proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 19:51:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

cgfsng: cgfsng_monitor_enter()

Browse Source 
brauner@wittgenstein|~
> sudo systemctl status lxc@c1
● lxc@c1.service - LXC Container: c1
   Loaded: loaded (/lib/systemd/system/lxc@.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-09-11 10:42:22 CEST; 38s ago
     Docs: man:lxc-start
           man:lxc
  Process: 29855 ExecStart=/usr/bin/lxc-start -n c1 -p /run/lxc/c1.pid (code=exited, status=0/SUCCESS)
    Tasks: 18 (limit: 4915)
   Memory: 32.1M
   CGroup: /system.slice/system-lxc.slice/lxc@c1.service
           ├─lxc.monitor
           │ └─c1
           │   └─29870 [lxc monitor] /var/lib/lxc c1
           └─lxc.payload
             └─c1
               ├─init.scope
               │ └─29878 /sbin/init
               └─system.slice
                 ├─console-getty.service
                 │ └─30028 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 linux
                 ├─cron.service
                 │ └─30019 /usr/sbin/cron -f
                 ├─dbus.service
                 │ └─30020 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
                 ├─networkd-dispatcher.service
                 │ └─30016 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
                 ├─rsyslog.service
                 │ └─30017 /usr/sbin/rsyslogd -n
                 ├─system-container\x2dgetty.slice
                 │ ├─container-getty@0.service
                 │ │ └─30027 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/0 115200,38400,9600 vt220
                 │ ├─container-getty@1.service
                 │ │ └─30030 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/1 115200,38400,9600 vt220
                 │ ├─container-getty@2.service
                 │ │ └─30026 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/2 115200,38400,9600 vt220
                 │ └─container-getty@3.service
                 │   └─30029 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/3 115200,38400,9600 vt220
                 ├─systemd-journald.service
                 │ └─29976 /lib/systemd/systemd-journald
                 ├─systemd-logind.service
                 │ └─30018 /lib/systemd/systemd-logind
                 ├─systemd-networkd.service
                 │ └─29996 /lib/systemd/systemd-networkd
                 ├─systemd-resolved.service
                 │ └─30014 /lib/systemd/systemd-resolved
                 └─systemd-udevd.service
                   └─29986 /lib/systemd/systemd-udevd

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2018-09-10 16:40:18 +02:00
parent 634ab5ed7d
commit eeef32bbda
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
2 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
src/lxc/cgroups/cgfsng.c
View File

@ -1370,33 +1370,48 @@ out_free:
return false; return false;
} }
__cgfsng_ops__ static bool cgfsng_enter(struct cgroup_ops *ops, pid_t pid) __cgfsng_ops__ static bool __do_cgroup_enter(struct cgroup_ops *ops, pid_t pid,
bool monitor)
{ {
int i, len; int len;
char pidstr[25]; char pidstr[25];
len = snprintf(pidstr, 25, "%d", pid); len = snprintf(pidstr, 25, "%d", pid);
if (len < 0 || len >= 25) if (len < 0 || len >= 25)
return false; return false;
for (i = 0; ops->hierarchies[i]; i++) { for (int i = 0; ops->hierarchies[i]; i++) {
int ret; int ret;
char *fullpath; char *path;
fullpath = must_make_path(ops->hierarchies[i]->container_full_path, if (monitor)
"cgroup.procs", NULL); path = must_make_path(ops->hierarchies[i]->monitor_full_path,
ret = lxc_write_to_file(fullpath, pidstr, len, false, 0666); "cgroup.procs", NULL);
else
path = must_make_path(ops->hierarchies[i]->container_full_path,
"cgroup.procs", NULL);
ret = lxc_write_to_file(path, pidstr, len, false, 0666);
if (ret != 0) { if (ret != 0) {
SYSERROR("Failed to enter cgroup \"%s\"", fullpath); SYSERROR("Failed to enter cgroup \"%s\"", path);
free(fullpath); free(path);
return false; return false;
} }
free(fullpath); free(path);
} }
return true; return true;
} }
static bool cgfsng_monitor_enter(struct cgroup_ops *ops, pid_t pid)
{
return __do_cgroup_enter(ops, pid, true);
}
static bool cgfsng_payload_enter(struct cgroup_ops *ops, pid_t pid)
{
return __do_cgroup_enter(ops, pid, false);
}
static int chowmod(char *path, uid_t chown_uid, gid_t chown_gid, static int chowmod(char *path, uid_t chown_uid, gid_t chown_gid,
mode_t chmod_mode) mode_t chmod_mode)
{ {
@ -2656,6 +2671,7 @@ struct cgroup_ops *cgfsng_ops_init(struct lxc_conf *conf)
cgfsng_ops->data_init = cgfsng_data_init; cgfsng_ops->data_init = cgfsng_data_init;
cgfsng_ops->destroy = cgfsng_destroy; cgfsng_ops->destroy = cgfsng_destroy;
cgfsng_ops->monitor_create = cgfsng_monitor_create; cgfsng_ops->monitor_create = cgfsng_monitor_create;
cgfsng_ops->monitor_enter = cgfsng_monitor_enter;
cgfsng_ops->payload_create = cgfsng_payload_create; cgfsng_ops->payload_create = cgfsng_payload_create;
cgfsng_ops->payload_enter = cgfsng_payload_enter; cgfsng_ops->payload_enter = cgfsng_payload_enter;
cgfsng_ops->escape = cgfsng_escape; cgfsng_ops->escape = cgfsng_escape;

5
src/lxc/start.c
View File

@ -1971,6 +1971,11 @@ int __lxc_start(const char *name, struct lxc_handler *handler,
goto out_fini_nonet; goto out_fini_nonet;
} }
if (!cgroup_ops->monitor_enter(cgroup_ops, lxc_raw_getpid())) {
ERROR("Failed to enter monitor cgroup");
goto out_fini_nonet;
}
if (geteuid() == 0 && !lxc_list_empty(&conf->id_map)) { if (geteuid() == 0 && !lxc_list_empty(&conf->id_map)) {
/* If the backing store is a device, mount it here and now. */ /* If the backing store is a device, mount it here and now. */
if (rootfs_is_blockdev(conf)) { if (rootfs_is_blockdev(conf)) {