support pure cgroupv2 environments

author Wolfgang Bumiller <w.bumiller@proxmox.com>

Thu, 10 Jun 2021 10:03:28 +0000 (12:03 +0200)

committer Wolfgang Bumiller <w.bumiller@proxmox.com>

Thu, 10 Jun 2021 10:03:28 +0000 (12:03 +0200)
author Wolfgang Bumiller <w.bumiller@proxmox.com>
Thu, 10 Jun 2021 10:03:28 +0000 (12:03 +0200)
committer Wolfgang Bumiller <w.bumiller@proxmox.com>
Thu, 10 Jun 2021 10:03:28 +0000 (12:03 +0200)
diff --git a/src/process/cgroups.rs b/src/process/cgroups.rs

index d8d88b3f4a33aa6d47f90f12170ac3717e549991..8c4d8f3a8fb15c2a8f1f8f7450f59bedc24f8174 100644 (file)
--- a/src/process/cgroups.rs
+++ b/src/process/cgroups.rs
@@ -3,7 +3,7 @@ use std::ffi::{OsStr, OsString};
  
  #[derive(Default)]
  pub struct CGroups {
  
  #[derive(Default)]
  pub struct CGroups {
-    pub v1: HashMap<String, OsString>,
+    pub v1: Option<HashMap<String, OsString>>,
      pub v2: Option<OsString>,
  }
  
      pub v2: Option<OsString>,
  }
  
@@ -13,10 +13,16 @@ impl CGroups {
      }
  
      pub fn get(&self, name: &str) -> Option<&OsStr> {
      }
  
      pub fn get(&self, name: &str) -> Option<&OsStr> {
-        self.v1.get(name).map(|s| s.as_os_str())
+        self.v1
+            .as_ref()
+            .and_then(|v1| v1.get(name).map(|s| s.as_os_str()))
      }
  
      pub fn v2(&self) -> Option<&OsStr> {
          self.v2.as_ref().map(|s| s.as_os_str())
      }
      }
  
      pub fn v2(&self) -> Option<&OsStr> {
          self.v2.as_ref().map(|s| s.as_os_str())
      }
+
+    pub fn has_v1(&self) -> bool {
+        self.v1.is_some()
+    }
  }
  }
diff --git a/src/process/pid_fd.rs b/src/process/pid_fd.rs

index 674ebae49bc36573d1856ece8aa852b573e88930..1caf8f262bd8c381c274db90771a7ba0b98e8734 100644 (file)
--- a/src/process/pid_fd.rs
+++ b/src/process/pid_fd.rs
@@ -222,7 +222,10 @@ impl PidFd {
                  cgroups.v2 = Some(path);
              } else {
                  for entry in name.split(',') {
                  cgroups.v2 = Some(path);
              } else {
                  for entry in name.split(',') {
-                    cgroups.v1.insert(entry.to_string(), path.clone());
+                    cgroups
+                        .v1
+                        .get_or_insert_with(Default::default)
+                        .insert(entry.to_string(), path.clone());
                  }
              }
          }
                  }
              }
          }
diff --git a/src/process/user_caps.rs b/src/process/user_caps.rs

index a3d6bcb0a8ecf157e820b5b09a64108e8cad9438..b0850ac80eba18f7e9c642b85313c69a3af53179 100644 (file)
--- a/src/process/user_caps.rs
+++ b/src/process/user_caps.rs
@@ -47,6 +47,7 @@ pub struct UserCaps<'a> {
      capabilities: Capabilities,
      umask: libc::mode_t,
      cgroup_v1_devices: Option<OsString>,
      capabilities: Capabilities,
      umask: libc::mode_t,
      cgroup_v1_devices: Option<OsString>,
+    cgroup_v2_base: &'static str,
      cgroup_v2: Option<OsString>,
      apparmor_profile: Option<OsString>,
  }
      cgroup_v2: Option<OsString>,
      apparmor_profile: Option<OsString>,
  }
@@ -67,12 +68,15 @@ impl UserCaps<'_> {
              capabilities: status.capabilities,
              umask: status.umask,
              cgroup_v1_devices: cgroups.get("devices").map(|s| s.to_owned()),
              capabilities: status.capabilities,
              umask: status.umask,
              cgroup_v1_devices: cgroups.get("devices").map(|s| s.to_owned()),
+            cgroup_v2_base: if cgroups.has_v1() { "unified/" } else { "" },
              cgroup_v2: cgroups.v2().map(|s| s.to_owned()),
              apparmor_profile,
          })
      }
  
      fn apply_cgroups(&self) -> io::Result<()> {
              cgroup_v2: cgroups.v2().map(|s| s.to_owned()),
              apparmor_profile,
          })
      }
  
      fn apply_cgroups(&self) -> io::Result<()> {
+        // FIXME: Handle `kind` taking /proc/self/mountinfo into account instead of assuming
+        // "unified/"
          fn enter_cgroup(kind: &str, name: &OsStr) -> io::Result<()> {
              let mut path = OsString::with_capacity(15 + kind.len() + name.len() + 13 + 1);
              path.push(OsStr::from_bytes(b"/sys/fs/cgroup/"));
          fn enter_cgroup(kind: &str, name: &OsStr) -> io::Result<()> {
              let mut path = OsString::with_capacity(15 + kind.len() + name.len() + 13 + 1);
              path.push(OsStr::from_bytes(b"/sys/fs/cgroup/"));
@@ -87,7 +91,7 @@ impl UserCaps<'_> {
          }
  
          if let Some(ref cg) = self.cgroup_v2 {
          }
  
          if let Some(ref cg) = self.cgroup_v2 {
-            enter_cgroup("unified/", cg)?;
+            enter_cgroup(self.cgroup_v2_base, cg)?;
          }
  
          Ok(())
          }
  
          Ok(())
author	Wolfgang Bumiller <w.bumiller@proxmox.com>
	Thu, 10 Jun 2021 10:03:28 +0000 (12:03 +0200)
committer	Wolfgang Bumiller <w.bumiller@proxmox.com>
	Thu, 10 Jun 2021 10:03:28 +0000 (12:03 +0200)
src/process/cgroups.rs		patch \| blob \| blame \| history
src/process/pid_fd.rs		patch \| blob \| blame \| history
src/process/user_caps.rs		patch \| blob \| blame \| history