X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fshared%2Fcgroup-util.c;h=c746d606d9ff648c29cbcd530d579b5e87acd547;hp=86f354dbe7e8285c6a91fb3b81d2a7f26b509f7c;hb=01c94c5d0aff09b4c0e429d483c8eeba40017071;hpb=5430f7f2bc7330f3088b894166bf3524a067e3d8 diff --git a/src/shared/cgroup-util.c b/src/shared/cgroup-util.c index 86f354dbe..c746d606d 100644 --- a/src/shared/cgroup-util.c +++ b/src/shared/cgroup-util.c @@ -30,48 +30,27 @@ #include #include "cgroup-util.h" -#include "log.h" #include "set.h" #include "macro.h" #include "util.h" +#include "formats-util.h" +#include "path-util.h" +#include "fileio.h" +#include "special.h" +#include "mkdir.h" int cg_enumerate_processes(const char *controller, const char *path, FILE **_f) { - char *fs; - int r; + _cleanup_free_ char *fs = NULL; FILE *f; - - assert(controller); - assert(path); - assert(_f); - - if ((r = cg_get_path(controller, path, "cgroup.procs", &fs)) < 0) - return r; - - f = fopen(fs, "re"); - free(fs); - - if (!f) - return -errno; - - *_f = f; - return 0; -} - -int cg_enumerate_tasks(const char *controller, const char *path, FILE **_f) { - char *fs; int r; - FILE *f; - assert(controller); - assert(path); assert(_f); - if ((r = cg_get_path(controller, path, "tasks", &fs)) < 0) + r = cg_get_path(controller, path, "cgroup.procs", &fs); + if (r < 0) return r; f = fopen(fs, "re"); - free(fs); - if (!f) return -errno; @@ -85,6 +64,9 @@ int cg_read_pid(FILE *f, pid_t *_pid) { /* Note that the cgroup.procs might contain duplicates! See * cgroups.txt for details. */ + assert(f); + assert(_pid); + errno = 0; if (fscanf(f, "%lu", &ul) != 1) { @@ -102,22 +84,19 @@ int cg_read_pid(FILE *f, pid_t *_pid) { } int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d) { - char *fs; + _cleanup_free_ char *fs = NULL; int r; DIR *d; - assert(controller); - assert(path); assert(_d); /* This is not recursive! */ - if ((r = cg_get_path(controller, path, NULL, &fs)) < 0) + r = cg_get_path(controller, path, NULL, &fs); + if (r < 0) return r; d = opendir(fs); - free(fs); - if (!d) return -errno; @@ -129,9 +108,9 @@ int cg_read_subgroup(DIR *d, char **fn) { struct dirent *de; assert(d); + assert(fn); - errno = 0; - while ((de = readdir(d))) { + FOREACH_DIRENT(de, d, return -errno) { char *b; if (de->d_type != DT_DIR) @@ -141,88 +120,68 @@ int cg_read_subgroup(DIR *d, char **fn) { streq(de->d_name, "..")) continue; - if (!(b = strdup(de->d_name))) + b = strdup(de->d_name); + if (!b) return -ENOMEM; *fn = b; return 1; } - if (errno) - return -errno; - return 0; } -int cg_rmdir(const char *controller, const char *path, bool honour_sticky) { - char *p; +int cg_rmdir(const char *controller, const char *path) { + _cleanup_free_ char *p = NULL; int r; r = cg_get_path(controller, path, NULL, &p); if (r < 0) return r; - if (honour_sticky) { - char *tasks; - - /* If the sticky bit is set don't remove the directory */ - - tasks = strappend(p, "/tasks"); - if (!tasks) { - free(p); - return -ENOMEM; - } - - r = file_is_priv_sticky(tasks); - free(tasks); - - if (r > 0) { - free(p); - return 0; - } - } - r = rmdir(p); - free(p); + if (r < 0 && errno != ENOENT) + return -errno; - return (r < 0 && errno != ENOENT) ? -errno : 0; + return 0; } int cg_kill(const char *controller, const char *path, int sig, bool sigcont, bool ignore_self, Set *s) { + _cleanup_set_free_ Set *allocated_set = NULL; bool done = false; int r, ret = 0; pid_t my_pid; - FILE *f = NULL; - Set *allocated_set = NULL; - assert(controller); - assert(path); assert(sig >= 0); /* This goes through the tasks list and kills them all. This * is repeated until no further processes are added to the * tasks list, to properly handle forking processes */ - if (!s) - if (!(s = allocated_set = set_new(trivial_hash_func, trivial_compare_func))) + if (!s) { + s = allocated_set = set_new(NULL); + if (!s) return -ENOMEM; + } my_pid = getpid(); do { + _cleanup_fclose_ FILE *f = NULL; pid_t pid = 0; done = true; - if ((r = cg_enumerate_processes(controller, path, &f)) < 0) { + r = cg_enumerate_processes(controller, path, &f); + if (r < 0) { if (ret >= 0 && r != -ENOENT) - ret = r; + return r; - goto finish; + return ret; } while ((r = cg_read_pid(f, &pid)) > 0) { - if (pid == my_pid && ignore_self) + if (ignore_self && pid == my_pid) continue; if (set_get(s, LONG_TO_PTR(pid)) == LONG_TO_PTR(pid)) @@ -233,170 +192,119 @@ int cg_kill(const char *controller, const char *path, int sig, bool sigcont, boo if (kill(pid, sig) < 0) { if (ret >= 0 && errno != ESRCH) ret = -errno; - } else if (ret == 0) { - - if (sigcont) + } else { + if (sigcont && sig != SIGKILL) kill(pid, SIGCONT); - ret = 1; + if (ret == 0) + ret = 1; } done = false; - if ((r = set_put(s, LONG_TO_PTR(pid))) < 0) { + r = set_put(s, LONG_TO_PTR(pid)); + if (r < 0) { if (ret >= 0) - ret = r; + return r; - goto finish; + return ret; } } if (r < 0) { if (ret >= 0) - ret = r; + return r; - goto finish; + return ret; } - fclose(f); - f = NULL; - /* To avoid racing against processes which fork * quicker than we can kill them we repeat this until * no new pids need to be killed. */ } while (!done); -finish: - if (allocated_set) - set_free(allocated_set); - - if (f) - fclose(f); - return ret; } int cg_kill_recursive(const char *controller, const char *path, int sig, bool sigcont, bool ignore_self, bool rem, Set *s) { + _cleanup_set_free_ Set *allocated_set = NULL; + _cleanup_closedir_ DIR *d = NULL; int r, ret = 0; - DIR *d = NULL; char *fn; - Set *allocated_set = NULL; assert(path); - assert(controller); assert(sig >= 0); - if (!s) - if (!(s = allocated_set = set_new(trivial_hash_func, trivial_compare_func))) + if (!s) { + s = allocated_set = set_new(NULL); + if (!s) return -ENOMEM; + } ret = cg_kill(controller, path, sig, sigcont, ignore_self, s); - if ((r = cg_enumerate_subgroups(controller, path, &d)) < 0) { + r = cg_enumerate_subgroups(controller, path, &d); + if (r < 0) { if (ret >= 0 && r != -ENOENT) - ret = r; + return r; - goto finish; + return ret; } while ((r = cg_read_subgroup(d, &fn)) > 0) { - char *p = NULL; + _cleanup_free_ char *p = NULL; - r = asprintf(&p, "%s/%s", path, fn); + p = strjoin(path, "/", fn, NULL); free(fn); - - if (r < 0) { - if (ret >= 0) - ret = -ENOMEM; - - goto finish; - } + if (!p) + return -ENOMEM; r = cg_kill_recursive(controller, p, sig, sigcont, ignore_self, rem, s); - free(p); - - if (r != 0 && ret >= 0) + if (ret >= 0 && r != 0) ret = r; } - if (r < 0 && ret >= 0) + if (ret >= 0 && r < 0) ret = r; - if (rem) - if ((r = cg_rmdir(controller, path, true)) < 0) { - if (ret >= 0 && - r != -ENOENT && - r != -EBUSY) - ret = r; - } - -finish: - if (d) - closedir(d); - - if (allocated_set) - set_free(allocated_set); - - return ret; -} - -int cg_kill_recursive_and_wait(const char *controller, const char *path, bool rem) { - unsigned i; - - assert(path); - assert(controller); - - /* This safely kills all processes; first it sends a SIGTERM, - * then checks 8 times after 200ms whether the group is now - * empty, then kills everything that is left with SIGKILL and - * finally checks 5 times after 200ms each whether the group - * is finally empty. */ - - for (i = 0; i < 15; i++) { - int sig, r; - - if (i <= 0) - sig = SIGTERM; - else if (i == 9) - sig = SIGKILL; - else - sig = 0; - - if ((r = cg_kill_recursive(controller, path, sig, true, true, rem, NULL)) <= 0) + if (rem) { + r = cg_rmdir(controller, path); + if (r < 0 && ret >= 0 && r != -ENOENT && r != -EBUSY) return r; - - usleep(200 * USEC_PER_MSEC); } - return 0; + return ret; } -int cg_migrate(const char *controller, const char *from, const char *to, bool ignore_self) { +int cg_migrate(const char *cfrom, const char *pfrom, const char *cto, const char *pto, bool ignore_self) { bool done = false; - Set *s; + _cleanup_set_free_ Set *s = NULL; int r, ret = 0; pid_t my_pid; - FILE *f = NULL; - assert(controller); - assert(from); - assert(to); + assert(cfrom); + assert(pfrom); + assert(cto); + assert(pto); - if (!(s = set_new(trivial_hash_func, trivial_compare_func))) + s = set_new(NULL); + if (!s) return -ENOMEM; my_pid = getpid(); do { + _cleanup_fclose_ FILE *f = NULL; pid_t pid = 0; done = true; - if ((r = cg_enumerate_tasks(controller, from, &f)) < 0) { + r = cg_enumerate_processes(cfrom, pfrom, &f); + if (r < 0) { if (ret >= 0 && r != -ENOENT) - ret = r; + return r; - goto finish; + return ret; } while ((r = cg_read_pid(f, &pid)) > 0) { @@ -404,13 +312,14 @@ int cg_migrate(const char *controller, const char *from, const char *to, bool ig /* This might do weird stuff if we aren't a * single-threaded program. However, we * luckily know we are not */ - if (pid == my_pid && ignore_self) + if (ignore_self && pid == my_pid) continue; if (set_get(s, LONG_TO_PTR(pid)) == LONG_TO_PTR(pid)) continue; - if ((r = cg_attach(controller, to, pid)) < 0) { + r = cg_attach(cto, pto, pid); + if (r < 0) { if (ret >= 0 && r != -ESRCH) ret = r; } else if (ret == 0) @@ -418,68 +327,66 @@ int cg_migrate(const char *controller, const char *from, const char *to, bool ig done = false; - if ((r = set_put(s, LONG_TO_PTR(pid))) < 0) { + r = set_put(s, LONG_TO_PTR(pid)); + if (r < 0) { if (ret >= 0) - ret = r; + return r; - goto finish; + return ret; } } if (r < 0) { if (ret >= 0) - ret = r; + return r; - goto finish; + return ret; } - - fclose(f); - f = NULL; - } while (!done); -finish: - set_free(s); - - if (f) - fclose(f); - return ret; } -int cg_migrate_recursive(const char *controller, const char *from, const char *to, bool ignore_self, bool rem) { +int cg_migrate_recursive( + const char *cfrom, + const char *pfrom, + const char *cto, + const char *pto, + bool ignore_self, + bool rem) { + + _cleanup_closedir_ DIR *d = NULL; int r, ret = 0; - DIR *d = NULL; char *fn; - assert(controller); - assert(from); - assert(to); + assert(cfrom); + assert(pfrom); + assert(cto); + assert(pto); - ret = cg_migrate(controller, from, to, ignore_self); + ret = cg_migrate(cfrom, pfrom, cto, pto, ignore_self); - if ((r = cg_enumerate_subgroups(controller, from, &d)) < 0) { + r = cg_enumerate_subgroups(cfrom, pfrom, &d); + if (r < 0) { if (ret >= 0 && r != -ENOENT) - ret = r; - goto finish; + return r; + + return ret; } while ((r = cg_read_subgroup(d, &fn)) > 0) { - char *p = NULL; + _cleanup_free_ char *p = NULL; - r = asprintf(&p, "%s/%s", from, fn); + p = strjoin(pfrom, "/", fn, NULL); free(fn); - - if (r < 0) { + if (!p) { if (ret >= 0) - ret = -ENOMEM; + return -ENOMEM; - goto finish; + return ret; } - r = cg_migrate_recursive(controller, p, to, ignore_self, rem); - free(p); - + r = cg_migrate_recursive(cfrom, p, cto, pto, ignore_self, rem); if (r != 0 && ret >= 0) ret = r; } @@ -487,77 +394,153 @@ int cg_migrate_recursive(const char *controller, const char *from, const char *t if (r < 0 && ret >= 0) ret = r; - if (rem) - if ((r = cg_rmdir(controller, from, true)) < 0) { - if (ret >= 0 && - r != -ENOENT && - r != -EBUSY) - ret = r; + if (rem) { + r = cg_rmdir(cfrom, pfrom); + if (r < 0 && ret >= 0 && r != -ENOENT && r != -EBUSY) + return r; + } + + return ret; +} + +int cg_migrate_recursive_fallback( + const char *cfrom, + const char *pfrom, + const char *cto, + const char *pto, + bool ignore_self, + bool rem) { + + int r; + + assert(cfrom); + assert(pfrom); + assert(cto); + assert(pto); + + r = cg_migrate_recursive(cfrom, pfrom, cto, pto, ignore_self, rem); + if (r < 0) { + char prefix[strlen(pto) + 1]; + + /* This didn't work? Then let's try all prefixes of the destination */ + + PATH_FOREACH_PREFIX(prefix, pto) { + r = cg_migrate_recursive(cfrom, pfrom, cto, prefix, ignore_self, rem); + if (r >= 0) + break; } + } + + return 0; +} -finish: - if (d) - closedir(d); +static const char *normalize_controller(const char *controller) { - return ret; + assert(controller); + + if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) + return "elogind"; + else if (startswith(controller, "name=")) + return controller + 5; + else + return controller; +} + +static int join_path(const char *controller, const char *path, const char *suffix, char **fs) { + char *t = NULL; + + if (!isempty(controller)) { + if (!isempty(path) && !isempty(suffix)) + t = strjoin("/sys/fs/cgroup/", controller, "/", path, "/", suffix, NULL); + else if (!isempty(path)) + t = strjoin("/sys/fs/cgroup/", controller, "/", path, NULL); + else if (!isempty(suffix)) + t = strjoin("/sys/fs/cgroup/", controller, "/", suffix, NULL); + else + t = strappend("/sys/fs/cgroup/", controller); + } else { + if (!isempty(path) && !isempty(suffix)) + t = strjoin(path, "/", suffix, NULL); + else if (!isempty(path)) + t = strdup(path); + else + return -EINVAL; + } + + if (!t) + return -ENOMEM; + + *fs = path_kill_slashes(t); + return 0; } int cg_get_path(const char *controller, const char *path, const char *suffix, char **fs) { const char *p; - char *t; - static __thread bool good = false; + static thread_local bool good = false; - assert(controller); assert(fs); + if (controller && !cg_controller_is_valid(controller, true)) + return -EINVAL; + if (_unlikely_(!good)) { int r; r = path_is_mount_point("/sys/fs/cgroup", false); - if (r <= 0) - return r < 0 ? r : -ENOENT; + if (r < 0) + return r; + if (r == 0) + return -ENOENT; /* Cache this to save a few stat()s */ good = true; } - if (isempty(controller)) - return -EINVAL; + p = controller ? normalize_controller(controller) : NULL; - /* This is a very minimal lookup from controller names to - * paths. Since we have mounted most hierarchies ourselves - * should be kinda safe, but eventually we might want to - * extend this to have a fallback to actually check - * /proc/mounts. Might need caching then. */ + return join_path(p, path, suffix, fs); +} - if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) - p = "systemd"; - else if (startswith(controller, "name=")) - p = controller + 5; - else - p = controller; - - if (path && suffix) - t = join("/sys/fs/cgroup/", p, "/", path, "/", suffix, NULL); - else if (path) - t = join("/sys/fs/cgroup/", p, "/", path, NULL); - else if (suffix) - t = join("/sys/fs/cgroup/", p, "/", suffix, NULL); - else - t = join("/sys/fs/cgroup/", p, NULL); +static int check_hierarchy(const char *p) { + const char *cc; - if (!t) - return -ENOMEM; + assert(p); + + if (!filename_is_valid(p)) + return 0; - path_kill_slashes(t); + /* Check if this controller actually really exists */ + cc = strjoina("/sys/fs/cgroup/", p); + if (laccess(cc, F_OK) < 0) + return -errno; - *fs = t; return 0; } +int cg_get_path_and_check(const char *controller, const char *path, const char *suffix, char **fs) { + const char *p; + int r; + + assert(fs); + + if (!cg_controller_is_valid(controller, true)) + return -EINVAL; + + /* Normalize the controller syntax */ + p = normalize_controller(controller); + + /* Check if this controller actually really exists */ + r = check_hierarchy(p); + if (r < 0) + return r; + + return join_path(p, path, suffix, fs); +} + static int trim_cb(const char *path, const struct stat *sb, int typeflag, struct FTW *ftwbuf) { - char *p; - bool is_sticky; + assert(path); + assert(sb); + assert(ftwbuf); if (typeflag != FTW_DP) return 0; @@ -565,27 +548,14 @@ static int trim_cb(const char *path, const struct stat *sb, int typeflag, struct if (ftwbuf->level < 1) return 0; - p = strappend(path, "/tasks"); - if (!p) { - errno = ENOMEM; - return 1; - } - - is_sticky = file_is_priv_sticky(p) > 0; - free(p); - - if (is_sticky) - return 0; - rmdir(path); return 0; } int cg_trim(const char *controller, const char *path, bool delete_root) { - char *fs; + _cleanup_free_ char *fs = NULL; int r = 0; - assert(controller); assert(path); r = cg_get_path(controller, path, NULL, &fs); @@ -593,292 +563,344 @@ int cg_trim(const char *controller, const char *path, bool delete_root) { return r; errno = 0; - if (nftw(fs, trim_cb, 64, FTW_DEPTH|FTW_MOUNT|FTW_PHYS) < 0) + if (nftw(fs, trim_cb, 64, FTW_DEPTH|FTW_MOUNT|FTW_PHYS) != 0) r = errno ? -errno : -EIO; if (delete_root) { - bool is_sticky; - char *p; - - p = strappend(fs, "/tasks"); - if (!p) { - free(fs); - return -ENOMEM; - } - - is_sticky = file_is_priv_sticky(p) > 0; - free(p); - - if (!is_sticky) - if (rmdir(fs) < 0 && errno != ENOENT) { - if (r == 0) - r = -errno; - } + if (rmdir(fs) < 0 && errno != ENOENT) + return -errno; } - free(fs); - return r; } int cg_delete(const char *controller, const char *path) { - char *parent; + _cleanup_free_ char *parent = NULL; int r; - assert(controller); assert(path); - if ((r = parent_of_path(path, &parent)) < 0) + r = path_get_parent(path, &parent); + if (r < 0) return r; - r = cg_migrate_recursive(controller, path, parent, false, true); - free(parent); - + r = cg_migrate_recursive(controller, path, controller, parent, false, true); return r == -ENOENT ? 0 : r; } -int cg_attach(const char *controller, const char *path, pid_t pid) { - char *fs; +int cg_create(const char *controller, const char *path) { + _cleanup_free_ char *fs = NULL; int r; - char c[32]; - assert(controller); - assert(path); - assert(pid >= 0); + r = cg_get_path_and_check(controller, path, NULL, &fs); + if (r < 0) + return r; - if ((r = cg_get_path(controller, path, "tasks", &fs)) < 0) + r = mkdir_parents(fs, 0755); + if (r < 0) return r; - if (pid == 0) - pid = getpid(); + if (mkdir(fs, 0755) < 0) { - snprintf(c, sizeof(c), "%lu\n", (unsigned long) pid); - char_array_0(c); + if (errno == EEXIST) + return 0; - r = write_one_line_file(fs, c); - free(fs); + return -errno; + } - return r; + return 1; } -int cg_set_group_access(const char *controller, const char *path, mode_t mode, uid_t uid, gid_t gid) { - char *fs; - int r; - - assert(controller); - assert(path); +int cg_create_and_attach(const char *controller, const char *path, pid_t pid) { + int r, q; - if (mode != (mode_t) -1) - mode &= 0777; + assert(pid >= 0); - r = cg_get_path(controller, path, NULL, &fs); + r = cg_create(controller, path); if (r < 0) return r; - r = chmod_and_chown(fs, mode, uid, gid); - free(fs); + q = cg_attach(controller, path, pid); + if (q < 0) + return q; + /* This does not remove the cgroup on failure */ return r; } -int cg_set_task_access(const char *controller, const char *path, mode_t mode, uid_t uid, gid_t gid, int sticky) { - char *fs; +int cg_attach(const char *controller, const char *path, pid_t pid) { + _cleanup_free_ char *fs = NULL; + char c[DECIMAL_STR_MAX(pid_t) + 2]; int r; - assert(controller); assert(path); + assert(pid >= 0); - if (mode == (mode_t) -1 && uid == (uid_t) -1 && gid == (gid_t) -1 && sticky < 0) - return 0; - - if (mode != (mode_t) -1) - mode &= 0666; - - r = cg_get_path(controller, path, "tasks", &fs); + r = cg_get_path_and_check(controller, path, "cgroup.procs", &fs); if (r < 0) return r; - if (sticky >= 0 && mode != (mode_t) -1) - /* Both mode and sticky param are passed */ - mode |= (sticky ? S_ISVTX : 0); - else if ((sticky >= 0 && mode == (mode_t) -1) || - (mode != (mode_t) -1 && sticky < 0)) { - struct stat st; - - /* Only one param is passed, hence read the current - * mode from the file itself */ - - r = lstat(fs, &st); - if (r < 0) { - free(fs); - return -errno; - } - - if (mode == (mode_t) -1) - /* No mode set, we just shall set the sticky bit */ - mode = (st.st_mode & ~S_ISVTX) | (sticky ? S_ISVTX : 0); - else - /* Only mode set, leave sticky bit untouched */ - mode = (st.st_mode & ~0777) | mode; - } + if (pid == 0) + pid = getpid(); - r = chmod_and_chown(fs, mode, uid, gid); - free(fs); + snprintf(c, sizeof(c), PID_FMT"\n", pid); - return r; + return write_string_file_no_create(fs, c); } -int cg_get_by_pid(const char *controller, pid_t pid, char **path) { +int cg_attach_fallback(const char *controller, const char *path, pid_t pid) { int r; - char *p = NULL; - FILE *f; - char *fs; - size_t cs; assert(controller); assert(path); assert(pid >= 0); - if (pid == 0) - pid = getpid(); + r = cg_attach(controller, path, pid); + if (r < 0) { + char prefix[strlen(path) + 1]; - if (asprintf(&fs, "/proc/%lu/cgroup", (unsigned long) pid) < 0) - return -ENOMEM; + /* This didn't work? Then let's try all prefixes of + * the destination */ - f = fopen(fs, "re"); - free(fs); + PATH_FOREACH_PREFIX(prefix, path) { + r = cg_attach(controller, prefix, pid); + if (r >= 0) + break; + } + } - if (!f) - return errno == ENOENT ? -ESRCH : -errno; + return 0; +} - cs = strlen(controller); +int cg_set_group_access( + const char *controller, + const char *path, + mode_t mode, + uid_t uid, + gid_t gid) { - while (!feof(f)) { - char line[LINE_MAX]; - char *l; + _cleanup_free_ char *fs = NULL; + int r; - errno = 0; - if (!(fgets(line, sizeof(line), f))) { - if (feof(f)) - break; + assert(path); - r = errno ? -errno : -EIO; - goto finish; - } + if (mode != MODE_INVALID) + mode &= 0777; + + r = cg_get_path(controller, path, NULL, &fs); + if (r < 0) + return r; + + return chmod_and_chown(fs, mode, uid, gid); +} + +int cg_set_task_access( + const char *controller, + const char *path, + mode_t mode, + uid_t uid, + gid_t gid) { + + _cleanup_free_ char *fs = NULL, *procs = NULL; + int r; + + assert(path); + + if (mode == MODE_INVALID && uid == UID_INVALID && gid == GID_INVALID) + return 0; + + if (mode != MODE_INVALID) + mode &= 0666; + + r = cg_get_path(controller, path, "cgroup.procs", &fs); + if (r < 0) + return r; + + r = chmod_and_chown(fs, mode, uid, gid); + if (r < 0) + return r; + + /* Compatibility, Always keep values for "tasks" in sync with + * "cgroup.procs" */ + r = cg_get_path(controller, path, "tasks", &procs); + if (r < 0) + return r; + + return chmod_and_chown(procs, mode, uid, gid); +} + +int cg_pid_get_path(const char *controller, pid_t pid, char **path) { + _cleanup_fclose_ FILE *f = NULL; + char line[LINE_MAX]; + const char *fs; + size_t cs; + + assert(path); + assert(pid >= 0); + + if (controller) { + if (!cg_controller_is_valid(controller, true)) + return -EINVAL; + + controller = normalize_controller(controller); + } else + controller = SYSTEMD_CGROUP_CONTROLLER; + + fs = procfs_file_alloca(pid, "cgroup"); + + f = fopen(fs, "re"); + if (!f) + return errno == ENOENT ? -ESRCH : -errno; + + cs = strlen(controller); + + FOREACH_LINE(line, f, return -errno) { + char *l, *p, *e; + size_t k; + const char *word, *state; + bool found = false; truncate_nl(line); - if (!(l = strchr(line, ':'))) + l = strchr(line, ':'); + if (!l) continue; l++; - if (strncmp(l, controller, cs) != 0) + e = strchr(l, ':'); + if (!e) continue; - if (l[cs] != ':') - continue; + *e = 0; + + FOREACH_WORD_SEPARATOR(word, k, l, ",", state) { + + if (k == cs && memcmp(word, controller, cs) == 0) { + found = true; + break; + } - if (!(p = strdup(l + cs + 1))) { - r = -ENOMEM; - goto finish; + if (k == 5 + cs && + memcmp(word, "name=", 5) == 0 && + memcmp(word+5, controller, cs) == 0) { + found = true; + break; + } } - *path = p; - r = 0; - goto finish; - } + if (!found) + continue; - r = -ENOENT; + p = strdup(e + 1); + if (!p) + return -ENOMEM; -finish: - fclose(f); + *path = p; + return 0; + } - return r; + return -ENOENT; } int cg_install_release_agent(const char *controller, const char *agent) { - char *fs = NULL, *contents = NULL, *line = NULL, *sc; + _cleanup_free_ char *fs = NULL, *contents = NULL; + char *sc; int r; - assert(controller); assert(agent); - if ((r = cg_get_path(controller, NULL, "release_agent", &fs)) < 0) + r = cg_get_path(controller, NULL, "release_agent", &fs); + if (r < 0) return r; - if ((r = read_one_line_file(fs, &contents)) < 0) - goto finish; + r = read_one_line_file(fs, &contents); + if (r < 0) + return r; sc = strstrip(contents); if (sc[0] == 0) { - - if (asprintf(&line, "%s\n", agent) < 0) { - r = -ENOMEM; - goto finish; - } - - if ((r = write_one_line_file(fs, line)) < 0) - goto finish; - - } else if (!streq(sc, agent)) { - r = -EEXIST; - goto finish; - } + r = write_string_file_no_create(fs, agent); + if (r < 0) + return r; + } else if (!streq(sc, agent)) + return -EEXIST; free(fs); fs = NULL; - if ((r = cg_get_path(controller, NULL, "notify_on_release", &fs)) < 0) - goto finish; + r = cg_get_path(controller, NULL, "notify_on_release", &fs); + if (r < 0) + return r; free(contents); contents = NULL; - if ((r = read_one_line_file(fs, &contents)) < 0) - goto finish; + r = read_one_line_file(fs, &contents); + if (r < 0) + return r; sc = strstrip(contents); - if (streq(sc, "0")) { - if ((r = write_one_line_file(fs, "1\n")) < 0) - goto finish; + r = write_string_file_no_create(fs, "1"); + if (r < 0) + return r; - r = 1; - } else if (!streq(sc, "1")) { - r = -EIO; - goto finish; - } else - r = 0; + return 1; + } + + if (!streq(sc, "1")) + return -EIO; + + return 0; +} + +int cg_uninstall_release_agent(const char *controller) { + _cleanup_free_ char *fs = NULL; + int r; + + r = cg_get_path(controller, NULL, "notify_on_release", &fs); + if (r < 0) + return r; + + r = write_string_file_no_create(fs, "0"); + if (r < 0) + return r; -finish: free(fs); - free(contents); - free(line); + fs = NULL; - return r; + r = cg_get_path(controller, NULL, "release_agent", &fs); + if (r < 0) + return r; + + r = write_string_file_no_create(fs, ""); + if (r < 0) + return r; + + return 0; } int cg_is_empty(const char *controller, const char *path, bool ignore_self) { - pid_t pid = 0; - int r; - FILE *f = NULL; + _cleanup_fclose_ FILE *f = NULL; + pid_t pid = 0, self_pid; bool found = false; + int r; - assert(controller); assert(path); - if ((r = cg_enumerate_tasks(controller, path, &f)) < 0) + r = cg_enumerate_processes(controller, path, &f); + if (r < 0) return r == -ENOENT ? 1 : r; + self_pid = getpid(); + while ((r = cg_read_pid(f, &pid)) > 0) { - if (ignore_self && pid == getpid()) + if (ignore_self && pid == self_pid) continue; found = true; break; } - fclose(f); - if (r < 0) return r; @@ -886,62 +908,56 @@ int cg_is_empty(const char *controller, const char *path, bool ignore_self) { } int cg_is_empty_recursive(const char *controller, const char *path, bool ignore_self) { - int r; - DIR *d = NULL; + _cleanup_closedir_ DIR *d = NULL; char *fn; + int r; - assert(controller); assert(path); - if ((r = cg_is_empty(controller, path, ignore_self)) <= 0) + r = cg_is_empty(controller, path, ignore_self); + if (r <= 0) return r; - if ((r = cg_enumerate_subgroups(controller, path, &d)) < 0) + r = cg_enumerate_subgroups(controller, path, &d); + if (r < 0) return r == -ENOENT ? 1 : r; while ((r = cg_read_subgroup(d, &fn)) > 0) { - char *p = NULL; + _cleanup_free_ char *p = NULL; - r = asprintf(&p, "%s/%s", path, fn); + p = strjoin(path, "/", fn, NULL); free(fn); - - if (r < 0) { - r = -ENOMEM; - goto finish; - } + if (!p) + return -ENOMEM; r = cg_is_empty_recursive(controller, p, ignore_self); - free(p); - if (r <= 0) - goto finish; + return r; } - if (r >= 0) - r = 1; - -finish: - - if (d) - closedir(d); + if (r < 0) + return r; - return r; + return 1; } int cg_split_spec(const char *spec, char **controller, char **path) { const char *e; char *t = NULL, *u = NULL; + _cleanup_free_ char *v = NULL; assert(spec); - assert(controller || path); if (*spec == '/') { + if (!path_is_safe(spec)) + return -EINVAL; if (path) { - if (!(t = strdup(spec))) + t = strdup(spec); + if (!t) return -ENOMEM; - *path = t; + *path = path_kill_slashes(t); } if (controller) @@ -950,13 +966,14 @@ int cg_split_spec(const char *spec, char **controller, char **path) { return 0; } - if (!(e = strchr(spec, ':'))) { - - if (strchr(spec, '/') || spec[0] == 0) + e = strchr(spec, ':'); + if (!e) { + if (!cg_controller_is_valid(spec, true)) return -EINVAL; if (controller) { - if (!(t = strdup(spec))) + t = strdup(normalize_controller(spec)); + if (!t) return -ENOMEM; *controller = t; @@ -968,100 +985,488 @@ int cg_split_spec(const char *spec, char **controller, char **path) { return 0; } - if (e[1] != '/' || - e == spec || - memchr(spec, '/', e-spec)) + v = strndup(spec, e-spec); + if (!v) + return -ENOMEM; + t = strdup(normalize_controller(v)); + if (!t) + return -ENOMEM; + if (!cg_controller_is_valid(t, true)) { + free(t); return -EINVAL; + } - if (controller) - if (!(t = strndup(spec, e-spec))) + if (streq(e+1, "")) { + u = strdup("/"); + if (!u) { + free(t); return -ENOMEM; - - if (path) - if (!(u = strdup(e+1))) { + } + } else { + u = strdup(e+1); + if (!u) { free(t); return -ENOMEM; } + if (!path_is_safe(u) || + !path_is_absolute(u)) { + free(t); + free(u); + return -EINVAL; + } + + path_kill_slashes(u); + } + if (controller) *controller = t; + else + free(t); if (path) *path = u; + else + free(u); return 0; } -int cg_join_spec(const char *controller, const char *path, char **spec) { - assert(controller); +int cg_mangle_path(const char *path, char **result) { + _cleanup_free_ char *c = NULL, *p = NULL; + char *t; + int r; + assert(path); + assert(result); - if (!path_is_absolute(path) || - controller[0] == 0 || - strchr(controller, ':') || - strchr(controller, '/')) - return -EINVAL; + /* First, check if it already is a filesystem path */ + if (path_startswith(path, "/sys/fs/cgroup")) { - if (asprintf(spec, "%s:%s", controller, path) < 0) - return -ENOMEM; + t = strdup(path); + if (!t) + return -ENOMEM; + + *result = path_kill_slashes(t); + return 0; + } + + /* Otherwise, treat it as cg spec */ + r = cg_split_spec(path, &c, &p); + if (r < 0) + return r; + + return cg_get_path(c ? c : SYSTEMD_CGROUP_CONTROLLER, p ? p : "/", NULL, result); +} + +int cg_get_root_path(char **path) { + assert(path); + + return cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 1, path); +} + +int cg_shift_path(const char *cgroup, const char *root, const char **shifted) { + _cleanup_free_ char *rt = NULL; + char *p; + int r; + + assert(cgroup); + assert(shifted); + + if (!root) { + /* If the root was specified let's use that, otherwise + * let's determine it from PID 1 */ + + r = cg_get_root_path(&rt); + if (r < 0) + return r; + + root = rt; + } + + p = path_startswith(cgroup, root); + if (p) + *shifted = p - 1; + else + *shifted = cgroup; return 0; } -int cg_fix_path(const char *path, char **result) { - char *t, *c, *p; +int cg_pid_get_path_shifted(pid_t pid, const char *root, char **cgroup) { + _cleanup_free_ char *raw = NULL; + const char *c; int r; + assert(pid >= 0); + assert(cgroup); + + r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, pid, &raw); + if (r < 0) + return r; + + r = cg_shift_path(raw, root, &c); + if (r < 0) + return r; + + if (c == raw) { + *cgroup = raw; + raw = NULL; + } else { + char *n; + + n = strdup(c); + if (!n) + return -ENOMEM; + + *cgroup = n; + } + + return 0; +} + +int cg_path_get_session(const char *path, char **session) { + const char *e, *n, *s; + + /* Elogind uses a flat hierarchy, just "/SESSION". The only + wrinkle is that SESSION might be escaped. */ + assert(path); - assert(result); + assert(path[0] == '/'); - /* First check if it already is a filesystem path */ - if (path_is_absolute(path) && - path_startswith(path, "/sys/fs/cgroup") && - access(path, F_OK) >= 0) { + e = path + 1; + n = strchrnul(e, '/'); + if (e == n) + return -ENOENT; - if (!(t = strdup(path))) + s = strndupa(e, n - e); + s = cg_unescape(s); + + if (!s[0]) + return -ENOENT; + + if (session) { + char *r; + + r = strdup(s); + if (!r) return -ENOMEM; - *result = t; - return 0; + *session = r; } - /* Otherwise treat it as cg spec */ - if ((r = cg_split_spec(path, &c, &p)) < 0) + return 0; +} + +int cg_pid_get_session(pid_t pid, char **session) { + _cleanup_free_ char *cgroup = NULL; + int r; + + r = cg_pid_get_path_shifted(pid, NULL, &cgroup); + if (r < 0) return r; - r = cg_get_path(c ? c : SYSTEMD_CGROUP_CONTROLLER, p ? p : "/", NULL, result); - free(c); - free(p); + return cg_path_get_session(cgroup, session); +} + +char *cg_escape(const char *p) { + bool need_prefix = false; + + /* This implements very minimal escaping for names to be used + * as file names in the cgroup tree: any name which might + * conflict with a kernel name or is prefixed with '_' is + * prefixed with a '_'. That way, when reading cgroup names it + * is sufficient to remove a single prefixing underscore if + * there is one. */ + + /* The return value of this function (unlike cg_unescape()) + * needs free()! */ + + if (p[0] == 0 || + p[0] == '_' || + p[0] == '.' || + streq(p, "notify_on_release") || + streq(p, "release_agent") || + streq(p, "tasks")) + need_prefix = true; + else { + const char *dot; + + dot = strrchr(p, '.'); + if (dot) { + + if (dot - p == 6 && memcmp(p, "cgroup", 6) == 0) + need_prefix = true; + else { + char *n; + + n = strndupa(p, dot - p); + + if (check_hierarchy(n) >= 0) + need_prefix = true; + } + } + } + + if (need_prefix) + return strappend("_", p); + else + return strdup(p); +} + +char *cg_unescape(const char *p) { + assert(p); + + /* The return value of this function (unlike cg_escape()) + * doesn't need free()! */ + + if (p[0] == '_') + return (char*) p+1; + + return (char*) p; +} + +#define CONTROLLER_VALID \ + DIGITS LETTERS \ + "_" + +bool cg_controller_is_valid(const char *p, bool allow_named) { + const char *t, *s; + + if (!p) + return false; + + if (allow_named) { + s = startswith(p, "name="); + if (s) + p = s; + } + + if (*p == 0 || *p == '_') + return false; + + for (t = p; *t; t++) + if (!strchr(CONTROLLER_VALID, *t)) + return false; + + if (t - p > FILENAME_MAX) + return false; + + return true; +} + +int cg_set_attribute(const char *controller, const char *path, const char *attribute, const char *value) { + _cleanup_free_ char *p = NULL; + int r; + + r = cg_get_path(controller, path, attribute, &p); + if (r < 0) + return r; + + return write_string_file_no_create(p, value); +} + +int cg_get_attribute(const char *controller, const char *path, const char *attribute, char **ret) { + _cleanup_free_ char *p = NULL; + int r; + + r = cg_get_path(controller, path, attribute, &p); + if (r < 0) + return r; + + return read_one_line_file(p, ret); +} + +static const char mask_names[] = + "cpu\0" + "cpuacct\0" + "blkio\0" + "memory\0" + "devices\0"; + +int cg_create_everywhere(CGroupControllerMask supported, CGroupControllerMask mask, const char *path) { + CGroupControllerMask bit = 1; + const char *n; + int r; + + /* This one will create a cgroup in our private tree, but also + * duplicate it in the trees specified in mask, and remove it + * in all others */ + + /* First create the cgroup in our own hierarchy. */ + r = cg_create(SYSTEMD_CGROUP_CONTROLLER, path); + if (r < 0) + return r; + + /* Then, do the same in the other hierarchies */ + NULSTR_FOREACH(n, mask_names) { + if (mask & bit) + cg_create(n, path); + else if (supported & bit) + cg_trim(n, path, true); + + bit <<= 1; + } + + return 0; +} + +int cg_attach_everywhere(CGroupControllerMask supported, const char *path, pid_t pid, cg_migrate_callback_t path_callback, void *userdata) { + CGroupControllerMask bit = 1; + const char *n; + int r; + + r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, path, pid); + if (r < 0) + return r; + + NULSTR_FOREACH(n, mask_names) { + + if (supported & bit) { + const char *p = NULL; + + if (path_callback) + p = path_callback(bit, userdata); + + if (!p) + p = path; + + cg_attach_fallback(n, path, pid); + } + + bit <<= 1; + } + + return 0; +} + +int cg_attach_many_everywhere(CGroupControllerMask supported, const char *path, Set* pids, cg_migrate_callback_t path_callback, void *userdata) { + Iterator i; + void *pidp; + int r = 0; + + SET_FOREACH(pidp, pids, i) { + pid_t pid = PTR_TO_LONG(pidp); + int q; + + q = cg_attach_everywhere(supported, path, pid, path_callback, userdata); + if (q < 0) + r = q; + } return r; } -int cg_get_user_path(char **path) { - char *root, *p; +int cg_migrate_everywhere(CGroupControllerMask supported, const char *from, const char *to, cg_migrate_callback_t to_callback, void *userdata) { + CGroupControllerMask bit = 1; + const char *n; + int r; - assert(path); + if (!path_equal(from, to)) { + r = cg_migrate_recursive(SYSTEMD_CGROUP_CONTROLLER, from, SYSTEMD_CGROUP_CONTROLLER, to, false, true); + if (r < 0) + return r; + } - /* Figure out the place to put user cgroups below. We use the - * same as PID 1 has but with the "/system" suffix replaced by - * "/user" */ + NULSTR_FOREACH(n, mask_names) { + if (supported & bit) { + const char *p = NULL; - if (cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 1, &root) < 0) - p = strdup("/user"); - else { - if (endswith(root, "/system")) - root[strlen(root) - 7] = 0; - else if (streq(root, "/")) - root[0] = 0; + if (to_callback) + p = to_callback(bit, userdata); + + if (!p) + p = to; + + cg_migrate_recursive_fallback(SYSTEMD_CGROUP_CONTROLLER, to, n, p, false, false); + } - p = strappend(root, "/user"); - free(root); + bit <<= 1; } - if (!p) - return -ENOMEM; + return 0; +} + +int cg_trim_everywhere(CGroupControllerMask supported, const char *path, bool delete_root) { + CGroupControllerMask bit = 1; + const char *n; + int r; + + r = cg_trim(SYSTEMD_CGROUP_CONTROLLER, path, delete_root); + if (r < 0) + return r; + + NULSTR_FOREACH(n, mask_names) { + if (supported & bit) + cg_trim(n, path, delete_root); + + bit <<= 1; + } + + return 0; +} + +CGroupControllerMask cg_mask_supported(void) { + CGroupControllerMask bit = 1, mask = 0; + const char *n; + + NULSTR_FOREACH(n, mask_names) { + if (check_hierarchy(n) >= 0) + mask |= bit; + + bit <<= 1; + } + + return mask; +} + +int cg_kernel_controllers(Set *controllers) { + _cleanup_fclose_ FILE *f = NULL; + char buf[LINE_MAX]; + int r; + + assert(controllers); + + f = fopen("/proc/cgroups", "re"); + if (!f) { + if (errno == ENOENT) + return 0; + return -errno; + } + + /* Ignore the header line */ + (void) fgets(buf, sizeof(buf), f); + + for (;;) { + char *controller; + int enabled = 0; + + errno = 0; + if (fscanf(f, "%ms %*i %*i %i", &controller, &enabled) != 2) { + + if (feof(f)) + break; + + if (ferror(f) && errno) + return -errno; + + return -EBADMSG; + } + + if (!enabled) { + free(controller); + continue; + } + + if (!filename_is_valid(controller)) { + free(controller); + return -EBADMSG; + } + + r = set_consume(controllers, controller); + if (r < 0) + return r; + } - *path = p; return 0; }