picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

support chrooting/setting of ioprio when spawning

This commit is contained in:
Lennart Poettering 2010-01-29 20:46:22 +01:00
parent f94ea366d3
commit 9eba9da4bc
4 changed files with 155 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
execute.c
View File

@ -15,6 +15,7 @@
#include "macro.h"
#include "util.h"
#include "log.h"
#include "ioprio.h"
static int close_fds(int except[], unsigned n_except) {
DIR *d;
@ -273,13 +274,13 @@ int exec_spawn(const ExecCommand *command, const ExecContext *context, int *fds,
goto fail;
}
umask(context->umask);
if (chdir(context->directory ? context->directory : "/") < 0) {
r = EXIT_CHDIR;
if (setpgid(0, 0) < 0) {
r = EXIT_PGID;
goto fail;
}
umask(context->umask);
if (setup_output(context, file_name_from_path(command->path)) < 0) {
r = EXIT_OUTPUT;
goto fail;
@ -297,12 +298,29 @@ int exec_spawn(const ExecCommand *command, const ExecContext *context, int *fds,
}
}
if (context->root_directory)
if (chroot(context->root_directory) < 0) {
r = EXIT_CHROOT;
goto fail;
}
if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
r = EXIT_CHDIR;
goto fail;
}
if (context->nice_set)
if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
r = EXIT_NICE;
goto fail;
}
if (context->ioprio_set)
if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
r = EXIT_IOPRIO;
goto fail;
}
if (close_fds(fds, n_fds) < 0 ||
shift_fds(fds, n_fds) < 0 ||
flags_fds(fds, n_fds) < 0) {
@ -366,8 +384,13 @@ void exec_context_init(ExecContext *c) {
c->umask = 0002;
cap_clear(c->capabilities);
c->capabilities_set = false;
c->oom_adjust = 0;
c->oom_adjust_set = false;
c->nice = 0;
c->nice_set = false;
c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
c->ioprio_set = false;
c->output = 0;
c->syslog_priority = LOG_DAEMON|LOG_INFO;
@ -386,8 +409,10 @@ void exec_context_done(ExecContext *c) {
c->rlimit[l] = NULL;
}
free(c->directory);
c->directory = NULL;
free(c->working_directory);
c->working_directory = NULL;
free(c->root_directory);
c->root_directory = NULL;
free(c->syslog_identifier);
c->syslog_identifier = NULL;
@ -424,6 +449,14 @@ void exec_command_free_array(ExecCommand **c, unsigned n) {
}
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
static const char * const table[] = {
[IOPRIO_CLASS_NONE] = "none",
[IOPRIO_CLASS_RT] = "realtime",
[IOPRIO_CLASS_BE] = "best-effort",
[IOPRIO_CLASS_IDLE] = "idle"
};
assert(c);
assert(f);
@ -432,9 +465,11 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
fprintf(f,
"%sUmask: %04o\n"
"%sDirectory: %s\n",
"%sWorking Directory: %s\n"
"%sRoot Directory: %s\n",
prefix, c->umask,
prefix, c->directory ? c->directory : "/");
prefix, c->working_directory ? c->working_directory : "/",
prefix, c->root_directory ? c->root_directory : "/");
if (c->nice_set)
fprintf(f,
@ -445,6 +480,13 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
fprintf(f,
"%sOOMAdjust: %i\n",
prefix, c->oom_adjust);
if (c->ioprio_set)
fprintf(f,
"%sIOSchedulingClass: %s\n"
"%sIOPriority: %i\n",
prefix, table[IOPRIO_PRIO_CLASS(c->ioprio)],
prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
}
void exec_status_fill(ExecStatus *s, pid_t pid, int code, int status) {

9
execute.h
View File

@ -44,12 +44,14 @@ struct ExecContext {
char **environment;
mode_t umask;
struct rlimit *rlimit[RLIMIT_NLIMITS]; /* FIXME: load-fragment parser missing */
char *directory;
char *working_directory, *root_directory;
int oom_adjust;
int nice;
int ioprio;
bool oom_adjust_set:1;
bool nice_set:1;
bool ioprio_set:1;
ExecOutput output;
int syslog_priority;
@ -91,7 +93,10 @@ typedef enum ExitStatus {
EXIT_LIMITS,
EXIT_OOM_ADJUST,
EXIT_SIGNAL_MASK,
EXIT_OUTPUT
EXIT_OUTPUT,
EXIT_CHROOT,
EXIT_PGID,
EXIT_IOPRIO
} ExitStatus;
int exec_spawn(const ExecCommand *command, const ExecContext *context, int *fds, unsigned n_fds, pid_t *ret);

11
fixme
View File

@ -27,9 +27,9 @@
- implement mount/automount
- more process attributes: chroot, cpu affinity, scheduling
- more process attributes: cpu affinity, cpu scheduling
- create session/pgroup for child processes
- create session/pgroup for child processes? handle input on console properly? interactive fsck? interactive luks password?
- fs namespaces
@ -45,3 +45,10 @@
presumably uses the logging socket in blocking mode which might
trigger a deadlock if syslog does not process the socket anymore
(maybe because it is restarted) and the socket buffer is full.
- in udev/mount if properties change we need to delete the old
settings and install the new settings. Deleting the old settings is
currently missing.
- ability to kill services? i.e. in contrast to stopping them, go directly
into killing mode?

90
load-fragment.c
View File

@ -12,6 +12,7 @@
#include "conf-parser.h"
#include "load-fragment.h"
#include "log.h"
#include "ioprio.h"
static int config_parse_deps(
const char *filename,
@ -625,6 +626,90 @@ int config_parse_level(
return 0;
}
int config_parse_io_class(
const char *filename,
unsigned line,
const char *section,
const char *lvalue,
const char *rvalue,
void *data,
void *userdata) {
static const char * const table[] = {
[IOPRIO_CLASS_NONE] = NULL,
[IOPRIO_CLASS_RT] = "realtime",
[IOPRIO_CLASS_BE] = "best-effort",
[IOPRIO_CLASS_IDLE] = "idle",
};
ExecContext *c = data;
int i;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
for (i = 0; i < (int) ELEMENTSOF(table); i++) {
if (!table[i])
continue;
if (streq(rvalue, table[i])) {
c->ioprio = IOPRIO_PRIO_VALUE(i, IOPRIO_PRIO_DATA(c->ioprio));
break;
}
}
if (i >= (int) ELEMENTSOF(table)) {
/* Second try, let's see if this is a number. */
if (safe_atoi(rvalue, &i) >= 0 &&
i >= 0 &&
i < (int) ELEMENTSOF(table) &&
table[i])
c->ioprio = IOPRIO_PRIO_VALUE(i, IOPRIO_PRIO_DATA(c->ioprio));
else {
log_error("[%s:%u] Failed to parse io priority: %s", filename, line, rvalue);
return -EBADMSG;
}
}
c->ioprio_set = true;
return 0;
}
int config_parse_io_priority(
const char *filename,
unsigned line,
const char *section,
const char *lvalue,
const char *rvalue,
void *data,
void *userdata) {
ExecContext *c = data;
int i;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (safe_atoi(rvalue, &i) >= 0 &&
i >= 0 &&
i < IOPRIO_BE_NR)
c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
else {
log_error("[%s:%u] Failed to parse io priority: %s", filename, line, rvalue);
return -EBADMSG;
}
c->ioprio_set = true;
return 0;
}
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_id) {
@ -709,12 +794,15 @@ static int load_from_path(Unit *u, const char *path) {
};
#define EXEC_CONTEXT_CONFIG_ITEMS(context, section) \
{ "Directory", config_parse_path, &(context).directory, section }, \
{ "WorkingDirectory", config_parse_path, &(context).working_directory, section }, \
{ "RootDirectory", config_parse_path, &(context).root_directory, section }, \
{ "User", config_parse_string, &(context).user, section }, \
{ "Group", config_parse_string, &(context).group, section }, \
{ "SupplementaryGroups", config_parse_strv, &(context).supplementary_groups, section }, \
{ "Nice", config_parse_nice, &(context), section }, \
{ "OOMAdjust", config_parse_oom_adjust, &(context), section }, \
{ "IOPriority", config_parse_io_priority, &(context), section }, \
{ "IOSchedulingClass", config_parse_io_class, &(context), section }, \
{ "UMask", config_parse_umask, &(context).umask, section }, \
{ "Environment", config_parse_strv, &(context).environment, section }, \
{ "Output", config_parse_output, &(context).output, section }, \