X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcgroup.c;h=1f6139e25f752176b2d19781c1253c8e608f8dc9;hp=64082d0dc6b64140636d1f10ee209e4fa9deecf3;hb=5c72face73e89610a5b926c42fc8e0223bf546a2;hpb=d686d8a97bd7945af0a61504392d01a3167b576f diff --git a/src/cgroup.c b/src/cgroup.c index 64082d0dc..1f6139e25 100644 --- a/src/cgroup.c +++ b/src/cgroup.c @@ -38,17 +38,14 @@ int cgroup_bonding_realize(CGroupBonding *b) { assert(b->path); assert(b->controller); - if (b->realized) - return 0; - - if ((r = cg_create(b->controller, b->path)) < 0) + r = cg_create(b->controller, b->path); + if (r < 0) { + log_warning("Failed to create cgroup %s:%s: %s", b->controller, b->path, strerror(-r)); return r; + } b->realized = true; - if (b->ours) - cg_trim(b->controller, b->path, false); - return 0; } @@ -63,43 +60,38 @@ int cgroup_bonding_realize_list(CGroupBonding *first) { return 0; } -void cgroup_bonding_free(CGroupBonding *b) { +void cgroup_bonding_free(CGroupBonding *b, bool trim) { assert(b); if (b->unit) { CGroupBonding *f; - LIST_REMOVE(CGroupBonding, by_unit, b->unit->meta.cgroup_bondings, b); + LIST_REMOVE(CGroupBonding, by_unit, b->unit->cgroup_bondings, b); if (streq(b->controller, SYSTEMD_CGROUP_CONTROLLER)) { - assert_se(f = hashmap_get(b->unit->meta.manager->cgroup_bondings, b->path)); + assert_se(f = hashmap_get(b->unit->manager->cgroup_bondings, b->path)); LIST_REMOVE(CGroupBonding, by_path, f, b); if (f) - hashmap_replace(b->unit->meta.manager->cgroup_bondings, b->path, f); + hashmap_replace(b->unit->manager->cgroup_bondings, b->path, f); else - hashmap_remove(b->unit->meta.manager->cgroup_bondings, b->path); + hashmap_remove(b->unit->manager->cgroup_bondings, b->path); } } - if (b->realized && b->ours) { - - if (cgroup_bonding_is_empty(b) > 0) - cg_delete(b->controller, b->path); - else - cg_trim(b->controller, b->path, false); - } + if (b->realized && b->ours && trim) + cg_trim(b->controller, b->path, false); free(b->controller); free(b->path); free(b); } -void cgroup_bonding_free_list(CGroupBonding *first) { +void cgroup_bonding_free_list(CGroupBonding *first, bool remove_or_trim) { CGroupBonding *b, *n; LIST_FOREACH_SAFE(by_unit, b, n, first) - cgroup_bonding_free(b); + cgroup_bonding_free(b, remove_or_trim); } void cgroup_bonding_trim(CGroupBonding *b, bool delete_root) { @@ -140,28 +132,75 @@ int cgroup_bonding_install_list(CGroupBonding *first, pid_t pid) { return 0; } -int cgroup_bonding_kill(CGroupBonding *b, int sig, Set *s) { +int cgroup_bonding_set_group_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid) { + assert(b); + + if (!b->realized) + return -EINVAL; + + return cg_set_group_access(b->controller, b->path, mode, uid, gid); +} + +int cgroup_bonding_set_group_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid) { + CGroupBonding *b; + int r; + + LIST_FOREACH(by_unit, b, first) { + r = cgroup_bonding_set_group_access(b, mode, uid, gid); + if (r < 0) + return r; + } + + return 0; +} + +int cgroup_bonding_set_task_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid, int sticky) { + assert(b); + + if (!b->realized) + return -EINVAL; + + return cg_set_task_access(b->controller, b->path, mode, uid, gid, sticky); +} + +int cgroup_bonding_set_task_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid, int sticky) { + CGroupBonding *b; + int r; + + LIST_FOREACH(by_unit, b, first) { + r = cgroup_bonding_set_task_access(b, mode, uid, gid, sticky); + if (r < 0) + return r; + } + + return 0; +} + +int cgroup_bonding_kill(CGroupBonding *b, int sig, bool sigcont, Set *s) { assert(b); assert(sig >= 0); /* Don't kill cgroups that aren't ours */ - if (!b->realized || !b->ours) + if (!b->ours) return 0; - return cg_kill_recursive(b->controller, b->path, sig, true, false, s); + return cg_kill_recursive(b->controller, b->path, sig, sigcont, true, false, s); } -int cgroup_bonding_kill_list(CGroupBonding *first, int sig, Set *s) { +int cgroup_bonding_kill_list(CGroupBonding *first, int sig, bool sigcont, Set *s) { CGroupBonding *b; Set *allocated_set = NULL; int ret = -EAGAIN, r; + if (!first) + return 0; + if (!s) if (!(s = allocated_set = set_new(trivial_hash_func, trivial_compare_func))) return -ENOMEM; LIST_FOREACH(by_unit, b, first) { - if ((r = cgroup_bonding_kill(b, sig, s)) < 0) { + if ((r = cgroup_bonding_kill(b, sig, sigcont, s)) < 0) { if (r == -EAGAIN || r == -ESRCH) continue; @@ -225,9 +264,17 @@ int manager_setup_cgroup(Manager *m) { assert(m); + /* 0. Be nice to Ingo Molnar #628004 */ + if (path_is_mount_point("/sys/fs/cgroup/systemd", false) <= 0) { + log_warning("No control group support available, not creating root group."); + return 0; + } + /* 1. Determine hierarchy */ - if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 0, ¤t)) < 0) + if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 0, ¤t)) < 0) { + log_error("Cannot determine cgroup we are running in: %s", strerror(-r)); goto finish; + } if (m->running_as == MANAGER_SYSTEM) strcpy(suffix, "/system"); @@ -246,14 +293,17 @@ int manager_setup_cgroup(Manager *m) { /* We need a new root cgroup */ m->cgroup_hierarchy = NULL; if (asprintf(&m->cgroup_hierarchy, "%s%s", streq(current, "/") ? "" : current, suffix) < 0) { + log_error("Out of memory"); r = -ENOMEM; goto finish; } } /* 2. Show data */ - if ((r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, NULL, &path)) < 0) + if ((r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, NULL, &path)) < 0) { + log_error("Cannot find cgroup mount point: %s", strerror(-r)); goto finish; + } log_debug("Using cgroup controller " SYSTEMD_CGROUP_CONTROLLER ". File system hierarchy is at %s.", path); @@ -276,6 +326,7 @@ int manager_setup_cgroup(Manager *m) { close_nointr_nofail(m->pin_cgroupfs_fd); if ((m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK)) < 0) { + log_error("Failed to open pin file: %m"); r = -errno; goto finish; } @@ -304,14 +355,55 @@ void manager_shutdown_cgroup(Manager *m, bool delete) { m->cgroup_hierarchy = NULL; } +int cgroup_bonding_get(Manager *m, const char *cgroup, CGroupBonding **bonding) { + CGroupBonding *b; + char *p; + + assert(m); + assert(cgroup); + assert(bonding); + + b = hashmap_get(m->cgroup_bondings, cgroup); + if (b) { + *bonding = b; + return 1; + } + + p = strdup(cgroup); + if (!p) + return -ENOMEM; + + for (;;) { + char *e; + + e = strrchr(p, '/'); + if (!e || e == p) { + free(p); + *bonding = NULL; + return 0; + } + + *e = 0; + + b = hashmap_get(m->cgroup_bondings, p); + if (b) { + free(p); + *bonding = b; + return 1; + } + } +} + int cgroup_notify_empty(Manager *m, const char *group) { CGroupBonding *l, *b; + int r; assert(m); assert(group); - if (!(l = hashmap_get(m->cgroup_bondings, group))) - return 0; + r = cgroup_bonding_get(m, group, &l); + if (r <= 0) + return r; LIST_FOREACH(by_path, b, l) { int t; @@ -319,7 +411,8 @@ int cgroup_notify_empty(Manager *m, const char *group) { if (!b->unit) continue; - if ((t = cgroup_bonding_is_empty_list(b)) < 0) { + t = cgroup_bonding_is_empty_list(b); + if (t < 0) { /* If we don't know, we don't know */ if (t != -EAGAIN) @@ -328,9 +421,13 @@ int cgroup_notify_empty(Manager *m, const char *group) { continue; } - if (t > 0) + if (t > 0) { + /* If it is empty, let's delete it */ + cgroup_bonding_trim_list(b->unit->cgroup_bondings, true); + if (UNIT_VTABLE(b->unit)->cgroup_notify_empty) UNIT_VTABLE(b->unit)->cgroup_notify_empty(b->unit); + } } return 0; @@ -403,26 +500,32 @@ char *cgroup_bonding_to_string(CGroupBonding *b) { pid_t cgroup_bonding_search_main_pid(CGroupBonding *b) { FILE *f; - pid_t pid = 0, npid; - int r; + pid_t pid = 0, npid, mypid; assert(b); if (!b->ours) return 0; - if ((r = cg_enumerate_processes(b->controller, b->path, &f)) < 0) + if (cg_enumerate_processes(b->controller, b->path, &f) < 0) return 0; - while ((r = cg_read_pid(f, &npid)) > 0) { + mypid = getpid(); + + while (cg_read_pid(f, &npid) > 0) { + pid_t ppid; if (npid == pid) continue; + /* Ignore processes that aren't our kids */ + if (get_parent_of_pid(npid, &ppid) >= 0 && ppid != mypid) + continue; + if (pid != 0) { - /* Dang, there's more than one PID in this - * group, so we don't know what process is the - * main process. */ + /* Dang, there's more than one daemonized PID + in this group, so we don't know what process + is the main process. */ pid = 0; break; }