chiark / gitweb /
cgroup: make sure the user cannot accidentaly unmount our cgroup filesystem
authorLennart Poettering <lennart@poettering.net>
Fri, 18 Jun 2010 18:15:34 +0000 (20:15 +0200)
committerLennart Poettering <lennart@poettering.net>
Fri, 18 Jun 2010 18:15:34 +0000 (20:15 +0200)
fixme
src/cgroup.c
src/manager.c
src/manager.h

diff --git a/fixme b/fixme
index 23fda7e..dfd496d 100644 (file)
--- a/fixme
+++ b/fixme
 
 * make systemd bus activatable
 
 
 * make systemd bus activatable
 
-* pin /cgroup/systemd
-
 * systemd-sysvinit as package
 
 * install must understand templates
 
 * systemd-sysvinit as package
 
 * install must understand templates
 
-* upstart fallback in systemctl
-
 * abstract namespace dbus socket
 
 * /sbin/shutdown argv[2..] message
 * abstract namespace dbus socket
 
 * /sbin/shutdown argv[2..] message
index 108c4fc..291db4e 100644 (file)
@@ -407,7 +407,7 @@ finish:
 }
 
 int manager_setup_cgroup(Manager *m) {
 }
 
 int manager_setup_cgroup(Manager *m) {
-        char *mp, *cp;
+        char *cp;
         int r;
         pid_t pid;
         char suffix[32];
         int r;
         pid_t pid;
         char suffix[32];
@@ -423,15 +423,15 @@ int manager_setup_cgroup(Manager *m) {
         if (!(m->cgroup_controller = strdup("name=systemd")))
                 return -ENOMEM;
 
         if (!(m->cgroup_controller = strdup("name=systemd")))
                 return -ENOMEM;
 
-        if ((r = cgroup_get_subsys_mount_point(m->cgroup_controller, &mp)))
+        free(m->cgroup_mount_point);
+        m->cgroup_mount_point = NULL;
+        if ((r = cgroup_get_subsys_mount_point(m->cgroup_controller, &m->cgroup_mount_point)))
                 return translate_error(r, errno);
 
         pid = getpid();
 
                 return translate_error(r, errno);
 
         pid = getpid();
 
-        if ((r = cgroup_get_current_controller_path(pid, m->cgroup_controller, &cp))) {
-                free(mp);
+        if ((r = cgroup_get_current_controller_path(pid, m->cgroup_controller, &cp)))
                 return translate_error(r, errno);
                 return translate_error(r, errno);
-        }
 
         snprintf(suffix, sizeof(suffix), "/systemd-%u", (unsigned) pid);
         char_array_0(suffix);
 
         snprintf(suffix, sizeof(suffix), "/systemd-%u", (unsigned) pid);
         char_array_0(suffix);
@@ -448,24 +448,20 @@ int manager_setup_cgroup(Manager *m) {
                 r = asprintf(&m->cgroup_hierarchy, "%s%s", streq(cp, "/") ? "" : cp, suffix);
                 free(cp);
 
                 r = asprintf(&m->cgroup_hierarchy, "%s%s", streq(cp, "/") ? "" : cp, suffix);
                 free(cp);
 
-                if (r < 0) {
-                        free(mp);
+                if (r < 0)
                         return -ENOMEM;
                         return -ENOMEM;
-                }
         }
 
         log_debug("Using cgroup controller <%s>, hierarchy mounted at <%s>, using root group <%s>.",
                   m->cgroup_controller,
         }
 
         log_debug("Using cgroup controller <%s>, hierarchy mounted at <%s>, using root group <%s>.",
                   m->cgroup_controller,
-                  mp,
+                  m->cgroup_mount_point,
                   m->cgroup_hierarchy);
 
                   m->cgroup_hierarchy);
 
-        if ((r = install_release_agent(m, mp)) < 0)
+        if ((r = install_release_agent(m, m->cgroup_mount_point)) < 0)
                 log_warning("Failed to install release agent, ignoring: %s", strerror(-r));
         else
                 log_debug("Installed release agent, or already installed.");
 
                 log_warning("Failed to install release agent, ignoring: %s", strerror(-r));
         else
                 log_debug("Installed release agent, or already installed.");
 
-        free(mp);
-
         if ((r = create_hierarchy_cgroup(m)) < 0)
                 log_error("Failed to create root cgroup hierarchy: %s", strerror(-r));
         else
         if ((r = create_hierarchy_cgroup(m)) < 0)
                 log_error("Failed to create root cgroup hierarchy: %s", strerror(-r));
         else
index c93b791..5e627ba 100644 (file)
@@ -197,6 +197,7 @@ static int manager_setup_signals(Manager *m) {
 int manager_new(ManagerRunningAs running_as, bool confirm_spawn, Manager **_m) {
         Manager *m;
         int r = -ENOMEM;
 int manager_new(ManagerRunningAs running_as, bool confirm_spawn, Manager **_m) {
         Manager *m;
         int r = -ENOMEM;
+        char *p;
 
         assert(_m);
         assert(running_as >= 0);
 
         assert(_m);
         assert(running_as >= 0);
@@ -211,6 +212,7 @@ int manager_new(ManagerRunningAs running_as, bool confirm_spawn, Manager **_m) {
         m->confirm_spawn = confirm_spawn;
         m->name_data_slot = -1;
         m->exit_code = _MANAGER_EXIT_CODE_INVALID;
         m->confirm_spawn = confirm_spawn;
         m->name_data_slot = -1;
         m->exit_code = _MANAGER_EXIT_CODE_INVALID;
+        m->pin_cgroupfs_fd = -1;
 
         m->signal_watch.fd = m->mount_watch.fd = m->udev_watch.fd = m->epoll_fd = m->dev_autofs_fd = -1;
         m->current_job_id = 1; /* start as id #1, so that we can leave #0 around as "null-like" value */
 
         m->signal_watch.fd = m->mount_watch.fd = m->udev_watch.fd = m->epoll_fd = m->dev_autofs_fd = -1;
         m->current_job_id = 1; /* start as id #1, so that we can leave #0 around as "null-like" value */
@@ -256,6 +258,14 @@ int manager_new(ManagerRunningAs running_as, bool confirm_spawn, Manager **_m) {
             (r = bus_init_api(m)) < 0)
                 goto fail;
 
             (r = bus_init_api(m)) < 0)
                 goto fail;
 
+        if (asprintf(&p, "%s/%s", m->cgroup_mount_point, m->cgroup_hierarchy) < 0) {
+                r = -ENOMEM;
+                goto fail;
+        }
+
+        m->pin_cgroupfs_fd = open(p, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY|O_NONBLOCK);
+        free(p);
+
         *_m = m;
         return 0;
 
         *_m = m;
         return 0;
 
@@ -446,9 +456,13 @@ void manager_free(Manager *m) {
 
         free(m->cgroup_controller);
         free(m->cgroup_hierarchy);
 
         free(m->cgroup_controller);
         free(m->cgroup_hierarchy);
+        free(m->cgroup_mount_point);
 
         hashmap_free(m->cgroup_bondings);
 
 
         hashmap_free(m->cgroup_bondings);
 
+        if (m->pin_cgroupfs_fd >= 0)
+                close_nointr_nofail(m->pin_cgroupfs_fd);
+
         free(m);
 }
 
         free(m);
 }
 
index 405f143..762a891 100644 (file)
@@ -167,12 +167,17 @@ struct Manager {
         /* Data specific to the cgroup subsystem */
         Hashmap *cgroup_bondings; /* path string => CGroupBonding object 1:n */
         char *cgroup_controller;
         /* Data specific to the cgroup subsystem */
         Hashmap *cgroup_bondings; /* path string => CGroupBonding object 1:n */
         char *cgroup_controller;
+        char *cgroup_mount_point;
         char *cgroup_hierarchy;
 
         usec_t gc_queue_timestamp;
         int gc_marker;
         unsigned n_in_gc_queue;
 
         char *cgroup_hierarchy;
 
         usec_t gc_queue_timestamp;
         int gc_marker;
         unsigned n_in_gc_queue;
 
+        /* Make sure the user cannot accidentaly unmount our cgroup
+         * file system */
+        int pin_cgroupfs_fd;
+
         /* Flags */
         ManagerRunningAs running_as;
         ManagerExitCode exit_code:4;
         /* Flags */
         ManagerRunningAs running_as;
         ManagerExitCode exit_code:4;