X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcgroup.c;h=dcf2c2feb7a30d44fc347e5e0da2f30f1046be5b;hp=64082d0dc6b64140636d1f10ee209e4fa9deecf3;hb=dad503169b2665ecfd3f5bfb3c936897e44ecca7;hpb=d686d8a97bd7945af0a61504392d01a3167b576f diff --git a/src/cgroup.c b/src/cgroup.c index 64082d0dc..dcf2c2feb 100644 --- a/src/cgroup.c +++ b/src/cgroup.c @@ -41,14 +41,14 @@ int cgroup_bonding_realize(CGroupBonding *b) { if (b->realized) return 0; - if ((r = cg_create(b->controller, b->path)) < 0) + r = cg_create(b->controller, b->path); + if (r < 0) { + log_warning("Failed to create cgroup %s:%s: %s", b->controller, b->path, strerror(-r)); return r; + } b->realized = true; - if (b->ours) - cg_trim(b->controller, b->path, false); - return 0; } @@ -63,7 +63,7 @@ int cgroup_bonding_realize_list(CGroupBonding *first) { return 0; } -void cgroup_bonding_free(CGroupBonding *b) { +void cgroup_bonding_free(CGroupBonding *b, bool remove_or_trim) { assert(b); if (b->unit) { @@ -82,7 +82,7 @@ void cgroup_bonding_free(CGroupBonding *b) { } } - if (b->realized && b->ours) { + if (b->realized && b->ours && remove_or_trim) { if (cgroup_bonding_is_empty(b) > 0) cg_delete(b->controller, b->path); @@ -95,11 +95,11 @@ void cgroup_bonding_free(CGroupBonding *b) { free(b); } -void cgroup_bonding_free_list(CGroupBonding *first) { +void cgroup_bonding_free_list(CGroupBonding *first, bool remove_or_trim) { CGroupBonding *b, *n; LIST_FOREACH_SAFE(by_unit, b, n, first) - cgroup_bonding_free(b); + cgroup_bonding_free(b, remove_or_trim); } void cgroup_bonding_trim(CGroupBonding *b, bool delete_root) { @@ -140,18 +140,62 @@ int cgroup_bonding_install_list(CGroupBonding *first, pid_t pid) { return 0; } -int cgroup_bonding_kill(CGroupBonding *b, int sig, Set *s) { +int cgroup_bonding_set_group_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid) { + assert(b); + + if (!b->realized) + return -EINVAL; + + return cg_set_group_access(b->controller, b->path, mode, uid, gid); +} + +int cgroup_bonding_set_group_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid) { + CGroupBonding *b; + int r; + + LIST_FOREACH(by_unit, b, first) { + r = cgroup_bonding_set_group_access(b, mode, uid, gid); + if (r < 0) + return r; + } + + return 0; +} + +int cgroup_bonding_set_task_access(CGroupBonding *b, mode_t mode, uid_t uid, gid_t gid) { + assert(b); + + if (!b->realized) + return -EINVAL; + + return cg_set_task_access(b->controller, b->path, mode, uid, gid); +} + +int cgroup_bonding_set_task_access_list(CGroupBonding *first, mode_t mode, uid_t uid, gid_t gid) { + CGroupBonding *b; + int r; + + LIST_FOREACH(by_unit, b, first) { + r = cgroup_bonding_set_task_access(b, mode, uid, gid); + if (r < 0) + return r; + } + + return 0; +} + +int cgroup_bonding_kill(CGroupBonding *b, int sig, bool sigcont, Set *s) { assert(b); assert(sig >= 0); /* Don't kill cgroups that aren't ours */ - if (!b->realized || !b->ours) + if (!b->ours) return 0; - return cg_kill_recursive(b->controller, b->path, sig, true, false, s); + return cg_kill_recursive(b->controller, b->path, sig, sigcont, true, false, s); } -int cgroup_bonding_kill_list(CGroupBonding *first, int sig, Set *s) { +int cgroup_bonding_kill_list(CGroupBonding *first, int sig, bool sigcont, Set *s) { CGroupBonding *b; Set *allocated_set = NULL; int ret = -EAGAIN, r; @@ -161,7 +205,7 @@ int cgroup_bonding_kill_list(CGroupBonding *first, int sig, Set *s) { return -ENOMEM; LIST_FOREACH(by_unit, b, first) { - if ((r = cgroup_bonding_kill(b, sig, s)) < 0) { + if ((r = cgroup_bonding_kill(b, sig, sigcont, s)) < 0) { if (r == -EAGAIN || r == -ESRCH) continue; @@ -225,9 +269,17 @@ int manager_setup_cgroup(Manager *m) { assert(m); + /* 0. Be nice to Ingo Molnar #628004 */ + if (path_is_mount_point("/sys/fs/cgroup/systemd", false) <= 0) { + log_warning("No control group support available, not creating root group."); + return 0; + } + /* 1. Determine hierarchy */ - if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 0, ¤t)) < 0) + if ((r = cg_get_by_pid(SYSTEMD_CGROUP_CONTROLLER, 0, ¤t)) < 0) { + log_error("Cannot determine cgroup we are running in: %s", strerror(-r)); goto finish; + } if (m->running_as == MANAGER_SYSTEM) strcpy(suffix, "/system"); @@ -246,14 +298,17 @@ int manager_setup_cgroup(Manager *m) { /* We need a new root cgroup */ m->cgroup_hierarchy = NULL; if (asprintf(&m->cgroup_hierarchy, "%s%s", streq(current, "/") ? "" : current, suffix) < 0) { + log_error("Out of memory"); r = -ENOMEM; goto finish; } } /* 2. Show data */ - if ((r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, NULL, &path)) < 0) + if ((r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup_hierarchy, NULL, &path)) < 0) { + log_error("Cannot find cgroup mount point: %s", strerror(-r)); goto finish; + } log_debug("Using cgroup controller " SYSTEMD_CGROUP_CONTROLLER ". File system hierarchy is at %s.", path); @@ -276,6 +331,7 @@ int manager_setup_cgroup(Manager *m) { close_nointr_nofail(m->pin_cgroupfs_fd); if ((m->pin_cgroupfs_fd = open(path, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK)) < 0) { + log_error("Failed to open pin file: %m"); r = -errno; goto finish; } @@ -403,26 +459,32 @@ char *cgroup_bonding_to_string(CGroupBonding *b) { pid_t cgroup_bonding_search_main_pid(CGroupBonding *b) { FILE *f; - pid_t pid = 0, npid; - int r; + pid_t pid = 0, npid, mypid; assert(b); if (!b->ours) return 0; - if ((r = cg_enumerate_processes(b->controller, b->path, &f)) < 0) + if (cg_enumerate_processes(b->controller, b->path, &f) < 0) return 0; - while ((r = cg_read_pid(f, &npid)) > 0) { + mypid = getpid(); + + while (cg_read_pid(f, &npid) > 0) { + pid_t ppid; if (npid == pid) continue; + /* Ignore processes that aren't our kids */ + if (get_parent_of_pid(npid, &ppid) >= 0 && ppid != mypid) + continue; + if (pid != 0) { - /* Dang, there's more than one PID in this - * group, so we don't know what process is the - * main process. */ + /* Dang, there's more than one daemonized PID + in this group, so we don't know what process + is the main process. */ pid = 0; break; }