-/*-*- Mode: C; c-basic-offset: 8 -*-*/
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
#include <sys/types.h>
#include <signal.h>
#include <sys/mount.h>
-
-#include <libcgroup.h>
+#include <fcntl.h>
#include "cgroup.h"
#include "cgroup-util.h"
assert(b->path);
assert(b->controller);
- if (b->realized)
- return 0;
-
- if ((r = cg_create(b->controller, b->path)) < 0)
+ r = cg_create(b->controller, b->path);
+ if (r < 0) {
+ log_warning("Failed to create cgroup %s:%s: %s", b->controller, b->path, strerror(-r));
return r;
+ }
b->realized = true;
- if (b->only_us && b->clean_up)
- cg_trim(b->controller, b->path, false);
-
return 0;
}
int r;
LIST_FOREACH(by_unit, b, first)
- if ((r = cgroup_bonding_realize(b)) < 0)
+ if ((r = cgroup_bonding_realize(b)) < 0 && b->essential)
return r;
return 0;
}
-void cgroup_bonding_free(CGroupBonding *b) {
+void cgroup_bonding_free(CGroupBonding *b, bool remove_or_trim) {
assert(b);
if (b->unit) {
LIST_REMOVE(CGroupBonding, by_unit, b->unit->meta.cgroup_bondings, b);
- assert_se(f = hashmap_get(b->unit->meta.manager->cgroup_bondings, b->path));
- LIST_REMOVE(CGroupBonding, by_path, f, b);
+ if (streq(b->controller, SYSTEMD_CGROUP_CONTROLLER)) {
+ assert_se(f = hashmap_get(b->unit->meta.manager->cgroup_bondings, b->path));
+ LIST_REMOVE(CGroupBonding, by_path, f, b);
- if (f)
- hashmap_replace(b->unit->meta.manager->cgroup_bondings, b->path, f);
- else
- hashmap_remove(b->unit->meta.manager->cgroup_bondings, b->path);
+ if (f)
+ hashmap_replace(b->unit->meta.manager->cgroup_bondings, b->path, f);
+ else
+ hashmap_remove(b->unit->meta.manager->cgroup_bondings, b->path);
+ }
}
- if (b->realized && b->only_us && b->clean_up) {
+ if (b->realized && b->ours && remove_or_trim) {
if (cgroup_bonding_is_empty(b) > 0)
cg_delete(b->controller, b->path);
free(b);
}
-void cgroup_bonding_free_list(CGroupBonding *first) {
+void cgroup_bonding_free_list(CGroupBonding *first, bool remove_or_trim) {
CGroupBonding *b, *n;
LIST_FOREACH_SAFE(by_unit, b, n, first)
- cgroup_bonding_free(b);
+ cgroup_bonding_free(b, remove_or_trim);
}
void cgroup_bonding_trim(CGroupBonding *b, bool delete_root) {
assert(b);
- if (b->realized && b->only_us && b->clean_up)
+ if (b->realized && b->ours)
cg_trim(b->controller, b->path, delete_root);
}
int r;
LIST_FOREACH(by_unit, b, first)
- if ((r = cgroup_bonding_install(b, pid)) < 0)
+ if ((r = cgroup_bonding_install(b, pid)) < 0 && b->essential)
return r;
return 0;
}
-int cgroup_bonding_kill(CGroupBonding *b, int sig) {
+int cgroup_bonding_set_group_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid) {
+ assert(b);
+
+ if (!b->realized)
+ return -EINVAL;
+
+ return cg_set_group_access(b->controller, b->path, mode, uid, gid);
+}
+
+int cgroup_bonding_set_group_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid) {
+ CGroupBonding *b;
int r;
+ LIST_FOREACH(by_unit, b, first) {
+ r = cgroup_bonding_set_group_access(b, mode, uid, gid);
+ if (r < 0)
+ return r;
+ }
+
+ return 0;
+}
+
+int cgroup_bonding_set_task_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid) {
assert(b);
- assert(sig >= 0);
- if ((r = cgroup_bonding_realize(b)) < 0)
- return r;
+ if (!b->realized)
+ return -EINVAL;
+
+ return cg_set_task_access(b->controller, b->path, mode, uid, gid);
+}
+
+int cgroup_bonding_set_task_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid) {
+ CGroupBonding *b;
+ int r;
+
+ LIST_FOREACH(by_unit, b, first) {
+ r = cgroup_bonding_set_task_access(b, mode, uid, gid);
+ if (r < 0)
+ return r;
+ }
- assert(b->realized);
+ return 0;
+}
- return cg_kill_recursive(b->controller, b->path, sig, true);
+int cgroup_bonding_kill(CGroupBonding *b, int sig, bool sigcont, Set *s) {
+ assert(b);
+ assert(sig >= 0);
+
+ /* Don't kill cgroups that aren't ours */
+ if (!b->ours)
+ return 0;
+
+ return cg_kill_recursive(b->controller, b->path, sig, sigcont, true, false, s);
}
-int cgroup_bonding_kill_list(CGroupBonding *first, int sig) {
+int cgroup_bonding_kill_list(CGroupBonding *first, int sig, bool sigcont, Set *s) {
CGroupBonding *b;
- int r = -EAGAIN;
+ Set *allocated_set = NULL;
+ int ret = -EAGAIN, r;
+
+ if (!first)
+ return 0;
+
+ if (!s)
+ if (!(s = allocated_set = set_new(trivial_hash_func, trivial_compare_func)))
+ return -ENOMEM;
LIST_FOREACH(by_unit, b, first) {
- if ((r = cgroup_bonding_kill(b, sig)) < 0) {
+ if ((r = cgroup_bonding_kill(b, sig, sigcont, s)) < 0) {
if (r == -EAGAIN || r == -ESRCH)
continue;
- return r;
+ ret = r;
+ goto finish;
}
- return 0;
+ if (ret < 0 || r > 0)
+ ret = r;
}
- return r;
+finish:
+ if (allocated_set)
+ set_free(allocated_set);
+
+ return ret;
}
/* Returns 1 if the group is empty, 0 if it is not, -EAGAIN if we
return 1;
/* It's not only us using this cgroup, so we just don't know */
- return b->only_us ? 0 : -EAGAIN;
+ return b->ours ? 0 : -EAGAIN;
}
int cgroup_bonding_is_empty_list(CGroupBonding *first) {
}
int manager_setup_cgroup(Manager *m) {
- char *cp;
+ char *current = NULL, *path = NULL;
int r;
- pid_t pid;
char suffix[32];
assert(m);
- if ((r = cgroup_init()) != 0) {
- log_error("Failed to initialize libcg: %s", cgroup_strerror(r));
- return cg_translate_error(r, errno);
+ /* 0. Be nice to Ingo Molnar #628004 */
+ if (path_is_mount_point("/sys/fs/cgroup/systemd", false) <= 0) {
+ log_warning("No control group support available, not creating root group.");
+ return 0;
}
- free(m->cgroup_mount_point);
- m->cgroup_mount_point = NULL;
- if ((r = cgroup_get_subsys_mount_point(SYSTEMD_CGROUP_CONTROLLER, &m->cgroup_mount_point)))
- return cg_translate_error(r, errno);
-
- pid = getpid();
-
- if ((r = cgroup_get_current_controller_path(pid, SYSTEMD_CGROUP_CONTROLLER, &cp)))
- return cg_translate_error(r, errno);
+ /* 1. Determine hierarchy */
+ if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 0, ¤t)) < 0) {
+ log_error("Cannot determine cgroup we are running in: %s", strerror(-r));
+ goto finish;
+ }
- snprintf(suffix, sizeof(suffix), "/systemd-%u", (unsigned) pid);
- char_array_0(suffix);
+ if (m->running_as == MANAGER_SYSTEM)
+ strcpy(suffix, "/system");
+ else {
+ snprintf(suffix, sizeof(suffix), "/systemd-%lu", (unsigned long) getpid());
+ char_array_0(suffix);
+ }
free(m->cgroup_hierarchy);
-
- if (endswith(cp, suffix))
+ if (endswith(current, suffix)) {
/* We probably got reexecuted and can continue to use our root cgroup */
- m->cgroup_hierarchy = cp;
- else {
- /* We need a new root cgroup */
+ m->cgroup_hierarchy = current;
+ current = NULL;
+ } else {
+ /* We need a new root cgroup */
m->cgroup_hierarchy = NULL;
- r = asprintf(&m->cgroup_hierarchy, "%s%s", streq(cp, "/") ? "" : cp, suffix);
- free(cp);
+ if (asprintf(&m->cgroup_hierarchy, "%s%s", streq(current, "/") ? "" : current, suffix) < 0) {
+ log_error("Out of memory");
+ r = -ENOMEM;
+ goto finish;
+ }
+ }
- if (r < 0)
- return -ENOMEM;
+ /* 2. Show data */
+ if ((r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, NULL, &path)) < 0) {
+ log_error("Cannot find cgroup mount point: %s", strerror(-r));
+ goto finish;
}
- log_debug("Using cgroup controller <" SYSTEMD_CGROUP_CONTROLLER ">, hierarchy mounted at <%s>, using root group <%s>.",
- m->cgroup_mount_point,
- m->cgroup_hierarchy);
+ log_debug("Using cgroup controller " SYSTEMD_CGROUP_CONTROLLER ". File system hierarchy is at %s.", path);
- if ((r = cg_install_release_agent(SYSTEMD_CGROUP_CONTROLLER, CGROUP_AGENT_PATH)) < 0)
+ /* 3. Install agent */
+ if ((r = cg_install_release_agent(SYSTEMD_CGROUP_CONTROLLER, SYSTEMD_CGROUP_AGENT_PATH)) < 0)
log_warning("Failed to install release agent, ignoring: %s", strerror(-r));
+ else if (r > 0)
+ log_debug("Installed release agent.");
else
- log_debug("Installed release agent, or already installed.");
+ log_debug("Release agent already installed.");
- if ((r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, 0)) < 0)
+ /* 4. Realize the group */
+ if ((r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, 0)) < 0) {
log_error("Failed to create root cgroup hierarchy: %s", strerror(-r));
- else
- log_debug("Created root group.");
+ goto finish;
+ }
+
+ /* 5. And pin it, so that it cannot be unmounted */
+ if (m->pin_cgroupfs_fd >= 0)
+ close_nointr_nofail(m->pin_cgroupfs_fd);
+
+ if ((m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK)) < 0) {
+ log_error("Failed to open pin file: %m");
+ r = -errno;
+ goto finish;
+ }
+
+ log_debug("Created root group.");
+
+finish:
+ free(current);
+ free(path);
return r;
}
-int manager_shutdown_cgroup(Manager *m) {
+void manager_shutdown_cgroup(Manager *m, bool delete) {
assert(m);
- if (!m->cgroup_hierarchy)
- return 0;
+ if (delete && m->cgroup_hierarchy)
+ cg_delete(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy);
+
+ if (m->pin_cgroupfs_fd >= 0) {
+ close_nointr_nofail(m->pin_cgroupfs_fd);
+ m->pin_cgroupfs_fd = -1;
+ }
- return cg_delete(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy);
+ free(m->cgroup_hierarchy);
+ m->cgroup_hierarchy = NULL;
}
int cgroup_notify_empty(Manager *m, const char *group) {
assert(m);
assert(group);
- if (!(l = hashmap_get(m->cgroup_bondings, group)))
+ l = hashmap_get(m->cgroup_bondings, group);
+ if (!l)
return 0;
LIST_FOREACH(by_path, b, l) {
if (!b->unit)
continue;
- if ((t = cgroup_bonding_is_empty_list(b)) < 0) {
+ t = cgroup_bonding_is_empty_list(b);
+ if (t < 0) {
/* If we don't know, we don't know */
if (t != -EAGAIN)
continue;
}
- if (t > 0)
+ if (t > 0) {
+ /* If it is empty, let's delete it */
+ cgroup_bonding_trim_list(b->unit->meta.cgroup_bondings, true);
+
if (UNIT_VTABLE(b->unit)->cgroup_notify_empty)
UNIT_VTABLE(b->unit)->cgroup_notify_empty(b->unit);
+ }
}
return 0;
Unit* cgroup_unit_by_pid(Manager *m, pid_t pid) {
CGroupBonding *l, *b;
char *group = NULL;
- int r;
assert(m);
if (pid <= 1)
return NULL;
- if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, pid, &group)))
+ if (cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, pid, &group) < 0)
return NULL;
l = hashmap_get(m->cgroup_bondings, group);
+
+ if (!l) {
+ char *slash;
+
+ while ((slash = strrchr(group, '/'))) {
+ if (slash == group)
+ break;
+
+ *slash = 0;
+
+ if ((l = hashmap_get(m->cgroup_bondings, group)))
+ break;
+ }
+ }
+
free(group);
LIST_FOREACH(by_path, b, l) {
if (!b->unit)
continue;
- if (b->only_us)
+ if (b->ours)
return b->unit;
}
return r;
}
+
+pid_t cgroup_bonding_search_main_pid(CGroupBonding *b) {
+ FILE *f;
+ pid_t pid = 0, npid, mypid;
+
+ assert(b);
+
+ if (!b->ours)
+ return 0;
+
+ if (cg_enumerate_processes(b->controller, b->path, &f) < 0)
+ return 0;
+
+ mypid = getpid();
+
+ while (cg_read_pid(f, &npid) > 0) {
+ pid_t ppid;
+
+ if (npid == pid)
+ continue;
+
+ /* Ignore processes that aren't our kids */
+ if (get_parent_of_pid(npid, &ppid) >= 0 && ppid != mypid)
+ continue;
+
+ if (pid != 0) {
+ /* Dang, there's more than one daemonized PID
+ in this group, so we don't know what process
+ is the main process. */
+ pid = 0;
+ break;
+ }
+
+ pid = npid;
+ }
+
+ fclose(f);
+
+ return pid;
+}
+
+pid_t cgroup_bonding_search_main_pid_list(CGroupBonding *first) {
+ CGroupBonding *b;
+ pid_t pid;
+
+ /* Try to find a main pid from this cgroup, but checking if
+ * there's only one PID in the cgroup and returning it. Later
+ * on we might want to add additional, smarter heuristics
+ * here. */
+
+ LIST_FOREACH(by_unit, b, first)
+ if ((pid = cgroup_bonding_search_main_pid(b)) != 0)
+ return pid;
+
+ return 0;
+
+}