X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcgroup.c;h=1f6139e25f752176b2d19781c1253c8e608f8dc9;hp=83fe2ef207e1ddb72b0111a844d407722c3f4abb;hb=170dcb7bd575f61aa75ce55d7fc0183ace6b8b76;hpb=55096547212928b0ba83fca2595cae0d66d3c0b0 diff --git a/src/cgroup.c b/src/cgroup.c index 83fe2ef20..1f6139e25 100644 --- a/src/cgroup.c +++ b/src/cgroup.c @@ -1,4 +1,4 @@ -/*-*- Mode: C; c-basic-offset: 8 -*-*/ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ /*** This file is part of systemd. @@ -25,8 +25,7 @@ #include #include #include - -#include +#include #include "cgroup.h" #include "cgroup-util.h" @@ -39,17 +38,14 @@ int cgroup_bonding_realize(CGroupBonding *b) { assert(b->path); assert(b->controller); - if (b->realized) - return 0; - - if ((r = cg_create(b->controller, b->path)) < 0) + r = cg_create(b->controller, b->path); + if (r < 0) { + log_warning("Failed to create cgroup %s:%s: %s", b->controller, b->path, strerror(-r)); return r; + } b->realized = true; - if (b->only_us && b->clean_up) - cg_trim(b->controller, b->path, false); - return 0; } @@ -58,53 +54,50 @@ int cgroup_bonding_realize_list(CGroupBonding *first) { int r; LIST_FOREACH(by_unit, b, first) - if ((r = cgroup_bonding_realize(b)) < 0) + if ((r = cgroup_bonding_realize(b)) < 0 && b->essential) return r; return 0; } -void cgroup_bonding_free(CGroupBonding *b) { +void cgroup_bonding_free(CGroupBonding *b, bool trim) { assert(b); if (b->unit) { CGroupBonding *f; - LIST_REMOVE(CGroupBonding, by_unit, b->unit->meta.cgroup_bondings, b); + LIST_REMOVE(CGroupBonding, by_unit, b->unit->cgroup_bondings, b); - assert_se(f = hashmap_get(b->unit->meta.manager->cgroup_bondings, b->path)); - LIST_REMOVE(CGroupBonding, by_path, f, b); + if (streq(b->controller, SYSTEMD_CGROUP_CONTROLLER)) { + assert_se(f = hashmap_get(b->unit->manager->cgroup_bondings, b->path)); + LIST_REMOVE(CGroupBonding, by_path, f, b); - if (f) - hashmap_replace(b->unit->meta.manager->cgroup_bondings, b->path, f); - else - hashmap_remove(b->unit->meta.manager->cgroup_bondings, b->path); + if (f) + hashmap_replace(b->unit->manager->cgroup_bondings, b->path, f); + else + hashmap_remove(b->unit->manager->cgroup_bondings, b->path); + } } - if (b->realized && b->only_us && b->clean_up) { - - if (cgroup_bonding_is_empty(b) > 0) - cg_delete(b->controller, b->path); - else - cg_trim(b->controller, b->path, false); - } + if (b->realized && b->ours && trim) + cg_trim(b->controller, b->path, false); free(b->controller); free(b->path); free(b); } -void cgroup_bonding_free_list(CGroupBonding *first) { +void cgroup_bonding_free_list(CGroupBonding *first, bool remove_or_trim) { CGroupBonding *b, *n; LIST_FOREACH_SAFE(by_unit, b, n, first) - cgroup_bonding_free(b); + cgroup_bonding_free(b, remove_or_trim); } void cgroup_bonding_trim(CGroupBonding *b, bool delete_root) { assert(b); - if (b->realized && b->only_us && b->clean_up) + if (b->realized && b->ours) cg_trim(b->controller, b->path, delete_root); } @@ -133,42 +126,97 @@ int cgroup_bonding_install_list(CGroupBonding *first, pid_t pid) { int r; LIST_FOREACH(by_unit, b, first) - if ((r = cgroup_bonding_install(b, pid)) < 0) + if ((r = cgroup_bonding_install(b, pid)) < 0 && b->essential) return r; return 0; } -int cgroup_bonding_kill(CGroupBonding *b, int sig) { +int cgroup_bonding_set_group_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid) { + assert(b); + + if (!b->realized) + return -EINVAL; + + return cg_set_group_access(b->controller, b->path, mode, uid, gid); +} + +int cgroup_bonding_set_group_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid) { + CGroupBonding *b; int r; + LIST_FOREACH(by_unit, b, first) { + r = cgroup_bonding_set_group_access(b, mode, uid, gid); + if (r < 0) + return r; + } + + return 0; +} + +int cgroup_bonding_set_task_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid, int sticky) { assert(b); - assert(sig >= 0); - if ((r = cgroup_bonding_realize(b)) < 0) - return r; + if (!b->realized) + return -EINVAL; + + return cg_set_task_access(b->controller, b->path, mode, uid, gid, sticky); +} + +int cgroup_bonding_set_task_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid, int sticky) { + CGroupBonding *b; + int r; + + LIST_FOREACH(by_unit, b, first) { + r = cgroup_bonding_set_task_access(b, mode, uid, gid, sticky); + if (r < 0) + return r; + } + + return 0; +} - assert(b->realized); +int cgroup_bonding_kill(CGroupBonding *b, int sig, bool sigcont, Set *s) { + assert(b); + assert(sig >= 0); + + /* Don't kill cgroups that aren't ours */ + if (!b->ours) + return 0; - return cg_kill_recursive(b->controller, b->path, sig, true); + return cg_kill_recursive(b->controller, b->path, sig, sigcont, true, false, s); } -int cgroup_bonding_kill_list(CGroupBonding *first, int sig) { +int cgroup_bonding_kill_list(CGroupBonding *first, int sig, bool sigcont, Set *s) { CGroupBonding *b; - int r = -EAGAIN; + Set *allocated_set = NULL; + int ret = -EAGAIN, r; + + if (!first) + return 0; + + if (!s) + if (!(s = allocated_set = set_new(trivial_hash_func, trivial_compare_func))) + return -ENOMEM; LIST_FOREACH(by_unit, b, first) { - if ((r = cgroup_bonding_kill(b, sig)) < 0) { + if ((r = cgroup_bonding_kill(b, sig, sigcont, s)) < 0) { if (r == -EAGAIN || r == -ESRCH) continue; - return r; + ret = r; + goto finish; } - return 0; + if (ret < 0 || r > 0) + ret = r; } - return r; +finish: + if (allocated_set) + set_free(allocated_set); + + return ret; } /* Returns 1 if the group is empty, 0 if it is not, -EAGAIN if we @@ -186,7 +234,7 @@ int cgroup_bonding_is_empty(CGroupBonding *b) { return 1; /* It's not only us using this cgroup, so we just don't know */ - return b->only_us ? 0 : -EAGAIN; + return b->ours ? 0 : -EAGAIN; } int cgroup_bonding_is_empty_list(CGroupBonding *first) { @@ -210,81 +258,152 @@ int cgroup_bonding_is_empty_list(CGroupBonding *first) { } int manager_setup_cgroup(Manager *m) { - char *cp; + char *current = NULL, *path = NULL; int r; - pid_t pid; char suffix[32]; assert(m); - if ((r = cgroup_init()) != 0) { - log_error("Failed to initialize libcg: %s", cgroup_strerror(r)); - return cg_translate_error(r, errno); + /* 0. Be nice to Ingo Molnar #628004 */ + if (path_is_mount_point("/sys/fs/cgroup/systemd", false) <= 0) { + log_warning("No control group support available, not creating root group."); + return 0; } - free(m->cgroup_mount_point); - m->cgroup_mount_point = NULL; - if ((r = cgroup_get_subsys_mount_point(SYSTEMD_CGROUP_CONTROLLER, &m->cgroup_mount_point))) - return cg_translate_error(r, errno); - - pid = getpid(); - - if ((r = cgroup_get_current_controller_path(pid, SYSTEMD_CGROUP_CONTROLLER, &cp))) - return cg_translate_error(r, errno); + /* 1. Determine hierarchy */ + if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 0, ¤t)) < 0) { + log_error("Cannot determine cgroup we are running in: %s", strerror(-r)); + goto finish; + } - snprintf(suffix, sizeof(suffix), "/systemd-%u", (unsigned) pid); - char_array_0(suffix); + if (m->running_as == MANAGER_SYSTEM) + strcpy(suffix, "/system"); + else { + snprintf(suffix, sizeof(suffix), "/systemd-%lu", (unsigned long) getpid()); + char_array_0(suffix); + } free(m->cgroup_hierarchy); - - if (endswith(cp, suffix)) + if (endswith(current, suffix)) { /* We probably got reexecuted and can continue to use our root cgroup */ - m->cgroup_hierarchy = cp; - else { - /* We need a new root cgroup */ + m->cgroup_hierarchy = current; + current = NULL; + } else { + /* We need a new root cgroup */ m->cgroup_hierarchy = NULL; - r = asprintf(&m->cgroup_hierarchy, "%s%s", streq(cp, "/") ? "" : cp, suffix); - free(cp); + if (asprintf(&m->cgroup_hierarchy, "%s%s", streq(current, "/") ? "" : current, suffix) < 0) { + log_error("Out of memory"); + r = -ENOMEM; + goto finish; + } + } - if (r < 0) - return -ENOMEM; + /* 2. Show data */ + if ((r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, NULL, &path)) < 0) { + log_error("Cannot find cgroup mount point: %s", strerror(-r)); + goto finish; } - log_debug("Using cgroup controller <" SYSTEMD_CGROUP_CONTROLLER ">, hierarchy mounted at <%s>, using root group <%s>.", - m->cgroup_mount_point, - m->cgroup_hierarchy); + log_debug("Using cgroup controller " SYSTEMD_CGROUP_CONTROLLER ". File system hierarchy is at %s.", path); - if ((r = cg_install_release_agent(SYSTEMD_CGROUP_CONTROLLER, CGROUP_AGENT_PATH)) < 0) + /* 3. Install agent */ + if ((r = cg_install_release_agent(SYSTEMD_CGROUP_CONTROLLER, SYSTEMD_CGROUP_AGENT_PATH)) < 0) log_warning("Failed to install release agent, ignoring: %s", strerror(-r)); + else if (r > 0) + log_debug("Installed release agent."); else - log_debug("Installed release agent, or already installed."); + log_debug("Release agent already installed."); - if ((r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, 0)) < 0) + /* 4. Realize the group */ + if ((r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, 0)) < 0) { log_error("Failed to create root cgroup hierarchy: %s", strerror(-r)); - else - log_debug("Created root group."); + goto finish; + } + + /* 5. And pin it, so that it cannot be unmounted */ + if (m->pin_cgroupfs_fd >= 0) + close_nointr_nofail(m->pin_cgroupfs_fd); + + if ((m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK)) < 0) { + log_error("Failed to open pin file: %m"); + r = -errno; + goto finish; + } + + log_debug("Created root group."); + +finish: + free(current); + free(path); return r; } -int manager_shutdown_cgroup(Manager *m) { +void manager_shutdown_cgroup(Manager *m, bool delete) { assert(m); - if (!m->cgroup_hierarchy) - return 0; + if (delete && m->cgroup_hierarchy) + cg_delete(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy); + + if (m->pin_cgroupfs_fd >= 0) { + close_nointr_nofail(m->pin_cgroupfs_fd); + m->pin_cgroupfs_fd = -1; + } + + free(m->cgroup_hierarchy); + m->cgroup_hierarchy = NULL; +} + +int cgroup_bonding_get(Manager *m, const char *cgroup, CGroupBonding **bonding) { + CGroupBonding *b; + char *p; + + assert(m); + assert(cgroup); + assert(bonding); + + b = hashmap_get(m->cgroup_bondings, cgroup); + if (b) { + *bonding = b; + return 1; + } + + p = strdup(cgroup); + if (!p) + return -ENOMEM; + + for (;;) { + char *e; + + e = strrchr(p, '/'); + if (!e || e == p) { + free(p); + *bonding = NULL; + return 0; + } - return cg_delete(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy); + *e = 0; + + b = hashmap_get(m->cgroup_bondings, p); + if (b) { + free(p); + *bonding = b; + return 1; + } + } } int cgroup_notify_empty(Manager *m, const char *group) { CGroupBonding *l, *b; + int r; assert(m); assert(group); - if (!(l = hashmap_get(m->cgroup_bondings, group))) - return 0; + r = cgroup_bonding_get(m, group, &l); + if (r <= 0) + return r; LIST_FOREACH(by_path, b, l) { int t; @@ -292,7 +411,8 @@ int cgroup_notify_empty(Manager *m, const char *group) { if (!b->unit) continue; - if ((t = cgroup_bonding_is_empty_list(b)) < 0) { + t = cgroup_bonding_is_empty_list(b); + if (t < 0) { /* If we don't know, we don't know */ if (t != -EAGAIN) @@ -301,9 +421,13 @@ int cgroup_notify_empty(Manager *m, const char *group) { continue; } - if (t > 0) + if (t > 0) { + /* If it is empty, let's delete it */ + cgroup_bonding_trim_list(b->unit->cgroup_bondings, true); + if (UNIT_VTABLE(b->unit)->cgroup_notify_empty) UNIT_VTABLE(b->unit)->cgroup_notify_empty(b->unit); + } } return 0; @@ -312,17 +436,31 @@ int cgroup_notify_empty(Manager *m, const char *group) { Unit* cgroup_unit_by_pid(Manager *m, pid_t pid) { CGroupBonding *l, *b; char *group = NULL; - int r; assert(m); if (pid <= 1) return NULL; - if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, pid, &group))) + if (cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, pid, &group) < 0) return NULL; l = hashmap_get(m->cgroup_bondings, group); + + if (!l) { + char *slash; + + while ((slash = strrchr(group, '/'))) { + if (slash == group) + break; + + *slash = 0; + + if ((l = hashmap_get(m->cgroup_bondings, group))) + break; + } + } + free(group); LIST_FOREACH(by_path, b, l) { @@ -330,7 +468,7 @@ Unit* cgroup_unit_by_pid(Manager *m, pid_t pid) { if (!b->unit) continue; - if (b->only_us) + if (b->ours) return b->unit; } @@ -359,3 +497,60 @@ char *cgroup_bonding_to_string(CGroupBonding *b) { return r; } + +pid_t cgroup_bonding_search_main_pid(CGroupBonding *b) { + FILE *f; + pid_t pid = 0, npid, mypid; + + assert(b); + + if (!b->ours) + return 0; + + if (cg_enumerate_processes(b->controller, b->path, &f) < 0) + return 0; + + mypid = getpid(); + + while (cg_read_pid(f, &npid) > 0) { + pid_t ppid; + + if (npid == pid) + continue; + + /* Ignore processes that aren't our kids */ + if (get_parent_of_pid(npid, &ppid) >= 0 && ppid != mypid) + continue; + + if (pid != 0) { + /* Dang, there's more than one daemonized PID + in this group, so we don't know what process + is the main process. */ + pid = 0; + break; + } + + pid = npid; + } + + fclose(f); + + return pid; +} + +pid_t cgroup_bonding_search_main_pid_list(CGroupBonding *first) { + CGroupBonding *b; + pid_t pid; + + /* Try to find a main pid from this cgroup, but checking if + * there's only one PID in the cgroup and returning it. Later + * on we might want to add additional, smarter heuristics + * here. */ + + LIST_FOREACH(by_unit, b, first) + if ((pid = cgroup_bonding_search_main_pid(b)) != 0) + return pid; + + return 0; + +}