Christian Brauner
|
7aec2bd3cd
|
bpf: rework bpf_program_cgroup_detach()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 11:54:33 +01:00 |
|
Christian Brauner
|
9a2a38b313
|
commands: rework bpf devices BPF_F_REPLACE codepath
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 11:54:33 +01:00 |
|
Christian Brauner
|
c38e5c4fd2
|
bpf: don't close invalid fd, simply swap
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 11:54:32 +01:00 |
|
Christian Brauner
|
281f42afaa
|
bpf: use __u32 not uint32_t
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 11:54:32 +01:00 |
|
Christian Brauner
|
a38a34f888
|
macro: add swap helper
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 11:54:32 +01:00 |
|
Christian Brauner
|
79bc22bd24
|
commands: replace bpf program on update
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 11:54:32 +01:00 |
|
Christian Brauner
|
934bb475e2
|
commands: improve bpf device program management
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 11:54:32 +01:00 |
|
Christian Brauner
|
413e074bbe
|
cgroups: improve bpf device program management
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 11:54:32 +01:00 |
|
Christian Brauner
|
df1a5345cd
|
bpf: add helpers for better bpf device program management
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 11:54:20 +01:00 |
|
Christian Brauner
|
e41afad55e
|
cgroups: improve bpf device program handling
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 10:51:07 +01:00 |
|
Christian Brauner
|
69885a7656
|
cgroups: make device cgroups semantics clearer
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 10:51:07 +01:00 |
|
Christian Brauner
|
0d450efcf2
|
bpf: enable helpers to let caller replace existing bpf programs
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 10:50:45 +01:00 |
|
Christian Brauner
|
8828c61a8b
|
bpf: align struct initialization
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 10:50:03 +01:00 |
|
Christian Brauner
|
bee6ee17b0
|
bpf: use return macros
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 10:50:03 +01:00 |
|
Christian Brauner
|
4b9dc703d2
|
conf: introduce lxc_bpf_devices_rule_t type
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 10:50:03 +01:00 |
|
Christian Brauner
|
7c37e93740
|
bpf: use cgroup fd directly instead of paths
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 10:50:03 +01:00 |
|
Christian Brauner
|
7064ee3a92
|
cgroups: kill monitor_full_path
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 00:39:22 +01:00 |
|
Christian Brauner
|
11e5c6783e
|
cgroups: free correct path
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-18 00:39:22 +01:00 |
|
Christian Brauner
|
05fe99f3a9
|
utils: fix print_r() debugging helper
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 23:30:12 +01:00 |
|
Christian Brauner
|
bce04069bc
|
cgroups: fix error values
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 22:48:56 +01:00 |
|
Christian Brauner
|
2c4348bd1c
|
cgroups: don't overwrite type
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 18:49:20 +01:00 |
|
Christian Brauner
|
bd09ee987d
|
cgroups: make it extremely obvious that we're transitioning from a flag to a type
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 18:48:58 +01:00 |
|
Stéphane Graber
|
cca7d405fe
|
Merge pull request #3680 from brauner/2021-02-17/cgroups_2
cgroups: fourth batch of cgroup fixes
|
2021-02-17 12:30:57 -05:00 |
|
Christian Brauner
|
77410c983c
|
cgroups: create controller directories if missing
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 16:56:55 +01:00 |
|
Christian Brauner
|
51feb8dbb7
|
cgroups: use non-flag based checking now that we switched all codepaths over
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 16:56:55 +01:00 |
|
Christian Brauner
|
9394b6dc97
|
conf: use brackets to clarify check semantics
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 16:30:15 +01:00 |
|
Christian Brauner
|
69c296739d
|
cgroups: validate that only a single cgroup mount type is set
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 16:30:15 +01:00 |
|
Christian Brauner
|
8186eb8e8a
|
cgroups: prevent cgroup mount type overwrite
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 16:30:15 +01:00 |
|
Christian Brauner
|
f1921f351e
|
cgroups: ensure that cgroup_root is initialized in legacy codepaths
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 16:29:56 +01:00 |
|
Christian Brauner
|
9bca62b305
|
cgroups: distinguish between tmpfs and unified based cgroup layouts file descriptors
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 15:29:14 +01:00 |
|
Christian Brauner
|
e203535895
|
cgroups: log intermediate cleanup
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 15:24:59 +01:00 |
|
Stéphane Graber
|
b3ad27fb43
|
Merge pull request #3679 from brauner/2021-02-17/cgroups
cgroups: third batch of cgroup fixes
|
2021-02-17 08:59:13 -05:00 |
|
Christian Brauner
|
0954f6cec9
|
cgroups: prevent NULL pointer deref
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 14:42:55 +01:00 |
|
Christian Brauner
|
8f45c49bb1
|
cgroups: simplify mount opening
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 10:45:35 +01:00 |
|
Christian Brauner
|
9981107f55
|
cgroups: ensure we prune the limit dir
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 10:35:58 +01:00 |
|
Christian Brauner
|
c1ece89518
|
cgroups: ensure we don't remove cgroups we didn't create
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 10:30:30 +01:00 |
|
Christian Brauner
|
57abfbb640
|
cgroups: don't move pivot cgroup under the monitor's cgroup
Otherwise we will never be able to destroy the monitor's cgroup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 10:08:27 +01:00 |
|
Christian Brauner
|
1e05885505
|
cgroups: don't rely on absolute path
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 10:06:29 +01:00 |
|
Christian Brauner
|
471929c6d0
|
cgroups: be stricter when creating payloads
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 10:04:58 +01:00 |
|
Christian Brauner
|
a6aeb9f1b9
|
cgroups: rework cgroup tree creation
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 10:03:42 +01:00 |
|
Christian Brauner
|
6c880cdfa1
|
cgroups: ensure leaf cgroup is correctly pruned on creation failure
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 09:29:04 +01:00 |
|
Christian Brauner
|
cb423bd38b
|
cgroups: rework cgroup tree removal on creation failure
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 09:15:38 +01:00 |
|
Christian Brauner
|
2291719e82
|
cgroups: remove obsolote check
In the new layout we don't need to do this.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 09:06:37 +01:00 |
|
Christian Brauner
|
6fec43278e
|
cgroups: reorder function arguments
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 09:04:03 +01:00 |
|
Stéphane Graber
|
e82bb1b360
|
Merge pull request #3678 from brauner/2021-02-17/unified_controller_delegation
cgroups: rework unified cgroup controller delegation
|
2021-02-16 20:27:03 -05:00 |
|
Christian Brauner
|
838d155694
|
start: delegate than move into the target cgroup
This is a way more sensible model.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 01:45:47 +01:00 |
|
Christian Brauner
|
95ab26aff7
|
cgroups: rework unified controller delegation
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 01:45:47 +01:00 |
|
Christian Brauner
|
e4db08ed3e
|
cgroups: check correct variable
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 01:45:47 +01:00 |
|
Christian Brauner
|
e219f8e885
|
cgroups: s/openat()/open_at()/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
2021-02-17 01:45:44 +01:00 |
|
Stéphane Graber
|
6963202241
|
Merge pull request #3677 from brauner/2021-02-17/cgroup_pruning
cgroups: fd-only cgroup tree pruning
|
2021-02-16 19:16:38 -05:00 |
|