picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge pull request #3965 from htejun/systemd-controller-on-unified

Browse source
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2016-08-19 19:00:25 -04:00
parent e6c9fa74a5 5da38d0768
commit 2056ec1927
16 changed files with 205 additions and 97 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

131
src/basic/cgroup-util.c
View file

@ -623,7 +623,7 @@ int cg_get_path(const char *controller, const char *path, const char *suffix, ch
if (!cg_controller_is_valid(controller))
return -EINVAL;
unified = cg_unified();
unified = cg_all_unified();
if (unified < 0)
return unified;
@ -651,7 +651,7 @@ static int controller_is_accessible(const char *controller) {
if (!cg_controller_is_valid(controller))
return -EINVAL;
unified = cg_unified();
unified = cg_all_unified();
if (unified < 0)
return unified;
if (unified > 0) {
@ -869,7 +869,7 @@ int cg_set_task_access(
if (r < 0)
return r;
unified = cg_unified();
unified = cg_unified(controller);
if (unified < 0)
return unified;
if (unified)
@ -893,18 +893,17 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **path) {
assert(path);
assert(pid >= 0);
unified = cg_unified();
if (controller) {
if (!cg_controller_is_valid(controller))
return -EINVAL;
} else
controller = SYSTEMD_CGROUP_CONTROLLER;
unified = cg_unified(controller);
if (unified < 0)
return unified;
if (unified == 0) {
if (controller) {
if (!cg_controller_is_valid(controller))
return -EINVAL;
} else
controller = SYSTEMD_CGROUP_CONTROLLER;
if (unified == 0)
cs = strlen(controller);
}
fs = procfs_file_alloca(pid, "cgroup");
f = fopen(fs, "re");
@ -969,7 +968,7 @@ int cg_install_release_agent(const char *controller, const char *agent) {
assert(agent);
unified = cg_unified();
unified = cg_unified(controller);
if (unified < 0)
return unified;
if (unified) /* doesn't apply to unified hierarchy */
@ -1020,7 +1019,7 @@ int cg_uninstall_release_agent(const char *controller) {
_cleanup_free_ char *fs = NULL;
int r, unified;
unified = cg_unified();
unified = cg_unified(controller);
if (unified < 0)
return unified;
if (unified) /* Doesn't apply to unified hierarchy */
@ -1076,7 +1075,7 @@ int cg_is_empty_recursive(const char *controller, const char *path) {
if (controller && (isempty(path) || path_equal(path, "/")))
return false;
unified = cg_unified();
unified = cg_unified(controller);
if (unified < 0)
return unified;
@ -1962,7 +1961,7 @@ int cg_create_everywhere(CGroupMask supported, CGroupMask mask, const char *path
return r;
/* If we are in the unified hierarchy, we are done now */
unified = cg_unified();
unified = cg_all_unified();
if (unified < 0)
return unified;
if (unified > 0)
@ -1992,7 +1991,7 @@ int cg_attach_everywhere(CGroupMask supported, const char *path, pid_t pid, cg_m
if (r < 0)
return r;
unified = cg_unified();
unified = cg_all_unified();
if (unified < 0)
return unified;
if (unified > 0)
@ -2044,7 +2043,7 @@ int cg_migrate_everywhere(CGroupMask supported, const char *from, const char *to
return r;
}
unified = cg_unified();
unified = cg_all_unified();
if (unified < 0)
return unified;
if (unified > 0)
@ -2077,7 +2076,7 @@ int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root)
if (r < 0)
return r;
unified = cg_unified();
unified = cg_all_unified();
if (unified < 0)
return unified;
if (unified > 0)
@ -2103,7 +2102,7 @@ int cg_mask_supported(CGroupMask *ret) {
* includes controllers we can make sense of and that are
* actually accessible. */
unified = cg_unified();
unified = cg_all_unified();
if (unified < 0)
return unified;
if (unified > 0) {
@ -2224,9 +2223,10 @@ int cg_kernel_controllers(Set *controllers) {
return 0;
}
static thread_local int unified_cache = -1;
static thread_local CGroupUnified unified_cache = CGROUP_UNIFIED_UNKNOWN;
static int cg_update_unified(void) {
int cg_unified(void) {
struct statfs fs;
/* Checks if we support the unified hierarchy. Returns an
@ -2234,24 +2234,47 @@ int cg_unified(void) {
* have any other trouble determining if the unified hierarchy
* is supported. */
if (unified_cache >= 0)
return unified_cache;
if (unified_cache >= CGROUP_UNIFIED_NONE)
return 0;
if (statfs("/sys/fs/cgroup/", &fs) < 0)
return -errno;
if (F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC))
unified_cache = true;
else if (F_TYPE_EQUAL(fs.f_type, TMPFS_MAGIC))
unified_cache = false;
else
unified_cache = CGROUP_UNIFIED_ALL;
else if (F_TYPE_EQUAL(fs.f_type, TMPFS_MAGIC)) {
if (statfs("/sys/fs/cgroup/systemd/", &fs) < 0)
return -errno;
unified_cache = F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC) ?
CGROUP_UNIFIED_SYSTEMD : CGROUP_UNIFIED_NONE;
} else
return -ENOMEDIUM;
return unified_cache;
return 0;
}
int cg_unified(const char *controller) {
int r;
r = cg_update_unified();
if (r < 0)
return r;
if (streq_ptr(controller, SYSTEMD_CGROUP_CONTROLLER))
return unified_cache >= CGROUP_UNIFIED_SYSTEMD;
else
return unified_cache >= CGROUP_UNIFIED_ALL;
}
int cg_all_unified(void) {
return cg_unified(NULL);
}
void cg_unified_flush(void) {
unified_cache = -1;
unified_cache = CGROUP_UNIFIED_UNKNOWN;
}
int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p) {
@ -2264,7 +2287,7 @@ int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p) {
if (supported == 0)
return 0;
unified = cg_unified();
unified = cg_all_unified();
if (unified < 0)
return unified;
if (!unified) /* on the legacy hiearchy there's no joining of controllers defined */
@ -2303,7 +2326,7 @@ bool cg_is_unified_wanted(void) {
/* If the hierarchy is already mounted, then follow whatever
* was chosen for it. */
unified = cg_unified();
unified = cg_all_unified();
if (unified >= 0)
return unified;
@ -2333,6 +2356,50 @@ bool cg_is_legacy_wanted(void) {
return !cg_is_unified_wanted();
}
bool cg_is_unified_systemd_controller_wanted(void) {
static thread_local int wanted = -1;
int r, unified;
/* If the unified hierarchy is requested in full, no need to
* bother with this. */
if (cg_is_unified_wanted())
return 0;
/* If the hierarchy is already mounted, then follow whatever
* was chosen for it. */
unified = cg_unified(SYSTEMD_CGROUP_CONTROLLER);
if (unified >= 0)
return unified;
/* Otherwise, let's see what the kernel command line has to
* say. Since checking that is expensive, let's cache the
* result. */
if (wanted >= 0)
return wanted;
r = get_proc_cmdline_key("systemd.legacy_systemd_cgroup_controller", NULL);
if (r > 0)
wanted = false;
else {
_cleanup_free_ char *value = NULL;
r = get_proc_cmdline_key("systemd.legacy_systemd_cgroup_controller=", &value);
if (r < 0)
return true;
if (r == 0)
wanted = true;
else
wanted = parse_boolean(value) <= 0;
}
return wanted;
}
bool cg_is_legacy_systemd_controller_wanted(void) {
return cg_is_legacy_wanted() && !cg_is_unified_systemd_controller_wanted();
}
int cg_weight_parse(const char *s, uint64_t *ret) {
uint64_t u;
int r;

12
src/basic/cgroup-util.h
View file

@ -116,6 +116,13 @@ static inline bool CGROUP_BLKIO_WEIGHT_IS_OK(uint64_t x) {
#define DEFAULT_TASKS_MAX_PERCENTAGE 15U /* 15% of PIDs, 4915 on default settings */
#define DEFAULT_USER_TASKS_MAX_PERCENTAGE 33U /* 33% of PIDs, 10813 on default settings */
typedef enum CGroupUnified {
CGROUP_UNIFIED_UNKNOWN = -1,
CGROUP_UNIFIED_NONE = 0, /* Both systemd and controllers on legacy */
CGROUP_UNIFIED_SYSTEMD = 1, /* Only systemd on unified */
CGROUP_UNIFIED_ALL = 2, /* Both systemd and controllers on unified */
} CGroupUnified;
/*
* General rules:
*
@ -229,11 +236,14 @@ int cg_kernel_controllers(Set *controllers);
bool cg_ns_supported(void);
int cg_unified(void);
int cg_all_unified(void);
int cg_unified(const char *controller);
void cg_unified_flush(void);
bool cg_is_unified_wanted(void);
bool cg_is_legacy_wanted(void);
bool cg_is_unified_systemd_controller_wanted(void);
bool cg_is_legacy_systemd_controller_wanted(void);
const char* cgroup_controller_to_string(CGroupController c) _const_;
CGroupController cgroup_controller_from_string(const char *s) _pure_;

2
src/cgls/cgls.c
View file

@ -166,7 +166,7 @@ static int get_cgroup_root(char **ret) {
static void show_cg_info(const char *controller, const char *path) {
if (cg_unified() <= 0 && controller && !streq(controller, SYSTEMD_CGROUP_CONTROLLER))
if (cg_all_unified() <= 0 && controller && !streq(controller, SYSTEMD_CGROUP_CONTROLLER))
printf("Controller %s; ", controller);
printf("Control group %s:\n", isempty(path) ? "/" : path);

10
src/cgtop/cgtop.c
View file

@ -213,7 +213,7 @@ static int process(
uint64_t new_usage;
nsec_t timestamp;
if (cg_unified() > 0) {
if (cg_all_unified() > 0) {
const char *keys[] = { "usage_usec", NULL };
_cleanup_free_ char *val = NULL;
@ -273,7 +273,7 @@ static int process(
} else if (streq(controller, "memory")) {
_cleanup_free_ char *p = NULL, *v = NULL;
if (cg_unified() <= 0)
if (cg_all_unified() <= 0)
r = cg_get_path(controller, path, "memory.usage_in_bytes", &p);
else
r = cg_get_path(controller, path, "memory.current", &p);
@ -293,11 +293,11 @@ static int process(
if (g->memory > 0)
g->memory_valid = true;
} else if ((streq(controller, "io") && cg_unified() > 0) ||
(streq(controller, "blkio") && cg_unified() <= 0)) {
} else if ((streq(controller, "io") && cg_all_unified() > 0) ||
(streq(controller, "blkio") && cg_all_unified() <= 0)) {
_cleanup_fclose_ FILE *f = NULL;
_cleanup_free_ char *p = NULL;
bool unified = cg_unified() > 0;
bool unified = cg_all_unified() > 0;
uint64_t wr = 0, rd = 0;
nsec_t timestamp;

34
src/core/cgroup.c
View file

@ -665,7 +665,7 @@ static void cgroup_context_apply(Unit *u, CGroupMask mask, ManagerState state) {
bool has_weight = cgroup_context_has_cpu_weight(c);
bool has_shares = cgroup_context_has_cpu_shares(c);
if (cg_unified() > 0) {
if (cg_all_unified() > 0) {
uint64_t weight;
if (has_weight)
@ -846,7 +846,7 @@ static void cgroup_context_apply(Unit *u, CGroupMask mask, ManagerState state) {
}
if ((mask & CGROUP_MASK_MEMORY) && !is_root) {
if (cg_unified() > 0) {
if (cg_all_unified() > 0) {
uint64_t max = c->memory_max;
if (cgroup_context_has_unified_memory_config(c))
@ -1019,7 +1019,7 @@ CGroupMask unit_get_own_mask(Unit *u) {
e = unit_get_exec_context(u);
if (!e ||
exec_context_maintains_privileges(e) ||
cg_unified() > 0)
cg_all_unified() > 0)
return _CGROUP_MASK_ALL;
}
@ -1245,7 +1245,7 @@ int unit_watch_cgroup(Unit *u) {
return 0;
/* Only applies to the unified hierarchy */
r = cg_unified();
r = cg_unified(SYSTEMD_CGROUP_CONTROLLER);
if (r < 0)
return log_unit_error_errno(u, r, "Failed detect whether the unified hierarchy is used: %m");
if (r == 0)
@ -1645,7 +1645,7 @@ int unit_watch_all_pids(Unit *u) {
if (!u->cgroup_path)
return -ENOENT;
if (cg_unified() > 0) /* On unified we can use proper notifications */
if (cg_unified(SYSTEMD_CGROUP_CONTROLLER) > 0) /* On unified we can use proper notifications */
return 0;
return unit_watch_pids_in_path(u, u->cgroup_path);
@ -1718,7 +1718,7 @@ static int on_cgroup_inotify_event(sd_event_source *s, int fd, uint32_t revents,
int manager_setup_cgroup(Manager *m) {
_cleanup_free_ char *path = NULL;
CGroupController c;
int r, unified;
int r, all_unified, systemd_unified;
char *e;
assert(m);
@ -1755,11 +1755,17 @@ int manager_setup_cgroup(Manager *m) {
if (r < 0)
return log_error_errno(r, "Cannot find cgroup mount point: %m");
unified = cg_unified();
if (unified < 0)
return log_error_errno(r, "Couldn't determine if we are running in the unified hierarchy: %m");
if (unified > 0)
all_unified = cg_all_unified();
systemd_unified = cg_unified(SYSTEMD_CGROUP_CONTROLLER);
if (all_unified < 0 || systemd_unified < 0)
return log_error_errno(all_unified < 0 ? all_unified : systemd_unified,
"Couldn't determine if we are running in the unified hierarchy: %m");
if (all_unified > 0)
log_debug("Unified cgroup hierarchy is located at %s.", path);
else if (systemd_unified > 0)
log_debug("Unified cgroup hierarchy is located at %s. Controllers are on legacy hierarchies.", path);
else
log_debug("Using cgroup controller " SYSTEMD_CGROUP_CONTROLLER ". File system hierarchy is at %s.", path);
@ -1767,7 +1773,7 @@ int manager_setup_cgroup(Manager *m) {
const char *scope_path;
/* 3. Install agent */
if (unified) {
if (systemd_unified) {
/* In the unified hierarchy we can get
* cgroup empty notifications via inotify. */
@ -1827,7 +1833,7 @@ int manager_setup_cgroup(Manager *m) {
return log_error_errno(errno, "Failed to open pin file: %m");
/* 6. Always enable hierarchical support if it exists... */
if (!unified)
if (!all_unified)
(void) cg_set_attribute("memory", "/", "memory.use_hierarchy", "1");
}
@ -1953,7 +1959,7 @@ int unit_get_memory_current(Unit *u, uint64_t *ret) {
if ((u->cgroup_realized_mask & CGROUP_MASK_MEMORY) == 0)
return -ENODATA;
if (cg_unified() <= 0)
if (cg_all_unified() <= 0)
r = cg_get_attribute("memory", u->cgroup_path, "memory.usage_in_bytes", &v);
else
r = cg_get_attribute("memory", u->cgroup_path, "memory.current", &v);
@ -1998,7 +2004,7 @@ static int unit_get_cpu_usage_raw(Unit *u, nsec_t *ret) {
if (!u->cgroup_path)
return -ENODATA;
if (cg_unified() > 0) {
if (cg_all_unified() > 0) {
const char *keys[] = { "usage_usec", NULL };
_cleanup_free_ char *val = NULL;
uint64_t us;

2
src/core/manager.c
View file

@ -771,7 +771,7 @@ static int manager_setup_cgroups_agent(Manager *m) {
if (!MANAGER_IS_SYSTEM(m))
return 0;
if (cg_unified() > 0) /* We don't need this anymore on the unified hierarchy */
if (cg_unified(SYSTEMD_CGROUP_CONTROLLER) > 0) /* We don't need this anymore on the unified hierarchy */
return 0;
if (m->cgroups_agent_fd < 0) {

6
src/core/mount-setup.c
View file

@ -99,10 +99,12 @@ static const MountPoint mount_table[] = {
cg_is_unified_wanted, MNT_FATAL|MNT_IN_CONTAINER },
{ "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME,
cg_is_legacy_wanted, MNT_FATAL|MNT_IN_CONTAINER },
{ "cgroup", "/sys/fs/cgroup/systemd", "cgroup2", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
cg_is_unified_systemd_controller_wanted, MNT_IN_CONTAINER },
{ "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd,xattr", MS_NOSUID|MS_NOEXEC|MS_NODEV,
cg_is_legacy_wanted, MNT_IN_CONTAINER },
cg_is_legacy_systemd_controller_wanted, MNT_IN_CONTAINER },
{ "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV,
cg_is_legacy_wanted, MNT_FATAL|MNT_IN_CONTAINER },
cg_is_legacy_systemd_controller_wanted, MNT_FATAL|MNT_IN_CONTAINER },
{ "pstore", "/sys/fs/pstore", "pstore", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_NONE },
#ifdef ENABLE_EFI

2
src/core/scope.c
View file

@ -441,7 +441,7 @@ static void scope_sigchld_event(Unit *u, pid_t pid, int code, int status) {
/* If the PID set is empty now, then let's finish this off
(On unified we use proper notifications) */
if (cg_unified() <= 0 && set_isempty(u->pids))
if (cg_unified(SYSTEMD_CGROUP_CONTROLLER) <= 0 && set_isempty(u->pids))
scope_notify_cgroup_empty_event(u);
}

2
src/core/service.c
View file

@ -2869,7 +2869,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
/* If the PID set is empty now, then let's finish this off
(On unified we use proper notifications) */
if (cg_unified() <= 0 && set_isempty(u->pids))
if (cg_unified(SYSTEMD_CGROUP_CONTROLLER) <= 0 && set_isempty(u->pids))
service_notify_cgroup_empty_event(u);
}

2
src/core/unit.c
View file

@ -3726,7 +3726,7 @@ int unit_kill_context(
* there we get proper events. Hence rely on
* them.*/
if (cg_unified() > 0 ||
if (cg_unified(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
(detect_container() == 0 && !unit_cgroup_delegate(u)))
wait_for_exit = true;

2
src/libsystemd/sd-bus/test-bus-creds.c
View file

@ -27,7 +27,7 @@ int main(int argc, char *argv[]) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
int r;
if (cg_unified() == -ENOMEDIUM) {
if (cg_all_unified() == -ENOMEDIUM) {
puts("Skipping test: /sys/fs/cgroup/ not available");
return EXIT_TEST_SKIP;
}

13
src/nspawn/nspawn-cgroup.c
View file

@ -20,7 +20,6 @@
#include <sys/mount.h>
#include "alloc-util.h"
#include "cgroup-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "mkdir.h"
@ -63,18 +62,18 @@ int chown_cgroup(pid_t pid, uid_t uid_shift) {
return 0;
}
int sync_cgroup(pid_t pid, bool unified_requested) {
int sync_cgroup(pid_t pid, CGroupUnified unified_requested) {
_cleanup_free_ char *cgroup = NULL;
char tree[] = "/tmp/unifiedXXXXXX", pid_string[DECIMAL_STR_MAX(pid) + 1];
bool undo_mount = false;
const char *fn;
int unified, r;
unified = cg_unified();
unified = cg_unified(SYSTEMD_CGROUP_CONTROLLER);
if (unified < 0)
return log_error_errno(unified, "Failed to determine whether the unified hierarchy is used: %m");
if ((unified > 0) == unified_requested)
if ((unified > 0) == (unified_requested >= CGROUP_UNIFIED_SYSTEMD))
return 0;
/* When the host uses the legacy cgroup setup, but the
@ -117,7 +116,7 @@ finish:
return r;
}
int create_subcgroup(pid_t pid, bool unified_requested) {
int create_subcgroup(pid_t pid, CGroupUnified unified_requested) {
_cleanup_free_ char *cgroup = NULL;
const char *child;
int unified, r;
@ -129,10 +128,10 @@ int create_subcgroup(pid_t pid, bool unified_requested) {
* did not create a scope unit for the container move us and
* the container into two separate subcgroups. */
if (!unified_requested)
if (unified_requested == CGROUP_UNIFIED_NONE)
return 0;
unified = cg_unified();
unified = cg_unified(SYSTEMD_CGROUP_CONTROLLER);
if (unified < 0)
return log_error_errno(unified, "Failed to determine whether the unified hierarchy is used: %m");
if (unified == 0)

6
src/nspawn/nspawn-cgroup.h
View file

@ -22,6 +22,8 @@
#include <stdbool.h>
#include <sys/types.h>
#include "cgroup-util.h"
int chown_cgroup(pid_t pid, uid_t uid_shift);
int sync_cgroup(pid_t pid, bool unified_requested);
int create_subcgroup(pid_t pid, bool unified_requested);
int sync_cgroup(pid_t pid, CGroupUnified unified_requested);
int create_subcgroup(pid_t pid, CGroupUnified unified_requested);

46
src/nspawn/nspawn-mount.c
View file

@ -21,7 +21,6 @@
#include <linux/magic.h>
#include "alloc-util.h"
#include "cgroup-util.h"
#include "escape.h"
#include "fd-util.h"
#include "fileio.h"
@ -661,7 +660,8 @@ static int get_controllers(Set *subsystems) {
return 0;
}
static int mount_legacy_cgroup_hierarchy(const char *dest, const char *controller, const char *hierarchy, bool read_only) {
static int mount_legacy_cgroup_hierarchy(const char *dest, const char *controller, const char *hierarchy,
CGroupUnified unified_requested, bool read_only) {
char *to;
int r;
@ -677,7 +677,15 @@ static int mount_legacy_cgroup_hierarchy(const char *dest, const char *controlle
/* The superblock mount options of the mount point need to be
* identical to the hosts', and hence writable... */
if (mount("cgroup", to, "cgroup", MS_NOSUID|MS_NOEXEC|MS_NODEV, controller) < 0)
if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
if (unified_requested >= CGROUP_UNIFIED_SYSTEMD)
r = mount("cgroup", to, "cgroup2", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL);
else
r = mount("cgroup", to, "cgroup", MS_NOSUID|MS_NOEXEC|MS_NODEV, "none,name=systemd,xattr");
} else
r = mount("cgroup", to, "cgroup", MS_NOSUID|MS_NOEXEC|MS_NODEV, controller);
if (r < 0)
return log_error_errno(errno, "Failed to mount to %s: %m", to);
/* ... hence let's only make the bind mount read-only, not the
@ -691,8 +699,8 @@ static int mount_legacy_cgroup_hierarchy(const char *dest, const char *controlle
/* Mount a legacy cgroup hierarchy when cgroup namespaces are supported. */
static int mount_legacy_cgns_supported(
bool userns, uid_t uid_shift, uid_t uid_range,
const char *selinux_apifs_context) {
CGroupUnified unified_requested, bool userns, uid_t uid_shift,
uid_t uid_range, const char *selinux_apifs_context) {
_cleanup_set_free_free_ Set *controllers = NULL;
const char *cgroup_root = "/sys/fs/cgroup", *c;
int r;
@ -721,7 +729,7 @@ static int mount_legacy_cgns_supported(
return log_error_errno(errno, "Failed to mount /sys/fs/cgroup: %m");
}
if (cg_unified() > 0)
if (cg_all_unified() > 0)
goto skip_controllers;
controllers = set_new(&string_hash_ops);
@ -739,7 +747,7 @@ static int mount_legacy_cgns_supported(
if (!controller)
break;
r = mount_legacy_cgroup_hierarchy("", controller, controller, !userns);
r = mount_legacy_cgroup_hierarchy("", controller, controller, unified_requested, !userns);
if (r < 0)
return r;
@ -773,7 +781,7 @@ static int mount_legacy_cgns_supported(
}
skip_controllers:
r = mount_legacy_cgroup_hierarchy("", "none,name=systemd,xattr", "systemd", false);
r = mount_legacy_cgroup_hierarchy("", SYSTEMD_CGROUP_CONTROLLER, "systemd", unified_requested, false);
if (r < 0)
return r;
@ -788,7 +796,7 @@ skip_controllers:
/* Mount legacy cgroup hierarchy when cgroup namespaces are unsupported. */
static int mount_legacy_cgns_unsupported(
const char *dest,
bool userns, uid_t uid_shift, uid_t uid_range,
CGroupUnified unified_requested, bool userns, uid_t uid_shift, uid_t uid_range,
const char *selinux_apifs_context) {
_cleanup_set_free_free_ Set *controllers = NULL;
const char *cgroup_root;
@ -813,7 +821,7 @@ static int mount_legacy_cgns_unsupported(
return log_error_errno(errno, "Failed to mount /sys/fs/cgroup: %m");
}
if (cg_unified() > 0)
if (cg_all_unified() > 0)
goto skip_controllers;
controllers = set_new(&string_hash_ops);
@ -839,7 +847,7 @@ static int mount_legacy_cgns_unsupported(
if (r == -EINVAL) {
/* Not a symbolic link, but directly a single cgroup hierarchy */
r = mount_legacy_cgroup_hierarchy(dest, controller, controller, true);
r = mount_legacy_cgroup_hierarchy(dest, controller, controller, unified_requested, true);
if (r < 0)
return r;
@ -859,7 +867,7 @@ static int mount_legacy_cgns_unsupported(
continue;
}
r = mount_legacy_cgroup_hierarchy(dest, combined, combined, true);
r = mount_legacy_cgroup_hierarchy(dest, combined, combined, unified_requested, true);
if (r < 0)
return r;
@ -872,7 +880,7 @@ static int mount_legacy_cgns_unsupported(
}
skip_controllers:
r = mount_legacy_cgroup_hierarchy(dest, "none,name=systemd,xattr", "systemd", false);
r = mount_legacy_cgroup_hierarchy(dest, SYSTEMD_CGROUP_CONTROLLER, "systemd", unified_requested, false);
if (r < 0)
return r;
@ -914,22 +922,22 @@ static int mount_unified_cgroups(const char *dest) {
int mount_cgroups(
const char *dest,
bool unified_requested,
CGroupUnified unified_requested,
bool userns, uid_t uid_shift, uid_t uid_range,
const char *selinux_apifs_context,
bool use_cgns) {
if (unified_requested)
if (unified_requested >= CGROUP_UNIFIED_ALL)
return mount_unified_cgroups(dest);
else if (use_cgns && cg_ns_supported())
return mount_legacy_cgns_supported(userns, uid_shift, uid_range, selinux_apifs_context);
return mount_legacy_cgns_supported(unified_requested, userns, uid_shift, uid_range, selinux_apifs_context);
return mount_legacy_cgns_unsupported(dest, userns, uid_shift, uid_range, selinux_apifs_context);
return mount_legacy_cgns_unsupported(dest, unified_requested, userns, uid_shift, uid_range, selinux_apifs_context);
}
int mount_systemd_cgroup_writable(
const char *dest,
bool unified_requested) {
CGroupUnified unified_requested) {
_cleanup_free_ char *own_cgroup_path = NULL;
const char *systemd_root, *systemd_own;
@ -945,7 +953,7 @@ int mount_systemd_cgroup_writable(
if (path_equal(own_cgroup_path, "/"))
return 0;
if (unified_requested) {
if (unified_requested >= CGROUP_UNIFIED_ALL) {
systemd_own = strjoina(dest, "/sys/fs/cgroup", own_cgroup_path);
systemd_root = prefix_roota(dest, "/sys/fs/cgroup");
} else {

6
src/nspawn/nspawn-mount.h
View file

@ -21,6 +21,8 @@
#include <stdbool.h>
#include "cgroup-util.h"
typedef enum VolatileMode {
VOLATILE_NO,
VOLATILE_YES,
@ -58,8 +60,8 @@ int custom_mount_compare(const void *a, const void *b);
int mount_all(const char *dest, bool use_userns, bool in_userns, bool use_netns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context);
int mount_sysfs(const char *dest);
int mount_cgroups(const char *dest, bool unified_requested, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context, bool use_cgns);
int mount_systemd_cgroup_writable(const char *dest, bool unified_requested);
int mount_cgroups(const char *dest, CGroupUnified unified_requested, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context, bool use_cgns);
int mount_systemd_cgroup_writable(const char *dest, CGroupUnified unified_requested);
int mount_custom(const char *dest, CustomMount *mounts, unsigned n, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context);

26
src/nspawn/nspawn.c
View file

@ -188,7 +188,7 @@ static UserNamespaceMode arg_userns_mode = USER_NAMESPACE_NO;
static uid_t arg_uid_shift = UID_INVALID, arg_uid_range = 0x10000U;
static bool arg_userns_chown = false;
static int arg_kill_signal = 0;
static bool arg_unified_cgroup_hierarchy = false;
static CGroupUnified arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_UNKNOWN;
static SettingsMask arg_settings_mask = 0;
static int arg_settings_trusted = -1;
static char **arg_parameters = NULL;
@ -318,7 +318,14 @@ static int custom_mounts_prepare(void) {
static int detect_unified_cgroup_hierarchy(void) {
const char *e;
int r;
int r, all_unified, systemd_unified;
all_unified = cg_all_unified();
systemd_unified = cg_unified(SYSTEMD_CGROUP_CONTROLLER);
if (all_unified < 0 || systemd_unified < 0)
return log_error_errno(all_unified < 0 ? all_unified : systemd_unified,
"Failed to determine whether the unified cgroups hierarchy is used: %m");
/* Allow the user to control whether the unified hierarchy is used */
e = getenv("UNIFIED_CGROUP_HIERARCHY");
@ -326,17 +333,22 @@ static int detect_unified_cgroup_hierarchy(void) {
r = parse_boolean(e);
if (r < 0)
return log_error_errno(r, "Failed to parse $UNIFIED_CGROUP_HIERARCHY.");
if (r > 0)
arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_ALL;
else
arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_NONE;
arg_unified_cgroup_hierarchy = r;
return 0;
}
/* Otherwise inherit the default from the host system */
r = cg_unified();
if (r < 0)
return log_error_errno(r, "Failed to determine whether the unified cgroups hierarchy is used: %m");
if (all_unified > 0)
arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_ALL;
else if (systemd_unified > 0)
arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_SYSTEMD;
else
arg_unified_cgroup_hierarchy = CGROUP_UNIFIED_NONE;
arg_unified_cgroup_hierarchy = r;
return 0;
}