picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #6893 from poettering/cgroup-delegate-yay 

cgroup delegation fixes, as well as socket unit slice assignment
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2017-09-24 20:53:04 +02:00 committed by GitHub
parent a2deeb41f6 88af31f922
commit efaa3176ad
3 changed files with 46 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/basic/cgroup-util.c
View File

@ -902,7 +902,7 @@ int cg_set_group_access(
if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid);
if (r < 0)
log_warning_errno(r, "Failed to set group access on compat systemd cgroup %s: %m", path);
log_debug_errno(r, "Failed to set group access on compatibility systemd cgroup %s, ignoring: %m", path);
}
return 0;
@ -915,7 +915,7 @@ int cg_set_task_access(
uid_t uid,
gid_t gid) {
_cleanup_free_ char *fs = NULL, *procs = NULL;
_cleanup_free_ char *fs = NULL;
int r;
assert(path);
@ -926,6 +926,7 @@ int cg_set_task_access(
if (mode != MODE_INVALID)
mode &= 0666;
/* For both the legacy and unified hierarchies, "cgroup.procs" is the main entry point for PIDs */
r = cg_get_path(controller, path, "cgroup.procs", &fs);
if (r < 0)
return r;
@ -938,19 +939,48 @@ int cg_set_task_access(
if (r < 0)
return r;
if (r == 0) {
/* Compatibility, Always keep values for "tasks" in sync with
* "cgroup.procs" */
if (cg_get_path(controller, path, "tasks", &procs) >= 0)
(void) chmod_and_chown(procs, mode, uid, gid);
const char *fn;
/* Compatibility: on cgroupsv1 always keep values for the legacy files "tasks" and
* "cgroup.clone_children" in sync with "cgroup.procs". Since this is legacy stuff, we don't care if
* this fails. */
FOREACH_STRING(fn,
"tasks",
"cgroup.clone_children") {
fs = mfree(fs);
r = cg_get_path(controller, path, fn, &fs);
if (r < 0)
log_debug_errno(r, "Failed to get path for %s of %s, ignoring: %m", fn, path);
r = chmod_and_chown(fs, mode, uid, gid);
if (r < 0)
log_debug_errno(r, "Failed to to change ownership/access mode for %s of %s, ignoring: %m", fn, path);
}
} else {
/* On the unified controller, we want to permit subtree controllers too. */
fs = mfree(fs);
r = cg_get_path(controller, path, "cgroup.subtree_control", &fs);
if (r < 0)
return r;
r = chmod_and_chown(fs, mode, uid, gid);
if (r < 0)
return r;
}
r = cg_hybrid_unified();
if (r < 0)
return r;
if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
/* Always propagate access mode from unified to legacy controller */
r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid);
if (r < 0)
log_warning_errno(r, "Failed to set task access on compat systemd cgroup %s: %m", path);
log_debug_errno(r, "Failed to set task access on compatibility systemd cgroup %s, ignoring: %m", path);
}
return 0;

8
src/core/socket.c
View File

@ -397,12 +397,12 @@ static int socket_add_extras(Socket *s) {
r = unit_add_exec_dependencies(u, &s->exec_context);
if (r < 0)
return r;
r = unit_set_default_slice(u);
if (r < 0)
return r;
}
r = unit_set_default_slice(u);
if (r < 0)
return r;
r = socket_add_default_dependencies(s);
if (r < 0)
return r;

14
src/core/unit.c
View File

@ -4429,14 +4429,10 @@ int unit_acquire_invocation_id(Unit *u) {
return 0;
}
void unit_set_exec_params(Unit *s, ExecParameters *p) {
CGroupContext *c;
void unit_set_exec_params(Unit *u, ExecParameters *p) {
assert(u);
assert(p);
assert(s);
assert(s);
p->cgroup_path = s->cgroup_path;
c = unit_get_cgroup_context(s);
SET_FLAG(p->flags, EXEC_CGROUP_DELEGATE, c && c->delegate);
p->cgroup_path = u->cgroup_path;
SET_FLAG(p->flags, EXEC_CGROUP_DELEGATE, unit_cgroup_delegate(u));
}