2020-11-09 05:23:58 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
2012-07-18 19:07:51 +02:00
|
|
|
#pragma once
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2010-07-12 18:16:44 +02:00
|
|
|
#include <dirent.h>
|
2015-11-30 21:43:37 +01:00
|
|
|
#include <stdbool.h>
|
|
|
|
#include <stdint.h>
|
2015-11-18 22:46:33 +01:00
|
|
|
#include <stdio.h>
|
2016-10-13 15:50:46 +02:00
|
|
|
#include <sys/statfs.h>
|
2015-11-18 22:46:33 +01:00
|
|
|
#include <sys/types.h>
|
2010-07-11 00:50:49 +02:00
|
|
|
|
2011-03-17 04:02:35 +01:00
|
|
|
#include "def.h"
|
2015-12-01 23:22:03 +01:00
|
|
|
#include "set.h"
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2017-11-17 13:02:14 +01:00
|
|
|
#define SYSTEMD_CGROUP_CONTROLLER_LEGACY "name=systemd"
|
|
|
|
#define SYSTEMD_CGROUP_CONTROLLER_HYBRID "name=unified"
|
|
|
|
#define SYSTEMD_CGROUP_CONTROLLER "_systemd"
|
|
|
|
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
/* An enum of well known cgroup controllers */
|
|
|
|
typedef enum CGroupController {
|
2018-09-30 12:33:16 +02:00
|
|
|
/* Original cgroup controllers */
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
CGROUP_CONTROLLER_CPU,
|
2017-11-08 18:39:28 +01:00
|
|
|
CGROUP_CONTROLLER_CPUACCT, /* v1 only */
|
2019-07-29 17:50:05 +02:00
|
|
|
CGROUP_CONTROLLER_CPUSET, /* v2 only */
|
2017-11-08 18:39:28 +01:00
|
|
|
CGROUP_CONTROLLER_IO, /* v2 only */
|
|
|
|
CGROUP_CONTROLLER_BLKIO, /* v1 only */
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
CGROUP_CONTROLLER_MEMORY,
|
2017-11-08 18:39:28 +01:00
|
|
|
CGROUP_CONTROLLER_DEVICES, /* v1 only */
|
2015-09-10 12:32:16 +02:00
|
|
|
CGROUP_CONTROLLER_PIDS,
|
2018-09-30 12:33:16 +02:00
|
|
|
|
|
|
|
/* BPF-based pseudo-controllers, v2 only */
|
|
|
|
CGROUP_CONTROLLER_BPF_FIREWALL,
|
2018-10-08 23:33:05 +02:00
|
|
|
CGROUP_CONTROLLER_BPF_DEVICES,
|
2018-09-30 12:33:16 +02:00
|
|
|
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
_CGROUP_CONTROLLER_MAX,
|
|
|
|
_CGROUP_CONTROLLER_INVALID = -1,
|
|
|
|
} CGroupController;
|
|
|
|
|
2018-10-26 15:31:30 +02:00
|
|
|
#define CGROUP_CONTROLLER_TO_MASK(c) (1U << (c))
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
|
2013-06-27 04:14:27 +02:00
|
|
|
/* A bit mask of well known cgroup controllers */
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
typedef enum CGroupMask {
|
|
|
|
CGROUP_MASK_CPU = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPU),
|
|
|
|
CGROUP_MASK_CPUACCT = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUACCT),
|
2019-07-29 17:50:05 +02:00
|
|
|
CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET),
|
2016-05-05 22:42:55 +02:00
|
|
|
CGROUP_MASK_IO = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_IO),
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
CGROUP_MASK_BLKIO = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BLKIO),
|
|
|
|
CGROUP_MASK_MEMORY = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_MEMORY),
|
2015-09-08 18:15:50 +02:00
|
|
|
CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES),
|
2015-09-10 12:32:16 +02:00
|
|
|
CGROUP_MASK_PIDS = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_PIDS),
|
2018-09-30 12:33:16 +02:00
|
|
|
CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL),
|
2018-10-08 23:33:05 +02:00
|
|
|
CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES),
|
2018-10-24 17:30:46 +02:00
|
|
|
|
2019-01-02 21:15:15 +01:00
|
|
|
/* All real cgroup v1 controllers */
|
2018-10-24 17:30:46 +02:00
|
|
|
CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS,
|
|
|
|
|
2019-01-02 21:15:15 +01:00
|
|
|
/* All real cgroup v2 controllers */
|
2019-07-29 17:50:05 +02:00
|
|
|
CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS,
|
2018-10-24 17:30:46 +02:00
|
|
|
|
2019-01-02 21:15:15 +01:00
|
|
|
/* All cgroup v2 BPF pseudo-controllers */
|
2018-10-24 17:30:46 +02:00
|
|
|
CGROUP_MASK_BPF = CGROUP_MASK_BPF_FIREWALL|CGROUP_MASK_BPF_DEVICES,
|
|
|
|
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
_CGROUP_MASK_ALL = CGROUP_CONTROLLER_TO_MASK(_CGROUP_CONTROLLER_MAX) - 1
|
|
|
|
} CGroupMask;
|
2013-06-27 04:14:27 +02:00
|
|
|
|
2018-11-15 21:14:54 +01:00
|
|
|
static inline CGroupMask CGROUP_MASK_EXTEND_JOINED(CGroupMask mask) {
|
|
|
|
/* We always mount "cpu" and "cpuacct" in the same hierarchy. Hence, when one bit is set also set the other */
|
|
|
|
|
|
|
|
if (mask & (CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT))
|
|
|
|
mask |= (CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT);
|
|
|
|
|
|
|
|
return mask;
|
|
|
|
}
|
|
|
|
|
2018-11-17 12:19:07 +01:00
|
|
|
CGroupMask get_cpu_accounting_mask(void);
|
|
|
|
bool cpu_accounting_is_cheap(void);
|
|
|
|
|
2016-05-05 22:42:55 +02:00
|
|
|
/* Special values for all weight knobs on unified hierarchy */
|
|
|
|
#define CGROUP_WEIGHT_INVALID ((uint64_t) -1)
|
|
|
|
#define CGROUP_WEIGHT_MIN UINT64_C(1)
|
|
|
|
#define CGROUP_WEIGHT_MAX UINT64_C(10000)
|
|
|
|
#define CGROUP_WEIGHT_DEFAULT UINT64_C(100)
|
|
|
|
|
|
|
|
#define CGROUP_LIMIT_MIN UINT64_C(0)
|
|
|
|
#define CGROUP_LIMIT_MAX ((uint64_t) -1)
|
|
|
|
|
|
|
|
static inline bool CGROUP_WEIGHT_IS_OK(uint64_t x) {
|
|
|
|
return
|
|
|
|
x == CGROUP_WEIGHT_INVALID ||
|
|
|
|
(x >= CGROUP_WEIGHT_MIN && x <= CGROUP_WEIGHT_MAX);
|
|
|
|
}
|
|
|
|
|
2016-05-18 22:50:56 +02:00
|
|
|
/* IO limits on unified hierarchy */
|
|
|
|
typedef enum CGroupIOLimitType {
|
|
|
|
CGROUP_IO_RBPS_MAX,
|
|
|
|
CGROUP_IO_WBPS_MAX,
|
2016-05-18 22:50:56 +02:00
|
|
|
CGROUP_IO_RIOPS_MAX,
|
|
|
|
CGROUP_IO_WIOPS_MAX,
|
2016-05-18 22:50:56 +02:00
|
|
|
|
|
|
|
_CGROUP_IO_LIMIT_TYPE_MAX,
|
|
|
|
_CGROUP_IO_LIMIT_TYPE_INVALID = -1
|
|
|
|
} CGroupIOLimitType;
|
|
|
|
|
|
|
|
extern const uint64_t cgroup_io_limit_defaults[_CGROUP_IO_LIMIT_TYPE_MAX];
|
|
|
|
|
|
|
|
const char* cgroup_io_limit_type_to_string(CGroupIOLimitType t) _const_;
|
|
|
|
CGroupIOLimitType cgroup_io_limit_type_from_string(const char *s) _pure_;
|
|
|
|
|
2015-09-11 16:48:24 +02:00
|
|
|
/* Special values for the cpu.shares attribute */
|
|
|
|
#define CGROUP_CPU_SHARES_INVALID ((uint64_t) -1)
|
|
|
|
#define CGROUP_CPU_SHARES_MIN UINT64_C(2)
|
|
|
|
#define CGROUP_CPU_SHARES_MAX UINT64_C(262144)
|
|
|
|
#define CGROUP_CPU_SHARES_DEFAULT UINT64_C(1024)
|
|
|
|
|
|
|
|
static inline bool CGROUP_CPU_SHARES_IS_OK(uint64_t x) {
|
|
|
|
return
|
|
|
|
x == CGROUP_CPU_SHARES_INVALID ||
|
|
|
|
(x >= CGROUP_CPU_SHARES_MIN && x <= CGROUP_CPU_SHARES_MAX);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Special values for the blkio.weight attribute */
|
|
|
|
#define CGROUP_BLKIO_WEIGHT_INVALID ((uint64_t) -1)
|
|
|
|
#define CGROUP_BLKIO_WEIGHT_MIN UINT64_C(10)
|
|
|
|
#define CGROUP_BLKIO_WEIGHT_MAX UINT64_C(1000)
|
|
|
|
#define CGROUP_BLKIO_WEIGHT_DEFAULT UINT64_C(500)
|
|
|
|
|
|
|
|
static inline bool CGROUP_BLKIO_WEIGHT_IS_OK(uint64_t x) {
|
|
|
|
return
|
|
|
|
x == CGROUP_BLKIO_WEIGHT_INVALID ||
|
|
|
|
(x >= CGROUP_BLKIO_WEIGHT_MIN && x <= CGROUP_BLKIO_WEIGHT_MAX);
|
|
|
|
}
|
|
|
|
|
2016-08-16 00:13:36 +02:00
|
|
|
typedef enum CGroupUnified {
|
|
|
|
CGROUP_UNIFIED_UNKNOWN = -1,
|
|
|
|
CGROUP_UNIFIED_NONE = 0, /* Both systemd and controllers on legacy */
|
|
|
|
CGROUP_UNIFIED_SYSTEMD = 1, /* Only systemd on unified */
|
|
|
|
CGROUP_UNIFIED_ALL = 2, /* Both systemd and controllers on unified */
|
|
|
|
} CGroupUnified;
|
|
|
|
|
2013-04-30 00:15:30 +02:00
|
|
|
/*
|
|
|
|
* General rules:
|
|
|
|
*
|
|
|
|
* We accept named hierarchies in the syntax "foo" and "name=foo".
|
|
|
|
*
|
|
|
|
* We expect that named hierarchies do not conflict in name with a
|
|
|
|
* kernel hierarchy, modulo the "name=" prefix.
|
|
|
|
*
|
|
|
|
* We always generate "normalized" controller names, i.e. without the
|
|
|
|
* "name=" prefix.
|
|
|
|
*
|
|
|
|
* We require absolute cgroup paths. When returning, we will always
|
|
|
|
* generate paths with multiple adjacent / removed.
|
|
|
|
*/
|
|
|
|
|
2010-07-11 00:50:49 +02:00
|
|
|
int cg_enumerate_processes(const char *controller, const char *path, FILE **_f);
|
|
|
|
int cg_read_pid(FILE *f, pid_t *_pid);
|
2016-03-25 16:38:50 +01:00
|
|
|
int cg_read_event(const char *controller, const char *path, const char *event,
|
|
|
|
char **val);
|
2010-07-11 00:50:49 +02:00
|
|
|
|
2010-07-12 18:16:44 +02:00
|
|
|
int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d);
|
|
|
|
int cg_read_subgroup(DIR *d, char **fn);
|
|
|
|
|
2016-07-20 11:16:05 +02:00
|
|
|
typedef enum CGroupFlags {
|
2019-01-07 17:48:28 +01:00
|
|
|
CGROUP_SIGCONT = 1 << 0,
|
|
|
|
CGROUP_IGNORE_SELF = 1 << 1,
|
|
|
|
CGROUP_REMOVE = 1 << 2,
|
2016-07-20 11:16:05 +02:00
|
|
|
} CGroupFlags;
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2019-01-16 11:20:18 +01:00
|
|
|
typedef int (*cg_kill_log_func_t)(pid_t pid, int sig, void *userdata);
|
2016-07-20 11:16:05 +02:00
|
|
|
|
|
|
|
int cg_kill(const char *controller, const char *path, int sig, CGroupFlags flags, Set *s, cg_kill_log_func_t kill_log, void *userdata);
|
|
|
|
int cg_kill_recursive(const char *controller, const char *path, int sig, CGroupFlags flags, Set *s, cg_kill_log_func_t kill_log, void *userdata);
|
|
|
|
|
2020-03-10 10:50:27 +01:00
|
|
|
int cg_split_spec(const char *spec, char **ret_controller, char **ret_path);
|
2013-04-16 04:36:06 +02:00
|
|
|
int cg_mangle_path(const char *path, char **result);
|
2010-06-21 23:27:18 +02:00
|
|
|
|
|
|
|
int cg_get_path(const char *controller, const char *path, const char *suffix, char **fs);
|
2012-04-14 02:15:13 +02:00
|
|
|
int cg_get_path_and_check(const char *controller, const char *path, const char *suffix, char **fs);
|
2013-04-16 04:36:06 +02:00
|
|
|
|
|
|
|
int cg_pid_get_path(const char *controller, pid_t pid, char **path);
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2013-06-27 04:14:27 +02:00
|
|
|
int cg_rmdir(const char *controller, const char *path);
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2020-04-29 17:40:22 +02:00
|
|
|
typedef enum {
|
|
|
|
CG_KEY_MODE_GRACEFUL = 1 << 0,
|
|
|
|
} CGroupKeyMode;
|
|
|
|
|
2013-06-27 04:14:27 +02:00
|
|
|
int cg_set_attribute(const char *controller, const char *path, const char *attribute, const char *value);
|
2015-01-23 02:58:02 +01:00
|
|
|
int cg_get_attribute(const char *controller, const char *path, const char *attribute, char **ret);
|
2020-04-29 17:40:22 +02:00
|
|
|
int cg_get_keyed_attribute_full(const char *controller, const char *path, const char *attribute, char **keys, char **values, CGroupKeyMode mode);
|
|
|
|
|
|
|
|
static inline int cg_get_keyed_attribute(
|
|
|
|
const char *controller,
|
|
|
|
const char *path,
|
|
|
|
const char *attribute,
|
|
|
|
char **keys,
|
|
|
|
char **ret_values) {
|
|
|
|
return cg_get_keyed_attribute_full(controller, path, attribute, keys, ret_values, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline int cg_get_keyed_attribute_graceful(
|
|
|
|
const char *controller,
|
|
|
|
const char *path,
|
|
|
|
const char *attribute,
|
|
|
|
char **keys,
|
|
|
|
char **ret_values) {
|
|
|
|
return cg_get_keyed_attribute_full(controller, path, attribute, keys, ret_values, CG_KEY_MODE_GRACEFUL);
|
|
|
|
}
|
2013-06-27 04:14:27 +02:00
|
|
|
|
2020-03-08 02:14:35 +01:00
|
|
|
int cg_get_attribute_as_uint64(const char *controller, const char *path, const char *attribute, uint64_t *ret);
|
|
|
|
|
2020-10-06 05:59:54 +02:00
|
|
|
/* Does a parse_boolean() on the attribute contents and sets ret accordingly */
|
|
|
|
int cg_get_attribute_as_bool(const char *controller, const char *path, const char *attribute, bool *ret);
|
|
|
|
|
2017-11-24 18:30:23 +01:00
|
|
|
int cg_set_access(const char *controller, const char *path, uid_t uid, gid_t gid);
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2016-08-30 23:18:46 +02:00
|
|
|
int cg_set_xattr(const char *controller, const char *path, const char *name, const void *value, size_t size, int flags);
|
|
|
|
int cg_get_xattr(const char *controller, const char *path, const char *name, void *value, size_t size);
|
2020-03-18 01:47:19 +01:00
|
|
|
int cg_get_xattr_malloc(const char *controller, const char *path, const char *name, char **ret);
|
2019-11-20 17:41:48 +01:00
|
|
|
int cg_remove_xattr(const char *controller, const char *path, const char *name);
|
2016-08-30 23:18:46 +02:00
|
|
|
|
2010-06-21 23:27:18 +02:00
|
|
|
int cg_install_release_agent(const char *controller, const char *agent);
|
2013-07-04 20:31:18 +02:00
|
|
|
int cg_uninstall_release_agent(const char *controller);
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2015-09-01 18:32:07 +02:00
|
|
|
int cg_is_empty(const char *controller, const char *path);
|
|
|
|
int cg_is_empty_recursive(const char *controller, const char *path);
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2013-04-16 04:36:06 +02:00
|
|
|
int cg_get_root_path(char **path);
|
2013-04-15 14:05:00 +02:00
|
|
|
|
2013-04-16 04:36:06 +02:00
|
|
|
int cg_path_get_session(const char *path, char **session);
|
2013-04-23 04:10:13 +02:00
|
|
|
int cg_path_get_owner_uid(const char *path, uid_t *uid);
|
2013-04-15 14:05:00 +02:00
|
|
|
int cg_path_get_unit(const char *path, char **unit);
|
|
|
|
int cg_path_get_user_unit(const char *path, char **unit);
|
2013-04-16 04:36:06 +02:00
|
|
|
int cg_path_get_machine_name(const char *path, char **machine);
|
2013-06-21 01:46:27 +02:00
|
|
|
int cg_path_get_slice(const char *path, char **slice);
|
2015-04-30 11:58:06 +02:00
|
|
|
int cg_path_get_user_slice(const char *path, char **slice);
|
2013-04-16 04:36:06 +02:00
|
|
|
|
2013-12-24 19:31:44 +01:00
|
|
|
int cg_shift_path(const char *cgroup, const char *cached_root, const char **shifted);
|
2013-12-11 23:31:07 +01:00
|
|
|
int cg_pid_get_path_shifted(pid_t pid, const char *cached_root, char **cgroup);
|
2013-04-15 14:05:00 +02:00
|
|
|
|
2013-04-16 04:36:06 +02:00
|
|
|
int cg_pid_get_session(pid_t pid, char **session);
|
2013-04-23 04:10:13 +02:00
|
|
|
int cg_pid_get_owner_uid(pid_t pid, uid_t *uid);
|
2012-05-30 22:25:01 +02:00
|
|
|
int cg_pid_get_unit(pid_t pid, char **unit);
|
2013-01-17 18:55:05 +01:00
|
|
|
int cg_pid_get_user_unit(pid_t pid, char **unit);
|
2013-04-16 04:36:06 +02:00
|
|
|
int cg_pid_get_machine_name(pid_t pid, char **machine);
|
2013-06-21 01:46:27 +02:00
|
|
|
int cg_pid_get_slice(pid_t pid, char **slice);
|
2015-04-30 11:58:06 +02:00
|
|
|
int cg_pid_get_user_slice(pid_t pid, char **slice);
|
2011-03-14 23:13:57 +01:00
|
|
|
|
2013-04-16 04:36:06 +02:00
|
|
|
int cg_path_decode_unit(const char *cgroup, char **unit);
|
2013-01-18 07:13:27 +01:00
|
|
|
|
2013-04-23 04:10:13 +02:00
|
|
|
char *cg_escape(const char *p);
|
2013-05-03 04:51:50 +02:00
|
|
|
char *cg_unescape(const char *p) _pure_;
|
2013-04-25 00:01:29 +02:00
|
|
|
|
2015-06-01 13:46:52 +02:00
|
|
|
bool cg_controller_is_valid(const char *p);
|
2013-06-17 21:33:26 +02:00
|
|
|
|
|
|
|
int cg_slice_to_path(const char *unit, char **ret);
|
2013-06-27 04:14:27 +02:00
|
|
|
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata);
|
2014-02-17 02:06:32 +01:00
|
|
|
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
int cg_mask_supported(CGroupMask *ret);
|
2017-05-02 09:59:17 +02:00
|
|
|
int cg_mask_from_string(const char *s, CGroupMask *ret);
|
|
|
|
int cg_mask_to_string(CGroupMask mask, char **ret);
|
2014-12-30 01:57:23 +01:00
|
|
|
|
2017-11-17 16:27:13 +01:00
|
|
|
int cg_kernel_controllers(Set **controllers);
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
|
2016-06-23 11:52:45 +02:00
|
|
|
bool cg_ns_supported(void);
|
2020-04-29 17:53:43 +02:00
|
|
|
bool cg_freezer_supported(void);
|
2016-06-23 11:52:45 +02:00
|
|
|
|
2017-02-24 17:52:58 +01:00
|
|
|
int cg_all_unified(void);
|
|
|
|
int cg_hybrid_unified(void);
|
2017-02-24 18:00:04 +01:00
|
|
|
int cg_unified_controller(const char *controller);
|
2019-08-01 12:48:41 +02:00
|
|
|
int cg_unified_cached(bool flush);
|
|
|
|
static inline int cg_unified(void) {
|
|
|
|
return cg_unified_cached(true);
|
|
|
|
}
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
|
|
|
|
const char* cgroup_controller_to_string(CGroupController c) _const_;
|
|
|
|
CGroupController cgroup_controller_from_string(const char *s) _pure_;
|
2015-09-11 16:48:24 +02:00
|
|
|
|
2016-10-13 15:50:46 +02:00
|
|
|
bool is_cgroup_fs(const struct statfs *s);
|
|
|
|
bool fd_is_cgroup_fs(int fd);
|
2020-03-09 23:09:17 +01:00
|
|
|
|
|
|
|
typedef enum ManagedOOMMode {
|
|
|
|
MANAGED_OOM_AUTO,
|
|
|
|
MANAGED_OOM_KILL,
|
|
|
|
_MANAGED_OOM_MODE_MAX,
|
|
|
|
_MANAGED_OOM_MODE_INVALID = -1,
|
|
|
|
} ManagedOOMMode;
|
|
|
|
|
|
|
|
const char* managed_oom_mode_to_string(ManagedOOMMode m) _const_;
|
|
|
|
ManagedOOMMode managed_oom_mode_from_string(const char *s) _pure_;
|