-/*-*- Mode: C; c-basic-offset: 8 -*-*/
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
if (b->realized)
return 0;
- if ((r = cg_create(b->controller, b->path)) < 0)
+ r = cg_create(b->controller, b->path);
+ if (r < 0) {
+ log_warning("Failed to create cgroup %s:%s: %s", b->controller, b->path, strerror(-r));
return r;
+ }
b->realized = true;
- if (b->only_us && b->clean_up)
- cg_trim(b->controller, b->path, false);
-
return 0;
}
int r;
LIST_FOREACH(by_unit, b, first)
- if ((r = cgroup_bonding_realize(b)) < 0)
+ if ((r = cgroup_bonding_realize(b)) < 0 && b->essential)
return r;
return 0;
}
-void cgroup_bonding_free(CGroupBonding *b) {
+void cgroup_bonding_free(CGroupBonding *b, bool remove_or_trim) {
assert(b);
if (b->unit) {
LIST_REMOVE(CGroupBonding, by_unit, b->unit->meta.cgroup_bondings, b);
- assert_se(f = hashmap_get(b->unit->meta.manager->cgroup_bondings, b->path));
- LIST_REMOVE(CGroupBonding, by_path, f, b);
+ if (streq(b->controller, SYSTEMD_CGROUP_CONTROLLER)) {
+ assert_se(f = hashmap_get(b->unit->meta.manager->cgroup_bondings, b->path));
+ LIST_REMOVE(CGroupBonding, by_path, f, b);
- if (f)
- hashmap_replace(b->unit->meta.manager->cgroup_bondings, b->path, f);
- else
- hashmap_remove(b->unit->meta.manager->cgroup_bondings, b->path);
+ if (f)
+ hashmap_replace(b->unit->meta.manager->cgroup_bondings, b->path, f);
+ else
+ hashmap_remove(b->unit->meta.manager->cgroup_bondings, b->path);
+ }
}
- if (b->realized && b->only_us && b->clean_up) {
+ if (b->realized && b->ours && remove_or_trim) {
if (cgroup_bonding_is_empty(b) > 0)
cg_delete(b->controller, b->path);
free(b);
}
-void cgroup_bonding_free_list(CGroupBonding *first) {
+void cgroup_bonding_free_list(CGroupBonding *first, bool remove_or_trim) {
CGroupBonding *b, *n;
LIST_FOREACH_SAFE(by_unit, b, n, first)
- cgroup_bonding_free(b);
+ cgroup_bonding_free(b, remove_or_trim);
}
void cgroup_bonding_trim(CGroupBonding *b, bool delete_root) {
assert(b);
- if (b->realized && b->only_us && b->clean_up)
+ if (b->realized && b->ours)
cg_trim(b->controller, b->path, delete_root);
}
int r;
LIST_FOREACH(by_unit, b, first)
- if ((r = cgroup_bonding_install(b, pid)) < 0)
+ if ((r = cgroup_bonding_install(b, pid)) < 0 && b->essential)
return r;
return 0;
}
-int cgroup_bonding_kill(CGroupBonding *b, int sig) {
+int cgroup_bonding_set_group_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid) {
+ assert(b);
+
+ if (!b->realized)
+ return -EINVAL;
+
+ return cg_set_group_access(b->controller, b->path, mode, uid, gid);
+}
+
+int cgroup_bonding_set_group_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid) {
+ CGroupBonding *b;
int r;
+ LIST_FOREACH(by_unit, b, first) {
+ r = cgroup_bonding_set_group_access(b, mode, uid, gid);
+ if (r < 0)
+ return r;
+ }
+
+ return 0;
+}
+
+int cgroup_bonding_set_task_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid) {
assert(b);
- assert(sig >= 0);
- if ((r = cgroup_bonding_realize(b)) < 0)
- return r;
+ if (!b->realized)
+ return -EINVAL;
- assert(b->realized);
+ return cg_set_task_access(b->controller, b->path, mode, uid, gid);
+}
- return cg_kill_recursive(b->controller, b->path, sig, true, false);
+int cgroup_bonding_set_task_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid) {
+ CGroupBonding *b;
+ int r;
+
+ LIST_FOREACH(by_unit, b, first) {
+ r = cgroup_bonding_set_task_access(b, mode, uid, gid);
+ if (r < 0)
+ return r;
+ }
+
+ return 0;
}
-int cgroup_bonding_kill_list(CGroupBonding *first, int sig) {
+int cgroup_bonding_kill(CGroupBonding *b, int sig, bool sigcont, Set *s) {
+ assert(b);
+ assert(sig >= 0);
+
+ /* Don't kill cgroups that aren't ours */
+ if (!b->ours)
+ return 0;
+
+ return cg_kill_recursive(b->controller, b->path, sig, sigcont, true, false, s);
+}
+
+int cgroup_bonding_kill_list(CGroupBonding *first, int sig, bool sigcont, Set *s) {
CGroupBonding *b;
- int r = -EAGAIN;
+ Set *allocated_set = NULL;
+ int ret = -EAGAIN, r;
+
+ if (!s)
+ if (!(s = allocated_set = set_new(trivial_hash_func, trivial_compare_func)))
+ return -ENOMEM;
LIST_FOREACH(by_unit, b, first) {
- if ((r = cgroup_bonding_kill(b, sig)) < 0) {
+ if ((r = cgroup_bonding_kill(b, sig, sigcont, s)) < 0) {
if (r == -EAGAIN || r == -ESRCH)
continue;
- return r;
+ ret = r;
+ goto finish;
}
- return 0;
+ if (ret < 0 || r > 0)
+ ret = r;
}
- return r;
+finish:
+ if (allocated_set)
+ set_free(allocated_set);
+
+ return ret;
}
/* Returns 1 if the group is empty, 0 if it is not, -EAGAIN if we
return 1;
/* It's not only us using this cgroup, so we just don't know */
- return b->only_us ? 0 : -EAGAIN;
+ return b->ours ? 0 : -EAGAIN;
}
int cgroup_bonding_is_empty_list(CGroupBonding *first) {
assert(m);
+ /* 0. Be nice to Ingo Molnar #628004 */
+ if (path_is_mount_point("/sys/fs/cgroup/systemd", false) <= 0) {
+ log_warning("No control group support available, not creating root group.");
+ return 0;
+ }
+
/* 1. Determine hierarchy */
- if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 0, ¤t)) < 0)
+ if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 0, ¤t)) < 0) {
+ log_error("Cannot determine cgroup we are running in: %s", strerror(-r));
goto finish;
+ }
- snprintf(suffix, sizeof(suffix), "/systemd-%lu", (unsigned long) getpid());
- char_array_0(suffix);
+ if (m->running_as == MANAGER_SYSTEM)
+ strcpy(suffix, "/system");
+ else {
+ snprintf(suffix, sizeof(suffix), "/systemd-%lu", (unsigned long) getpid());
+ char_array_0(suffix);
+ }
free(m->cgroup_hierarchy);
if (endswith(current, suffix)) {
} else {
/* We need a new root cgroup */
m->cgroup_hierarchy = NULL;
- if ((r = asprintf(&m->cgroup_hierarchy, "%s%s", streq(current, "/") ? "" : current, suffix)) < 0) {
+ if (asprintf(&m->cgroup_hierarchy, "%s%s", streq(current, "/") ? "" : current, suffix) < 0) {
+ log_error("Out of memory");
r = -ENOMEM;
goto finish;
}
}
/* 2. Show data */
- if ((r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, NULL, &path)) < 0)
+ if ((r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, NULL, &path)) < 0) {
+ log_error("Cannot find cgroup mount point: %s", strerror(-r));
goto finish;
+ }
log_debug("Using cgroup controller " SYSTEMD_CGROUP_CONTROLLER ". File system hierarchy is at %s.", path);
/* 3. Install agent */
- if ((r = cg_install_release_agent(SYSTEMD_CGROUP_CONTROLLER, CGROUP_AGENT_PATH)) < 0)
+ if ((r = cg_install_release_agent(SYSTEMD_CGROUP_CONTROLLER, SYSTEMD_CGROUP_AGENT_PATH)) < 0)
log_warning("Failed to install release agent, ignoring: %s", strerror(-r));
else if (r > 0)
log_debug("Installed release agent.");
close_nointr_nofail(m->pin_cgroupfs_fd);
if ((m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK)) < 0) {
+ log_error("Failed to open pin file: %m");
r = -errno;
goto finish;
}
Unit* cgroup_unit_by_pid(Manager *m, pid_t pid) {
CGroupBonding *l, *b;
char *group = NULL;
- int r;
assert(m);
if (pid <= 1)
return NULL;
- if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, pid, &group)))
+ if (cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, pid, &group) < 0)
return NULL;
l = hashmap_get(m->cgroup_bondings, group);
+
+ if (!l) {
+ char *slash;
+
+ while ((slash = strrchr(group, '/'))) {
+ if (slash == group)
+ break;
+
+ *slash = 0;
+
+ if ((l = hashmap_get(m->cgroup_bondings, group)))
+ break;
+ }
+ }
+
free(group);
LIST_FOREACH(by_path, b, l) {
if (!b->unit)
continue;
- if (b->only_us)
+ if (b->ours)
return b->unit;
}
return r;
}
+
+pid_t cgroup_bonding_search_main_pid(CGroupBonding *b) {
+ FILE *f;
+ pid_t pid = 0, npid, mypid;
+
+ assert(b);
+
+ if (!b->ours)
+ return 0;
+
+ if (cg_enumerate_processes(b->controller, b->path, &f) < 0)
+ return 0;
+
+ mypid = getpid();
+
+ while (cg_read_pid(f, &npid) > 0) {
+ pid_t ppid;
+
+ if (npid == pid)
+ continue;
+
+ /* Ignore processes that aren't our kids */
+ if (get_parent_of_pid(npid, &ppid) >= 0 && ppid != mypid)
+ continue;
+
+ if (pid != 0) {
+ /* Dang, there's more than one daemonized PID
+ in this group, so we don't know what process
+ is the main process. */
+ pid = 0;
+ break;
+ }
+
+ pid = npid;
+ }
+
+ fclose(f);
+
+ return pid;
+}
+
+pid_t cgroup_bonding_search_main_pid_list(CGroupBonding *first) {
+ CGroupBonding *b;
+ pid_t pid;
+
+ /* Try to find a main pid from this cgroup, but checking if
+ * there's only one PID in the cgroup and returning it. Later
+ * on we might want to add additional, smarter heuristics
+ * here. */
+
+ LIST_FOREACH(by_unit, b, first)
+ if ((pid = cgroup_bonding_search_main_pid(b)) != 0)
+ return pid;
+
+ return 0;
+
+}