assert(b->path);
assert(b->controller);
- if (b->realized)
- return 0;
-
- if ((r = cg_create(b->controller, b->path)) < 0)
+ r = cg_create(b->controller, b->path);
+ if (r < 0) {
+ log_warning("Failed to create cgroup %s:%s: %s", b->controller, b->path, strerror(-r));
return r;
+ }
b->realized = true;
- if (b->only_us && b->clean_up)
- cg_trim(b->controller, b->path, false);
-
return 0;
}
int r;
LIST_FOREACH(by_unit, b, first)
- if ((r = cgroup_bonding_realize(b)) < 0)
+ if ((r = cgroup_bonding_realize(b)) < 0 && b->essential)
return r;
return 0;
}
-void cgroup_bonding_free(CGroupBonding *b) {
+void cgroup_bonding_free(CGroupBonding *b, bool remove_or_trim) {
assert(b);
if (b->unit) {
LIST_REMOVE(CGroupBonding, by_unit, b->unit->meta.cgroup_bondings, b);
- assert_se(f = hashmap_get(b->unit->meta.manager->cgroup_bondings, b->path));
- LIST_REMOVE(CGroupBonding, by_path, f, b);
+ if (streq(b->controller, SYSTEMD_CGROUP_CONTROLLER)) {
+ assert_se(f = hashmap_get(b->unit->meta.manager->cgroup_bondings, b->path));
+ LIST_REMOVE(CGroupBonding, by_path, f, b);
- if (f)
- hashmap_replace(b->unit->meta.manager->cgroup_bondings, b->path, f);
- else
- hashmap_remove(b->unit->meta.manager->cgroup_bondings, b->path);
+ if (f)
+ hashmap_replace(b->unit->meta.manager->cgroup_bondings, b->path, f);
+ else
+ hashmap_remove(b->unit->meta.manager->cgroup_bondings, b->path);
+ }
}
- if (b->realized && b->only_us && b->clean_up) {
+ if (b->realized && b->ours && remove_or_trim) {
if (cgroup_bonding_is_empty(b) > 0)
cg_delete(b->controller, b->path);
free(b);
}
-void cgroup_bonding_free_list(CGroupBonding *first) {
+void cgroup_bonding_free_list(CGroupBonding *first, bool remove_or_trim) {
CGroupBonding *b, *n;
LIST_FOREACH_SAFE(by_unit, b, n, first)
- cgroup_bonding_free(b);
+ cgroup_bonding_free(b, remove_or_trim);
}
void cgroup_bonding_trim(CGroupBonding *b, bool delete_root) {
assert(b);
- if (b->realized && b->only_us && b->clean_up)
+ if (b->realized && b->ours)
cg_trim(b->controller, b->path, delete_root);
}
int r;
LIST_FOREACH(by_unit, b, first)
- if ((r = cgroup_bonding_install(b, pid)) < 0)
+ if ((r = cgroup_bonding_install(b, pid)) < 0 && b->essential)
+ return r;
+
+ return 0;
+}
+
+int cgroup_bonding_set_group_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid) {
+ assert(b);
+
+ if (!b->realized)
+ return -EINVAL;
+
+ return cg_set_group_access(b->controller, b->path, mode, uid, gid);
+}
+
+int cgroup_bonding_set_group_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid) {
+ CGroupBonding *b;
+ int r;
+
+ LIST_FOREACH(by_unit, b, first) {
+ r = cgroup_bonding_set_group_access(b, mode, uid, gid);
+ if (r < 0)
return r;
+ }
return 0;
}
-int cgroup_bonding_kill(CGroupBonding *b, int sig, Set *s) {
+int cgroup_bonding_set_task_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid) {
+ assert(b);
+
+ if (!b->realized)
+ return -EINVAL;
+
+ return cg_set_task_access(b->controller, b->path, mode, uid, gid);
+}
+
+int cgroup_bonding_set_task_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid) {
+ CGroupBonding *b;
int r;
+ LIST_FOREACH(by_unit, b, first) {
+ r = cgroup_bonding_set_task_access(b, mode, uid, gid);
+ if (r < 0)
+ return r;
+ }
+
+ return 0;
+}
+
+int cgroup_bonding_kill(CGroupBonding *b, int sig, bool sigcont, Set *s) {
assert(b);
assert(sig >= 0);
- if ((r = cgroup_bonding_realize(b)) < 0)
- return r;
-
- assert(b->realized);
+ /* Don't kill cgroups that aren't ours */
+ if (!b->ours)
+ return 0;
- return cg_kill_recursive(b->controller, b->path, sig, true, false, s);
+ return cg_kill_recursive(b->controller, b->path, sig, sigcont, true, false, s);
}
-int cgroup_bonding_kill_list(CGroupBonding *first, int sig, Set *s) {
+int cgroup_bonding_kill_list(CGroupBonding *first, int sig, bool sigcont, Set *s) {
CGroupBonding *b;
Set *allocated_set = NULL;
int ret = -EAGAIN, r;
return -ENOMEM;
LIST_FOREACH(by_unit, b, first) {
- if ((r = cgroup_bonding_kill(b, sig, s)) < 0) {
+ if ((r = cgroup_bonding_kill(b, sig, sigcont, s)) < 0) {
if (r == -EAGAIN || r == -ESRCH)
continue;
return 1;
/* It's not only us using this cgroup, so we just don't know */
- return b->only_us ? 0 : -EAGAIN;
+ return b->ours ? 0 : -EAGAIN;
}
int cgroup_bonding_is_empty_list(CGroupBonding *first) {
assert(m);
+ /* 0. Be nice to Ingo Molnar #628004 */
+ if (path_is_mount_point("/sys/fs/cgroup/systemd", false) <= 0) {
+ log_warning("No control group support available, not creating root group.");
+ return 0;
+ }
+
/* 1. Determine hierarchy */
- if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 0, ¤t)) < 0)
+ if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 0, ¤t)) < 0) {
+ log_error("Cannot determine cgroup we are running in: %s", strerror(-r));
goto finish;
+ }
- snprintf(suffix, sizeof(suffix), "/systemd-%lu", (unsigned long) getpid());
- char_array_0(suffix);
+ if (m->running_as == MANAGER_SYSTEM)
+ strcpy(suffix, "/system");
+ else {
+ snprintf(suffix, sizeof(suffix), "/systemd-%lu", (unsigned long) getpid());
+ char_array_0(suffix);
+ }
free(m->cgroup_hierarchy);
if (endswith(current, suffix)) {
/* We need a new root cgroup */
m->cgroup_hierarchy = NULL;
if (asprintf(&m->cgroup_hierarchy, "%s%s", streq(current, "/") ? "" : current, suffix) < 0) {
+ log_error("Out of memory");
r = -ENOMEM;
goto finish;
}
}
/* 2. Show data */
- if ((r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, NULL, &path)) < 0)
+ if ((r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, NULL, &path)) < 0) {
+ log_error("Cannot find cgroup mount point: %s", strerror(-r));
goto finish;
+ }
log_debug("Using cgroup controller " SYSTEMD_CGROUP_CONTROLLER ". File system hierarchy is at %s.", path);
/* 3. Install agent */
- if ((r = cg_install_release_agent(SYSTEMD_CGROUP_CONTROLLER, CGROUP_AGENT_PATH)) < 0)
+ if ((r = cg_install_release_agent(SYSTEMD_CGROUP_CONTROLLER, SYSTEMD_CGROUP_AGENT_PATH)) < 0)
log_warning("Failed to install release agent, ignoring: %s", strerror(-r));
else if (r > 0)
log_debug("Installed release agent.");
close_nointr_nofail(m->pin_cgroupfs_fd);
if ((m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK)) < 0) {
+ log_error("Failed to open pin file: %m");
r = -errno;
goto finish;
}
assert(m);
assert(group);
- if (!(l = hashmap_get(m->cgroup_bondings, group)))
+ l = hashmap_get(m->cgroup_bondings, group);
+ if (!l)
return 0;
LIST_FOREACH(by_path, b, l) {
if (!b->unit)
continue;
- if ((t = cgroup_bonding_is_empty_list(b)) < 0) {
+ t = cgroup_bonding_is_empty_list(b);
+ if (t < 0) {
/* If we don't know, we don't know */
if (t != -EAGAIN)
continue;
}
- if (t > 0)
+ if (t > 0) {
+ /* If it is empty, let's delete it */
+ cgroup_bonding_trim_list(b->unit->meta.cgroup_bondings, true);
+
if (UNIT_VTABLE(b->unit)->cgroup_notify_empty)
UNIT_VTABLE(b->unit)->cgroup_notify_empty(b->unit);
+ }
}
return 0;
if (!b->unit)
continue;
- if (b->only_us)
+ if (b->ours)
return b->unit;
}
return r;
}
+
+pid_t cgroup_bonding_search_main_pid(CGroupBonding *b) {
+ FILE *f;
+ pid_t pid = 0, npid, mypid;
+
+ assert(b);
+
+ if (!b->ours)
+ return 0;
+
+ if (cg_enumerate_processes(b->controller, b->path, &f) < 0)
+ return 0;
+
+ mypid = getpid();
+
+ while (cg_read_pid(f, &npid) > 0) {
+ pid_t ppid;
+
+ if (npid == pid)
+ continue;
+
+ /* Ignore processes that aren't our kids */
+ if (get_parent_of_pid(npid, &ppid) >= 0 && ppid != mypid)
+ continue;
+
+ if (pid != 0) {
+ /* Dang, there's more than one daemonized PID
+ in this group, so we don't know what process
+ is the main process. */
+ pid = 0;
+ break;
+ }
+
+ pid = npid;
+ }
+
+ fclose(f);
+
+ return pid;
+}
+
+pid_t cgroup_bonding_search_main_pid_list(CGroupBonding *first) {
+ CGroupBonding *b;
+ pid_t pid;
+
+ /* Try to find a main pid from this cgroup, but checking if
+ * there's only one PID in the cgroup and returning it. Later
+ * on we might want to add additional, smarter heuristics
+ * here. */
+
+ LIST_FOREACH(by_unit, b, first)
+ if ((pid = cgroup_bonding_search_main_pid(b)) != 0)
+ return pid;
+
+ return 0;
+
+}