in_path(path
);
688 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
697 k
= get_cgroup_key(controller
, path1
, path2
);
701 if (!fc_may_access(fc
, controller
, path1
, path2
, fi
->flags
))
702 // should never get here
705 /* we'll free this at cg_release */
706 file_info
= NIH_MUST( nih_alloc(NULL
, sizeof(*file_info
)) );
707 file_info
->controller
= must_copy_string(file_info
, controller
);
708 file_info
->cgroup
= must_copy_string(file_info
, path1
);
709 file_info
->file
= must_copy_string(file_info
, path2
);
710 file_info
->type
= LXC_TYPE_CGFILE
;
711 file_info
->buf
= NULL
;
712 file_info
->buflen
= 0;
714 fi
->fh
= (unsigned long)file_info
;
718 static int cg_release(const char *path
, struct fuse_file_info
*fi
)
720 struct file_info
*f
= (struct file_info
*)fi
->fh
;
722 do_release_file_info(f
);
726 static int msgrecv(int sockfd
, void *buf
, size_t len
)
732 FD_SET(sockfd
, &rfds
);
736 if (select(sockfd
+1, &rfds
, NULL
, NULL
, &tv
) <= 0)
738 return recv(sockfd
, buf
, len
, MSG_DONTWAIT
);
741 #define SEND_CREDS_OK 0
742 #define SEND_CREDS_NOTSK 1
743 #define SEND_CREDS_FAIL 2
744 static int send_creds(int sock
, struct ucred
*cred
, char v
, bool pingfirst
)
746 struct msghdr msg
= { 0 };
748 struct cmsghdr
*cmsg
;
749 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
754 if (msgrecv(sock
, buf
, 1) != 1) {
755 fprintf(stderr
, "%s: Error getting reply from server over socketpair\n",
757 return SEND_CREDS_FAIL
;
761 msg
.msg_control
= cmsgbuf
;
762 msg
.msg_controllen
= sizeof(cmsgbuf
);
764 cmsg
= CMSG_FIRSTHDR(&msg
);
765 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct ucred
));
766 cmsg
->cmsg_level
= SOL_SOCKET
;
767 cmsg
->cmsg_type
= SCM_CREDENTIALS
;
768 memcpy(CMSG_DATA(cmsg
), cred
, sizeof(*cred
));
775 iov
.iov_len
= sizeof(buf
);
779 if (sendmsg(sock
, &msg
, 0) < 0) {
780 fprintf(stderr
, "%s: failed at sendmsg: %s\n", __func__
,
783 return SEND_CREDS_NOTSK
;
784 return SEND_CREDS_FAIL
;
787 return SEND_CREDS_OK
;
790 static bool recv_creds(int sock
, struct ucred
*cred
, char *v
)
792 struct msghdr msg
= { 0 };
794 struct cmsghdr
*cmsg
;
795 char cmsgbuf
[CMSG_SPACE(sizeof(*cred
))];
808 if (setsockopt(sock
, SOL_SOCKET
, SO_PASSCRED
, &optval
, sizeof(optval
)) == -1) {
809 fprintf(stderr
, "Failed to set passcred: %s\n", strerror(errno
));
813 if (write(sock
, buf
, 1) != 1) {
814 fprintf(stderr
, "Failed to start write on scm fd: %s\n", strerror(errno
));
820 msg
.msg_control
= cmsgbuf
;
821 msg
.msg_controllen
= sizeof(cmsgbuf
);
824 iov
.iov_len
= sizeof(buf
);
832 if (select(sock
+1, &rfds
, NULL
, NULL
, &tv
) <= 0) {
833 fprintf(stderr
, "Failed to select for scm_cred: %s\n",
837 ret
= recvmsg(sock
, &msg
, MSG_DONTWAIT
);
839 fprintf(stderr
, "Failed to receive scm_cred: %s\n",
844 cmsg
= CMSG_FIRSTHDR(&msg
);
846 if (cmsg
&& cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
)) &&
847 cmsg
->cmsg_level
== SOL_SOCKET
&&
848 cmsg
->cmsg_type
== SCM_CREDENTIALS
) {
849 memcpy(cred
, CMSG_DATA(cmsg
), sizeof(*cred
));
858 * pid_to_ns - reads pids from a ucred over a socket, then writes the
859 * int value back over the socket. This shifts the pid from the
860 * sender's pidns into tpid's pidns.
862 static void pid_to_ns(int sock
, pid_t tpid
)
867 while (recv_creds(sock
, &cred
, &v
)) {
870 if (write(sock
, &cred
.pid
, sizeof(pid_t
)) != sizeof(pid_t
))
877 * pid_to_ns_wrapper: when you setns into a pidns, you yourself remain
878 * in your old pidns. Only children which you fork will be in the target
879 * pidns. So the pid_to_ns_wrapper does the setns, then forks a child to
880 * actually convert pids
882 static void pid_to_ns_wrapper(int sock
, pid_t tpid
)
884 int newnsfd
= -1, ret
, cpipe
[2];
891 sprintf(fnam
, "/proc/%d/ns/pid", tpid
);
892 newnsfd
= open(fnam
, O_RDONLY
);
895 if (setns(newnsfd
, 0) < 0)
910 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
911 fprintf(stderr
, "%s (child): erorr on write: %s\n",
912 __func__
, strerror(errno
));
915 pid_to_ns(sock
, tpid
);
917 // give the child 1 second to be done forking and
920 FD_SET(cpipe
[0], &s
);
923 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
926 ret
= read(cpipe
[0], &v
, 1);
927 if (ret
!= sizeof(char) || v
!= '1') {
931 if (!wait_for_pid(cpid
))
942 * To read cgroup files with a particular pid, we will setns into the child
943 * pidns, open a pipe, fork a child - which will be the first to really be in
944 * the child ns - which does the cgm_get_value and writes the data to the pipe.
946 static bool do_read_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, char **d
)
948 int sock
[2] = {-1, -1};
949 nih_local
char *tmpdata
= NULL
;
951 pid_t qpid
, cpid
= -1;
958 if (!cgm_get_value(contrl
, cg
, file
, &tmpdata
))
962 * Now we read the pids from returned data one by one, pass
963 * them into a child in the target namespace, read back the
964 * translated pids, and put them into our to-return data
967 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
968 perror("socketpair");
977 pid_to_ns_wrapper(sock
[1], tpid
);
982 while (sscanf(ptr
, "%d\n", &qpid
) == 1) {
984 ret
= send_creds(sock
[0], &cred
, v
, true);
986 if (ret
== SEND_CREDS_NOTSK
)
988 if (ret
== SEND_CREDS_FAIL
)
991 // read converted results
996 ret
= select(sock
[0]+1, &s
, NULL
, NULL
, &tv
);
998 fprintf(stderr
, "%s: select error waiting for pid from child: %s\n",
999 __func__
, strerror(errno
));
1002 if (read(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
1003 fprintf(stderr
, "%s: error reading pid from child: %s\n",
1004 __func__
, strerror(errno
));
1007 NIH_MUST( nih_strcat_sprintf(d
, NULL
, "%d\n", qpid
) );
1009 ptr
= strchr(ptr
, '\n');
1015 cred
.pid
= getpid();
1017 if (send_creds(sock
[0], &cred
, v
, true) != SEND_CREDS_OK
) {
1018 // failed to ask child to exit
1019 fprintf(stderr
, "%s: failed to ask child to exit: %s\n",
1020 __func__
, strerror(errno
));
1029 if (sock
[0] != -1) {
1036 static int cg_read(const char *path
, char *buf
, size_t size
, off_t offset
,
1037 struct fuse_file_info
*fi
)
1039 struct fuse_context
*fc
= fuse_get_context();
1040 struct file_info
*f
= (struct file_info
*)fi
->fh
;
1041 nih_local
struct cgm_keys
*k
= NULL
;
1043 if (f
->type
!= LXC_TYPE_CGFILE
) {
1044 fprintf(stderr
, "Internal error: directory cache info used in cg_read\n");
1057 if ((k
= get_cgroup_key(f
->controller
, f
->cgroup
, f
->file
)) != NULL
) {
1058 nih_local
char *data
= NULL
;
1062 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_RDONLY
))
1063 // should never get here
1066 if (strcmp(f
->file
, "tasks") == 0 ||
1067 strcmp(f
->file
, "/tasks") == 0 ||
1068 strcmp(f
->file
, "/cgroup.procs") == 0 ||
1069 strcmp(f
->file
, "cgroup.procs") == 0)
1070 // special case - we have to translate the pids
1071 r
= do_read_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, &data
);
1073 r
= cgm_get_value(f
->controller
, f
->cgroup
, f
->file
, &data
);
1083 memcpy(buf
, data
, s
);
1084 if (s
> 0 && s
< size
&& data
[s
-1] != '\n')
1093 static void pid_from_ns(int sock
, pid_t tpid
)
1109 ret
= select(sock
+1, &s
, NULL
, NULL
, &tv
);
1111 fprintf(stderr
, "%s: bad select before read from parent: %s\n",
1112 __func__
, strerror(errno
));
1115 if ((ret
= read(sock
, &vpid
, sizeof(pid_t
))) != sizeof(pid_t
)) {
1116 fprintf(stderr
, "%s: bad read from parent: %s\n",
1117 __func__
, strerror(errno
));
1120 if (vpid
== -1) // done
1124 if (send_creds(sock
, &cred
, v
, true) != SEND_CREDS_OK
) {
1126 cred
.pid
= getpid();
1127 if (send_creds(sock
, &cred
, v
, false) != SEND_CREDS_OK
)
1134 static void pid_from_ns_wrapper(int sock
, pid_t tpid
)
1136 int newnsfd
= -1, ret
, cpipe
[2];
1143 sprintf(fnam
, "/proc/%d/ns/pid", tpid
);
1144 newnsfd
= open(fnam
, O_RDONLY
);
1147 if (setns(newnsfd
, 0) < 0)
1151 if (pipe(cpipe
) < 0)
1163 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
1164 fprintf(stderr
, "%s (child): erorr on write: %s\n",
1165 __func__
, strerror(errno
));
1168 pid_from_ns(sock
, tpid
);
1171 // give the child 1 second to be done forking and
1174 FD_SET(cpipe
[0], &s
);
1177 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
1180 ret
= read(cpipe
[0], &v
, 1);
1181 if (ret
!= sizeof(char) || v
!= '1') {
1185 if (!wait_for_pid(cpid
))
1190 kill(cpid
, SIGKILL
);
1195 static bool do_write_pids(pid_t tpid
, const char *contrl
, const char *cg
, const char *file
, const char *buf
)
1197 int sock
[2] = {-1, -1};
1198 pid_t qpid
, cpid
= -1;
1199 bool answer
= false, fail
= false;
1202 * write the pids to a socket, have helper in writer's pidns
1203 * call movepid for us
1205 if (socketpair(AF_UNIX
, SOCK_DGRAM
, 0, sock
) < 0) {
1206 perror("socketpair");
1215 pid_from_ns_wrapper(sock
[1], tpid
);
1217 const char *ptr
= buf
;
1218 while (sscanf(ptr
, "%d", &qpid
) == 1) {
1222 if (write(sock
[0], &qpid
, sizeof(qpid
)) != sizeof(qpid
)) {
1223 fprintf(stderr
, "%s: error writing pid to child: %s\n",
1224 __func__
, strerror(errno
));
1228 if (recv_creds(sock
[0], &cred
, &v
)) {
1230 if (!cgm_move_pid(contrl
, cg
, cred
.pid
))
1235 ptr
= strchr(ptr
, '\n');
1241 /* All good, write the value */
1243 if (write(sock
[0], &qpid
,sizeof(qpid
)) != sizeof(qpid
))
1244 fprintf(stderr
, "Warning: failed to ask child to exit\n");
1252 if (sock
[0] != -1) {
1259 int cg_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
1260 struct fuse_file_info
*fi
)
1262 struct fuse_context
*fc
= fuse_get_context();
1263 nih_local
char *localbuf
= NULL
;
1264 nih_local
struct cgm_keys
*k
= NULL
;
1265 struct file_info
*f
= (struct file_info
*)fi
->fh
;
1267 if (f
->type
!= LXC_TYPE_CGFILE
) {
1268 fprintf(stderr
, "Internal error: directory cache info used in cg_write\n");
1278 localbuf
= NIH_MUST( nih_alloc(NULL
, size
+1) );
1279 localbuf
[size
] = '\0';
1280 memcpy(localbuf
, buf
, size
);
1282 if ((k
= get_cgroup_key(f
->controller
, f
->cgroup
, f
->file
)) != NULL
) {
1285 if (!fc_may_access(fc
, f
->controller
, f
->cgroup
, f
->file
, O_WRONLY
))
1288 if (strcmp(f
->file
, "tasks") == 0 ||
1289 strcmp(f
->file
, "/tasks") == 0 ||
1290 strcmp(f
->file
, "/cgroup.procs") == 0 ||
1291 strcmp(f
->file
, "cgroup.procs") == 0)
1292 // special case - we have to translate the pids
1293 r
= do_write_pids(fc
->pid
, f
->controller
, f
->cgroup
, f
->file
, localbuf
);
1295 r
= cgm_set_value(f
->controller
, f
->cgroup
, f
->file
, localbuf
);
1306 int cg_chown(const char *path
, uid_t uid
, gid_t gid
)
1308 struct fuse_context
*fc
= fuse_get_context();
1309 nih_local
char * cgdir
= NULL
;
1310 char *fpath
= NULL
, *path1
, *path2
;
1311 nih_local
struct cgm_keys
*k
= NULL
;
1313 nih_local
char *controller
= NULL
;
1319 if (strcmp(path
, "/cgroup") == 0)
1322 controller
= pick_controller_from_path(fc
, path
);
1325 cgroup
= find_cgroup_in_path(path
);
1327 /* this is just /cgroup/controller */
1330 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1340 if (is_child_cgroup(controller
, path1
, path2
)) {
1341 // get uid, gid, from '/tasks' file and make up a mode
1342 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1343 k
= get_cgroup_key(controller
, cgroup
, "tasks");
1346 k
= get_cgroup_key(controller
, path1
, path2
);
1352 * This being a fuse request, the uid and gid must be valid
1353 * in the caller's namespace. So we can just check to make
1354 * sure that the caller is root in his uid, and privileged
1355 * over the file's current owner.
1357 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_REQD
))
1360 if (!cgm_chown_file(controller
, cgroup
, uid
, gid
))
1365 int cg_chmod(const char *path
, mode_t mode
)
1367 struct fuse_context
*fc
= fuse_get_context();
1368 nih_local
char * cgdir
= NULL
;
1369 char *fpath
= NULL
, *path1
, *path2
;
1370 nih_local
struct cgm_keys
*k
= NULL
;
1372 nih_local
char *controller
= NULL
;
1377 if (strcmp(path
, "/cgroup") == 0)
1380 controller
= pick_controller_from_path(fc
, path
);
1383 cgroup
= find_cgroup_in_path(path
);
1385 /* this is just /cgroup/controller */
1388 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1398 if (is_child_cgroup(controller
, path1
, path2
)) {
1399 // get uid, gid, from '/tasks' file and make up a mode
1400 // That is a hack, until cgmanager gains a GetCgroupPerms fn.
1401 k
= get_cgroup_key(controller
, cgroup
, "tasks");
1404 k
= get_cgroup_key(controller
, path1
, path2
);
1410 * This being a fuse request, the uid and gid must be valid
1411 * in the caller's namespace. So we can just check to make
1412 * sure that the caller is root in his uid, and privileged
1413 * over the file's current owner.
1415 if (!is_privileged_over(fc
->pid
, fc
->uid
, k
->uid
, NS_ROOT_OPT
))
1418 if (!cgm_chmod_file(controller
, cgroup
, mode
))
1423 int cg_mkdir(const char *path
, mode_t mode
)
1425 struct fuse_context
*fc
= fuse_get_context();
1426 nih_local
struct cgm_keys
**list
= NULL
;
1427 char *fpath
= NULL
, *path1
;
1428 nih_local
char * cgdir
= NULL
;
1430 nih_local
char *controller
= NULL
;
1436 controller
= pick_controller_from_path(fc
, path
);
1440 cgroup
= find_cgroup_in_path(path
);
1444 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1450 if (!fc_may_access(fc
, controller
, path1
, NULL
, O_RDWR
))
1454 if (!cgm_create(controller
, cgroup
, fc
->uid
, fc
->gid
))
1460 static int cg_rmdir(const char *path
)
1462 struct fuse_context
*fc
= fuse_get_context();
1463 nih_local
struct cgm_keys
**list
= NULL
;
1465 nih_local
char * cgdir
= NULL
;
1467 nih_local
char *controller
= NULL
;
1473 controller
= pick_controller_from_path(fc
, path
);
1477 cgroup
= find_cgroup_in_path(path
);
1481 get_cgdir_and_path(cgroup
, &cgdir
, &fpath
);
1485 if (!fc_may_access(fc
, controller
, cgdir
, NULL
, O_WRONLY
))
1488 if (!cgm_remove(controller
, cgroup
))
1494 static bool startswith(const char *line
, const char *pref
)
1496 if (strncmp(line
, pref
, strlen(pref
)) == 0)
1501 static void get_mem_cached(char *memstat
, unsigned long *v
)
1507 if (startswith(memstat
, "total_cache")) {
1508 sscanf(memstat
+ 11, "%lu", v
);
1512 eol
= strchr(memstat
, '\n');
1519 static void get_blkio_io_value(char *str
, unsigned major
, unsigned minor
, char *iotype
, unsigned long *v
)
1525 snprintf(key
, 32, "%u:%u %s", major
, minor
, iotype
);
1527 size_t len
= strlen(key
);
1531 if (startswith(str
, key
)) {
1532 sscanf(str
+ len
, "%lu", v
);
1535 eol
= strchr(str
, '\n');
1542 static char *get_pid_cgroup(pid_t pid
, const char *contrl
)
1544 nih_local
char *fnam
= NULL
;
1546 char *answer
= NULL
;
1550 fnam
= NIH_MUST( nih_sprintf(NULL
, "/proc/%d/cgroup", pid
) );
1551 if (!(f
= fopen(fnam
, "r")))
1554 while (getline(&line
, &len
, f
) != -1) {
1558 c1
= strchr(line
, ':');
1562 c2
= strchr(c1
, ':');
1566 if (strcmp(c1
, contrl
) != 0)
1570 answer
= NIH_MUST( nih_strdup(NULL
, c2
) );
1581 * FUSE ops for /proc
1584 static int proc_meminfo_read(char *buf
, size_t size
, off_t offset
,
1585 struct fuse_file_info
*fi
)
1587 struct fuse_context
*fc
= fuse_get_context();
1588 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1589 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "memory");
1590 nih_local
char *memlimit_str
= NULL
, *memusage_str
= NULL
, *memstat_str
= NULL
;
1591 unsigned long memlimit
= 0, memusage
= 0, cached
= 0, hosttotal
= 0;
1593 size_t linelen
= 0, total_len
= 0;
1594 char *cache
= d
->buf
;
1595 size_t cache_size
= d
->buflen
;
1599 if (offset
> d
->size
)
1601 int left
= d
->size
- offset
;
1602 total_len
= left
> size
? size
: left
;
1603 memcpy(buf
, cache
+ offset
, total_len
);
1610 if (!cgm_get_value("memory", cg
, "memory.limit_in_bytes", &memlimit_str
))
1612 if (!cgm_get_value("memory", cg
, "memory.usage_in_bytes", &memusage_str
))
1614 if (!cgm_get_value("memory", cg
, "memory.stat", &memstat_str
))
1616 memlimit
= strtoul(memlimit_str
, NULL
, 10);
1617 memusage
= strtoul(memusage_str
, NULL
, 10);
1620 get_mem_cached(memstat_str
, &cached
);
1622 f
= fopen("/proc/meminfo", "r");
1626 while (getline(&line
, &linelen
, f
) != -1) {
1628 char *printme
, lbuf
[100];
1630 memset(lbuf
, 0, 100);
1631 if (startswith(line
, "MemTotal:")) {
1632 sscanf(line
+14, "%lu", &hosttotal
);
1633 if (hosttotal
< memlimit
)
1634 memlimit
= hosttotal
;
1635 snprintf(lbuf
, 100, "MemTotal: %8lu kB\n", memlimit
);
1637 } else if (startswith(line
, "MemFree:")) {
1638 snprintf(lbuf
, 100, "MemFree: %8lu kB\n", memlimit
- memusage
);
1640 } else if (startswith(line
, "MemAvailable:")) {
1641 snprintf(lbuf
, 100, "MemAvailable: %8lu kB\n", memlimit
- memusage
);
1643 } else if (startswith(line
, "Buffers:")) {
1644 snprintf(lbuf
, 100, "Buffers: %8lu kB\n", 0UL);
1646 } else if (startswith(line
, "Cached:")) {
1647 snprintf(lbuf
, 100, "Cached: %8lu kB\n", cached
);
1649 } else if (startswith(line
, "SwapCached:")) {
1650 snprintf(lbuf
, 100, "SwapCached: %8lu kB\n", 0UL);
1655 l
= snprintf(cache
, cache_size
, "%s", printme
);
1661 d
->size
= total_len
;
1662 if (total_len
> size
) total_len
= size
;
1663 memcpy(buf
, d
->buf
, total_len
);
1671 * Read the cpuset.cpus for cg
1672 * Return the answer in a nih_alloced string
1674 static char *get_cpuset(const char *cg
)
1678 if (!cgm_get_value("cpuset", cg
, "cpuset.cpus", &answer
))
1684 * Helper functions for cpuset_in-set
1686 char *cpuset_nexttok(const char *c
)
1688 char *r
= strchr(c
+1, ',');
1694 int cpuset_getrange(const char *c
, int *a
, int *b
)
1698 ret
= sscanf(c
, "%d-%d", a
, b
);
1703 * cpusets are in format "1,2-3,4"
1704 * iow, comma-delimited ranges
1706 static bool cpu_in_cpuset(int cpu
, const char *cpuset
)
1710 for (c
= cpuset
; c
; c
= cpuset_nexttok(c
)) {
1713 ret
= cpuset_getrange(c
, &a
, &b
);
1714 if (ret
== 1 && cpu
== a
)
1716 if (ret
!= 2) // bad cpuset!
1718 if (cpu
>= a
&& cpu
<= b
)
1725 static bool cpuline_in_cpuset(const char *line
, const char *cpuset
)
1729 if (sscanf(line
, "processor : %d", &cpu
) != 1)
1731 return cpu_in_cpuset(cpu
, cpuset
);
1735 * check whether this is a '^processor" line in /proc/cpuinfo
1737 static bool is_processor_line(const char *line
)
1741 if (sscanf(line
, "processor : %d", &cpu
) == 1)
1746 static int proc_cpuinfo_read(char *buf
, size_t size
, off_t offset
,
1747 struct fuse_file_info
*fi
)
1749 struct fuse_context
*fc
= fuse_get_context();
1750 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1751 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "cpuset");
1752 nih_local
char *cpuset
= NULL
;
1754 size_t linelen
= 0, total_len
= 0;
1755 bool am_printing
= false;
1757 char *cache
= d
->buf
;
1758 size_t cache_size
= d
->buflen
;
1762 if (offset
> d
->size
)
1764 int left
= d
->size
- offset
;
1765 total_len
= left
> size
? size
: left
;
1766 memcpy(buf
, cache
+ offset
, total_len
);
1773 cpuset
= get_cpuset(cg
);
1777 f
= fopen("/proc/cpuinfo", "r");
1781 while (getline(&line
, &linelen
, f
) != -1) {
1783 if (is_processor_line(line
)) {
1784 am_printing
= cpuline_in_cpuset(line
, cpuset
);
1787 l
= snprintf(cache
, cache_size
, "processor : %d\n", curcpu
);
1788 if (l
< cache_size
){
1793 cache
+= cache_size
;
1794 total_len
+= cache_size
;
1802 l
= snprintf(cache
, cache_size
, "%s", line
);
1803 if (l
< cache_size
) {
1808 cache
+= cache_size
;
1809 total_len
+= cache_size
;
1816 d
->size
= total_len
;
1817 if (total_len
> size
) total_len
= size
;
1819 /* read from off 0 */
1820 memcpy(buf
, d
->buf
, total_len
);
1827 static int proc_stat_read(char *buf
, size_t size
, off_t offset
,
1828 struct fuse_file_info
*fi
)
1830 struct fuse_context
*fc
= fuse_get_context();
1831 struct file_info
*d
= (struct file_info
*)fi
->fh
;
1832 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "cpuset");
1833 nih_local
char *cpuset
= NULL
;
1835 size_t linelen
= 0, total_len
= 0;
1836 int curcpu
= -1; /* cpu numbering starts at 0 */
1837 unsigned long user
= 0, nice
= 0, system
= 0, idle
= 0, iowait
= 0, irq
= 0, softirq
= 0, steal
= 0, guest
= 0;
1838 unsigned long user_sum
= 0, nice_sum
= 0, system_sum
= 0, idle_sum
= 0, iowait_sum
= 0,
1839 irq_sum
= 0, softirq_sum
= 0, steal_sum
= 0, guest_sum
= 0;
1840 #define CPUALL_MAX_SIZE BUF_RESERVE_SIZE
1841 char cpuall
[CPUALL_MAX_SIZE
];
1842 /* reserve for cpu all */
1843 char *cache
= d
->buf
+ CPUALL_MAX_SIZE
;
1844 size_t cache_size
= d
->buflen
- CPUALL_MAX_SIZE
;
1848 if (offset
> d
->size
)
1850 int left
= d
->size
- offset
;
1851 total_len
= left
> size
? size
: left
;
1852 memcpy(buf
, d
->buf
+ offset
, total_len
);
1859 cpuset
= get_cpuset(cg
);
1863 f
= fopen("/proc/stat", "r");
1868 if (getline(&line
, &linelen
, f
) < 0) {
1869 fprintf(stderr
, "proc_stat_read read first line failed\n");
1873 while (getline(&line
, &linelen
, f
) != -1) {
1876 char cpu_char
[10]; /* That's a lot of cores */
1879 if (sscanf(line
, "cpu%9[^ ]", cpu_char
) != 1) {
1880 /* not a ^cpuN line containing a number N, just print it */
1881 l
= snprintf(cache
, cache_size
, "%s", line
);
1882 if (l
< cache_size
){
1888 //no more space, break it
1889 cache
+= cache_size
;
1890 total_len
+= cache_size
;
1896 if (sscanf(cpu_char
, "%d", &cpu
) != 1)
1898 if (!cpu_in_cpuset(cpu
, cpuset
))
1902 c
= strchr(line
, ' ');
1905 l
= snprintf(cache
, cache_size
, "cpu%d%s", curcpu
, c
);
1910 if (sscanf(line
, "%*s %lu %lu %lu %lu %lu %lu %lu %lu %lu", &user
, &nice
, &system
, &idle
, &iowait
, &irq
,
1911 &softirq
, &steal
, &guest
) != 9)
1915 system_sum
+= system
;
1917 iowait_sum
+= iowait
;
1919 softirq_sum
+= softirq
;
1926 int cpuall_len
= snprintf(cpuall
, CPUALL_MAX_SIZE
, "%s %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
1927 "cpu ", user_sum
, nice_sum
, system_sum
, idle_sum
, iowait_sum
, irq_sum
, softirq_sum
, steal_sum
, guest_sum
);
1928 if (cpuall_len
> 0 && cpuall_len
< CPUALL_MAX_SIZE
){
1929 memcpy(cache
, cpuall
, cpuall_len
);
1930 cache
+= cpuall_len
;
1932 /* shouldn't happen */
1933 fprintf(stderr
, "proc_stat_read copy cpuall failed, cpuall_len=%d\n", cpuall_len
);
1937 memmove(cache
, d
->buf
+ CPUALL_MAX_SIZE
, total_len
);
1938 total_len
+= cpuall_len
;
1939 d
->size
= total_len
;
1940 if (total_len
> size
) total_len
= size
;
1942 memcpy(buf
, d
->buf
, total_len
);
1950 * How to guess what to present for uptime?
1951 * One thing we could do would be to take the date on the caller's
1952 * memory.usage_in_bytes file, which should equal the time of creation
1953 * of his cgroup. However, a task could be in a sub-cgroup of the
1954 * container. The same problem exists if we try to look at the ages
1955 * of processes in the caller's cgroup.
1957 * So we'll fork a task that will enter the caller's pidns, mount a
1958 * fresh procfs, get the age of /proc/1, and pass that back over a pipe.
1960 * For the second uptime #, we'll do as Stéphane had done, just copy
1961 * the number from /proc/uptime. Not sure how to best emulate 'idle'
1962 * time. Maybe someone can come up with a good algorithm and submit a
1963 * patch. Maybe something based on cpushare info?
1966 /* return age of the reaper for $pid, taken from ctime of its procdir */
1967 static long int get_pid1_time(pid_t pid
)
1970 int fd
, cpipe
[2], ret
;
1977 if (unshare(CLONE_NEWNS
))
1980 if (mount(NULL
, "/", NULL
, MS_SLAVE
|MS_REC
, NULL
)) {
1981 perror("rslave mount failed");
1985 sprintf(fnam
, "/proc/%d/ns/pid", pid
);
1986 fd
= open(fnam
, O_RDONLY
);
1988 perror("get_pid1_time open of ns/pid");
1992 perror("get_pid1_time setns 1");
1998 if (pipe(cpipe
) < 0)
2009 if (write(cpipe
[1], &b
, sizeof(char)) < 0) {
2010 fprintf(stderr
, "%s (child): erorr on write: %s\n",
2011 __func__
, strerror(errno
));
2014 umount2("/proc", MNT_DETACH
);
2015 if (mount("proc", "/proc", "proc", 0, NULL
)) {
2016 perror("get_pid1_time mount");
2019 ret
= lstat("/proc/1", &sb
);
2021 perror("get_pid1_time lstat");
2024 return time(NULL
) - sb
.st_ctime
;
2027 // give the child 1 second to be done forking and
2030 FD_SET(cpipe
[0], &s
);
2033 ret
= select(cpipe
[0]+1, &s
, NULL
, NULL
, &tv
);
2036 ret
= read(cpipe
[0], &v
, 1);
2037 if (ret
!= sizeof(char) || v
!= '1') {
2045 kill(cpid
, SIGKILL
);
2050 static long int getreaperage(pid_t qpid
)
2052 int pid
, mypipe
[2], ret
;
2055 long int mtime
, answer
= 0;
2063 if (!pid
) { // child
2064 mtime
= get_pid1_time(qpid
);
2065 if (write(mypipe
[1], &mtime
, sizeof(mtime
)) != sizeof(mtime
))
2066 fprintf(stderr
, "Warning: bad write from getreaperage\n");
2072 FD_SET(mypipe
[0], &s
);
2075 ret
= select(mypipe
[0]+1, &s
, NULL
, NULL
, &tv
);
2081 fprintf(stderr
, "timed out\n");
2084 if (read(mypipe
[0], &mtime
, sizeof(mtime
)) != sizeof(mtime
)) {
2096 static long int getprocidle(void)
2098 FILE *f
= fopen("/proc/uptime", "r");
2103 ret
= fscanf(f
, "%ld %ld", &age
, &idle
);
2111 * We read /proc/uptime and reuse its second field.
2112 * For the first field, we use the mtime for the reaper for
2113 * the calling pid as returned by getreaperage
2115 static int proc_uptime_read(char *buf
, size_t size
, off_t offset
,
2116 struct fuse_file_info
*fi
)
2118 struct fuse_context
*fc
= fuse_get_context();
2119 struct file_info
*d
= (struct file_info
*)fi
->fh
;
2120 long int reaperage
= getreaperage(fc
->pid
);;
2121 long int idletime
= getprocidle();
2122 size_t total_len
= 0;
2125 if (offset
> d
->size
)
2130 total_len
= snprintf(buf
, size
, "%ld %ld\n", reaperage
, idletime
);
2131 d
->size
= total_len
;
2135 static int proc_diskstats_read(char *buf
, size_t size
, off_t offset
,
2136 struct fuse_file_info
*fi
)
2139 struct fuse_context
*fc
= fuse_get_context();
2140 struct file_info
*d
= (struct file_info
*)fi
->fh
;
2141 nih_local
char *cg
= get_pid_cgroup(fc
->pid
, "blkio");
2142 nih_local
char *io_serviced_str
= NULL
, *io_merged_str
= NULL
, *io_service_bytes_str
= NULL
,
2143 *io_wait_time_str
= NULL
, *io_service_time_str
= NULL
;
2144 unsigned long read
= 0, write
= 0;
2145 unsigned long read_merged
= 0, write_merged
= 0;
2146 unsigned long read_sectors
= 0, write_sectors
= 0;
2147 unsigned long read_ticks
= 0, write_ticks
= 0;
2148 unsigned long ios_pgr
= 0, tot_ticks
= 0, rq_ticks
= 0;
2149 unsigned long rd_svctm
= 0, wr_svctm
= 0, rd_wait
= 0, wr_wait
= 0;
2151 size_t linelen
= 0, total_len
= 0;
2152 unsigned int major
= 0, minor
= 0;
2157 if (offset
> d
->size
)
2165 if (!cgm_get_value("blkio", cg
, "blkio.io_serviced", &io_serviced_str
))
2167 if (!cgm_get_value("blkio", cg
, "blkio.io_merged", &io_merged_str
))
2169 if (!cgm_get_value("blkio", cg
, "blkio.io_service_bytes", &io_service_bytes_str
))
2171 if (!cgm_get_value("blkio", cg
, "blkio.io_wait_time", &io_wait_time_str
))
2173 if (!cgm_get_value("blkio", cg
, "blkio.io_service_time", &io_service_time_str
))
2177 f
= fopen("/proc/diskstats", "r");
2181 while (getline(&line
, &linelen
, f
) != -1) {
2183 char *printme
, lbuf
[256];
2185 i
= sscanf(line
, "%u %u %s", &major
, &minor
, dev_name
);
2187 get_blkio_io_value(io_serviced_str
, major
, minor
, "Read", &read
);
2188 get_blkio_io_value(io_serviced_str
, major
, minor
, "Write", &write
);
2189 get_blkio_io_value(io_merged_str
, major
, minor
, "Read", &read_merged
);
2190 get_blkio_io_value(io_merged_str
, major
, minor
, "Write", &write_merged
);
2191 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Read", &read_sectors
);
2192 read_sectors
= read_sectors
/512;
2193 get_blkio_io_value(io_service_bytes_str
, major
, minor
, "Write", &write_sectors
);
2194 write_sectors
= write_sectors
/512;
2196 get_blkio_io_value(io_service_time_str
, major
, minor
, "Read", &rd_svctm
);
2197 rd_svctm
= rd_svctm
/1000000;
2198 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Read", &rd_wait
);
2199 rd_wait
= rd_wait
/1000000;
2200 read_ticks
= rd_svctm
+ rd_wait
;
2202 get_blkio_io_value(io_service_time_str
, major
, minor
, "Write", &wr_svctm
);
2203 wr_svctm
= wr_svctm
/1000000;
2204 get_blkio_io_value(io_wait_time_str
, major
, minor
, "Write", &wr_wait
);
2205 wr_wait
= wr_wait
/1000000;
2206 write_ticks
= wr_svctm
+ wr_wait
;
2208 get_blkio_io_value(io_service_time_str
, major
, minor
, "Total", &tot_ticks
);
2209 tot_ticks
= tot_ticks
/1000000;
2214 memset(lbuf
, 0, 256);
2215 if (read
|| write
|| read_merged
|| write_merged
|| read_sectors
|| write_sectors
|| read_ticks
|| write_ticks
) {
2216 snprintf(lbuf
, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
2217 major
, minor
, dev_name
, read
, read_merged
, read_sectors
, read_ticks
,
2218 write
, write_merged
, write_sectors
, write_ticks
, ios_pgr
, tot_ticks
, rq_ticks
);
2223 l
= snprintf(buf
, size
, "%s", printme
);
2229 d
->size
= total_len
;
2236 static off_t
get_procfile_size(const char *which
)
2238 FILE *f
= fopen(which
, "r");
2241 ssize_t sz
, answer
= 0;
2245 while ((sz
= getline(&line
, &len
, f
)) != -1)
2253 static int proc_getattr(const char *path
, struct stat
*sb
)
2255 struct timespec now
;
2257 memset(sb
, 0, sizeof(struct stat
));
2258 if (clock_gettime(CLOCK_REALTIME
, &now
) < 0)
2260 sb
->st_uid
= sb
->st_gid
= 0;
2261 sb
->st_atim
= sb
->st_mtim
= sb
->st_ctim
= now
;
2262 if (strcmp(path
, "/proc") == 0) {
2263 sb
->st_mode
= S_IFDIR
| 00555;
2267 if (strcmp(path
, "/proc/meminfo") == 0 ||
2268 strcmp(path
, "/proc/cpuinfo") == 0 ||
2269 strcmp(path
, "/proc/uptime") == 0 ||
2270 strcmp(path
, "/proc/stat") == 0 ||
2271 strcmp(path
, "/proc/diskstats") == 0) {
2273 sb
->st_mode
= S_IFREG
| 00444;
2281 static int proc_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
2282 struct fuse_file_info
*fi
)
2284 if (filler(buf
, "cpuinfo", NULL
, 0) != 0 ||
2285 filler(buf
, "meminfo", NULL
, 0) != 0 ||
2286 filler(buf
, "stat", NULL
, 0) != 0 ||
2287 filler(buf
, "uptime", NULL
, 0) != 0 ||
2288 filler(buf
, "diskstats", NULL
, 0) != 0)
2293 static int proc_open(const char *path
, struct fuse_file_info
*fi
)
2296 struct file_info
*info
;
2298 if (strcmp(path
, "/proc/meminfo") == 0)
2299 type
= LXC_TYPE_PROC_MEMINFO
;
2300 else if (strcmp(path
, "/proc/cpuinfo") == 0)
2301 type
= LXC_TYPE_PROC_CPUINFO
;
2302 else if (strcmp(path
, "/proc/uptime") == 0)
2303 type
= LXC_TYPE_PROC_UPTIME
;
2304 else if (strcmp(path
, "/proc/stat") == 0)
2305 type
= LXC_TYPE_PROC_STAT
;
2306 else if (strcmp(path
, "/proc/diskstats") == 0)
2307 type
= LXC_TYPE_PROC_DISKSTATS
;
2311 info
= NIH_MUST( nih_alloc(NULL
, sizeof(*info
)) );
2312 memset(info
, 0, sizeof(*info
));
2315 info
->buflen
= get_procfile_size(path
) + BUF_RESERVE_SIZE
;
2316 info
->buf
= NIH_MUST( nih_alloc(info
, info
->buflen
) );
2317 memset(info
->buf
, 0, info
->buflen
);
2318 /* set actual size to buffer size */
2319 info
->size
= info
->buflen
;
2321 fi
->fh
= (unsigned long)info
;
2325 static int proc_release(const char *path
, struct fuse_file_info
*fi
)
2327 struct file_info
*f
= (struct file_info
*)fi
->fh
;
2329 do_release_file_info(f
);
2333 static int proc_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2334 struct fuse_file_info
*fi
)
2336 struct file_info
*f
= (struct file_info
*) fi
->fh
;
2339 case LXC_TYPE_PROC_MEMINFO
:
2340 return proc_meminfo_read(buf
, size
, offset
, fi
);
2341 case LXC_TYPE_PROC_CPUINFO
:
2342 return proc_cpuinfo_read(buf
, size
, offset
, fi
);
2343 case LXC_TYPE_PROC_UPTIME
:
2344 return proc_uptime_read(buf
, size
, offset
, fi
);
2345 case LXC_TYPE_PROC_STAT
:
2346 return proc_stat_read(buf
, size
, offset
, fi
);
2347 case LXC_TYPE_PROC_DISKSTATS
:
2348 return proc_diskstats_read(buf
, size
, offset
, fi
);
2356 * these just delegate to the /proc and /cgroup ops as
2360 static int lxcfs_getattr(const char *path
, struct stat
*sb
)
2362 if (strcmp(path
, "/") == 0) {
2363 sb
->st_mode
= S_IFDIR
| 00755;
2367 if (strncmp(path
, "/cgroup", 7) == 0) {
2368 return cg_getattr(path
, sb
);
2370 if (strncmp(path
, "/proc", 5) == 0) {
2371 return proc_getattr(path
, sb
);
2376 static int lxcfs_opendir(const char *path
, struct fuse_file_info
*fi
)
2378 if (strcmp(path
, "/") == 0)
2381 if (strncmp(path
, "/cgroup", 7) == 0) {
2382 return cg_opendir(path
, fi
);
2384 if (strcmp(path
, "/proc") == 0)
2389 static int lxcfs_readdir(const char *path
, void *buf
, fuse_fill_dir_t filler
, off_t offset
,
2390 struct fuse_file_info
*fi
)
2392 if (strcmp(path
, "/") == 0) {
2393 if (filler(buf
, "proc", NULL
, 0) != 0 ||
2394 filler(buf
, "cgroup", NULL
, 0) != 0)
2398 if (strncmp(path
, "/cgroup", 7) == 0)
2399 return cg_readdir(path
, buf
, filler
, offset
, fi
);
2400 if (strcmp(path
, "/proc") == 0)
2401 return proc_readdir(path
, buf
, filler
, offset
, fi
);
2405 static int lxcfs_releasedir(const char *path
, struct fuse_file_info
*fi
)
2407 if (strcmp(path
, "/") == 0)
2409 if (strncmp(path
, "/cgroup", 7) == 0) {
2410 return cg_releasedir(path
, fi
);
2412 if (strcmp(path
, "/proc") == 0)
2417 static int lxcfs_open(const char *path
, struct fuse_file_info
*fi
)
2419 if (strncmp(path
, "/cgroup", 7) == 0)
2420 return cg_open(path
, fi
);
2421 if (strncmp(path
, "/proc", 5) == 0)
2422 return proc_open(path
, fi
);
2427 static int lxcfs_read(const char *path
, char *buf
, size_t size
, off_t offset
,
2428 struct fuse_file_info
*fi
)
2430 if (strncmp(path
, "/cgroup", 7) == 0)
2431 return cg_read(path
, buf
, size
, offset
, fi
);
2432 if (strncmp(path
, "/proc", 5) == 0)
2433 return proc_read(path
, buf
, size
, offset
, fi
);
2438 int lxcfs_write(const char *path
, const char *buf
, size_t size
, off_t offset
,
2439 struct fuse_file_info
*fi
)
2441 if (strncmp(path
, "/cgroup", 7) == 0) {
2442 return cg_write(path
, buf
, size
, offset
, fi
);
2448 static int lxcfs_flush(const char *path
, struct fuse_file_info
*fi
)
2453 static int lxcfs_release(const char *path
, struct fuse_file_info
*fi
)
2455 if (strncmp(path
, "/cgroup", 7) == 0)
2456 return cg_release(path
, fi
);
2457 if (strncmp(path
, "/proc", 5) == 0)
2458 return proc_release(path
, fi
);
2463 static int lxcfs_fsync(const char *path
, int datasync
, struct fuse_file_info
*fi
)
2468 int lxcfs_mkdir(const char *path
, mode_t mode
)
2470 if (strncmp(path
, "/cgroup", 7) == 0)
2471 return cg_mkdir(path
, mode
);
2476 int lxcfs_chown(const char *path
, uid_t uid
, gid_t gid
)
2478 if (strncmp(path
, "/cgroup", 7) == 0)
2479 return cg_chown(path
, uid
, gid
);
2485 * cat first does a truncate before doing ops->write. This doesn't
2486 * really make sense for cgroups. So just return 0 always but do
2489 int lxcfs_truncate(const char *path
, off_t newsize
)
2491 if (strncmp(path
, "/cgroup", 7) == 0)
2496 int lxcfs_rmdir(const char *path
)
2498 if (strncmp(path
, "/cgroup", 7) == 0)
2499 return cg_rmdir(path
);
2503 int lxcfs_chmod(const char *path
, mode_t mode
)
2505 if (strncmp(path
, "/cgroup", 7) == 0)
2506 return cg_chmod(path
, mode
);
2510 const struct fuse_operations lxcfs_ops
= {
2511 .getattr
= lxcfs_getattr
,
2515 .mkdir
= lxcfs_mkdir
,
2517 .rmdir
= lxcfs_rmdir
,
2521 .chmod
= lxcfs_chmod
,
2522 .chown
= lxcfs_chown
,
2523 .truncate
= lxcfs_truncate
,
2528 .release
= lxcfs_release
,
2529 .write
= lxcfs_write
,
2532 .flush
= lxcfs_flush
,
2533 .fsync
= lxcfs_fsync
,
2538 .removexattr
= NULL
,
2540 .opendir
= lxcfs_opendir
,
2541 .readdir
= lxcfs_readdir
,
2542 .releasedir
= lxcfs_releasedir
,
2553 static void usage(const char *me
)
2555 fprintf(stderr
, "Usage:\n");
2556 fprintf(stderr
, "\n");
2557 fprintf(stderr
, "%s mountpoint\n", me
);
2558 fprintf(stderr
, "%s -h\n", me
);
2562 static bool is_help(char *w
)
2564 if (strcmp(w
, "-h") == 0 ||
2565 strcmp(w
, "--help") == 0 ||
2566 strcmp(w
, "-help") == 0 ||
2567 strcmp(w
, "help") == 0)
2572 void swallow_arg(int *argcp
, char *argv
[], char *which
)
2576 for (i
= 1; argv
[i
]; i
++) {
2577 if (strcmp(argv
[i
], which
) != 0)
2579 for (; argv
[i
]; i
++) {
2580 argv
[i
] = argv
[i
+1];
2587 void swallow_option(int *argcp
, char *argv
[], char *opt
, char *v
)
2591 for (i
= 1; argv
[i
]; i
++) {
2594 if (strcmp(argv
[i
], opt
) != 0)
2596 if (strcmp(argv
[i
+1], v
) != 0) {
2597 fprintf(stderr
, "Warning: unexpected fuse option %s\n", v
);
2600 for (; argv
[i
+1]; i
++) {
2601 argv
[i
] = argv
[i
+2];
2608 int main(int argc
, char *argv
[])
2611 struct lxcfs_state
*d
;
2613 * what we pass to fuse_main is:
2614 * argv[0] -s -f -o allow_other,directio argv[1] NULL
2619 /* accomodate older init scripts */
2620 swallow_arg(&argc
, argv
, "-s");
2621 swallow_arg(&argc
, argv
, "-f");
2622 swallow_option(&argc
, argv
, "-o", "allow_other");
2624 if (argc
!= 2 || is_help(argv
[1]))
2627 d
= NIH_MUST( malloc(sizeof(*d
)) );
2629 newargv
[0] = argv
[0];
2633 newargv
[4] = "allow_other,direct_io";
2634 newargv
[5] = argv
[1];
2637 if (!cgm_escape_cgroup())
2638 fprintf(stderr
, "WARNING: failed to escape to root cgroup\n");
2640 if (!cgm_get_controllers(&d
->subsystems
))
2643 ret
= fuse_main(NARGS
- 1, newargv
, &lxcfs_ops
, d
);