picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/core
History
Chris Down c52db42b78 cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 
In cgroup v2 we have protection tunables -- currently MemoryLow and
MemoryMin (there will be more in future for other resources, too). The
design of these protection tunables requires not only intermediate
cgroups to propagate protections, but also the units at the leaf of that
resource's operation to accept it (by setting MemoryLow or MemoryMin).

This makes sense from an low-level API design perspective, but it's a
good idea to also have a higher-level abstraction that can, by default,
propagate these resources to children recursively. In this patch, this
happens by having descendants set memory.low to N if their ancestor has
DefaultMemoryLow=N -- assuming they don't set a separate MemoryLow
value.

Any affected unit can opt out of this propagation by manually setting
`MemoryLow` to some value in its unit configuration. A unit can also
stop further propagation by setting `DefaultMemoryLow=` with no
argument. This removes further propagation in the subtree, but has no
effect on the unit itself (for that, use `MemoryLow=0`).

Our use case in production is simplifying the configuration of machines
which heavily rely on memory protection tunables, but currently require
tweaking a huge number of unit files to make that a reality. This
directive makes that significantly less fragile, and decreases the risk
of misconfiguration.

After this patch is merged, I will implement DefaultMemoryMin= using the
same principles.
2019-04-12 17:23:58 +02:00
..
all-units.h core: undo the dependency inversion between unit.h and all unit types 2018-05-15 14:24:34 -04:00
audit-fd.c tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
audit-fd.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
automount.c Merge pull request #12115 from poettering/verbose-job-enqueue 2019-03-28 11:04:26 +01:00
automount.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
bpf-devices.c tree-wide: drop several missing_*.h and import relevant headers from kernel-5.0 2019-04-11 19:00:37 +02:00
bpf-devices.h cgroups: beef up DeviceAllow= syntax a bit 2018-11-29 20:21:39 +01:00
bpf-firewall.c tree-wide: drop several missing_*.h and import relevant headers from kernel-5.0 2019-04-11 19:00:37 +02:00
bpf-firewall.h tree-wide: drop double newline 2018-06-29 11:02:17 +09:00
cgroup.c cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
cgroup.h cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
chown-recursive.c core: drop suid/sgid bit of files/dirs when doing recursive chown 2019-03-26 08:29:37 +01:00
chown-recursive.h core: drop suid/sgid bit of files/dirs when doing recursive chown 2019-03-26 08:29:37 +01:00
dbus-automount.c tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-automount.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-cgroup.c cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
dbus-cgroup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-device.c tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-device.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-execute.c Add open_memstream_unlocked() wrapper 2019-04-12 11:44:57 +02:00
dbus-execute.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-job.c core: before returning new job path to clients, force out JobNew signals 2018-12-01 12:53:26 +01:00
dbus-job.h core: before returning new job path to clients, force out JobNew signals 2018-12-01 12:53:26 +01:00
dbus-kill.c Make Watchdog Signal Configurable 2018-09-26 16:14:29 +02:00
dbus-kill.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-manager.c core: implement OOMPolicy= and watch cgroups for OOM killings 2019-04-09 11:17:58 +02:00
dbus-manager.h core: implement OOMPolicy= and watch cgroups for OOM killings 2019-04-09 11:17:58 +02:00
dbus-mount.c cgroup: drastically simplify caching of cgroups members mask 2018-11-23 13:41:37 +01:00
dbus-mount.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-path.c tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-path.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-scope.c core: reduce the number of stalled PIDs from the watched processes list when possible 2019-03-20 10:51:49 +01:00
dbus-scope.h pid1: add a new AbandonScope() method call on the Manager object 2018-11-09 17:08:59 +01:00
dbus-service.c Make fopen_temporary and fopen_temporary_label unlocked 2019-04-12 11:44:56 +02:00
dbus-service.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-slice.c cgroup: drastically simplify caching of cgroups members mask 2018-11-23 13:41:37 +01:00
dbus-slice.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-socket.c Remove 'inline' attributes from static functions in .c files (#11426) 2019-01-15 08:12:28 +01:00
dbus-socket.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-swap.c cgroup: drastically simplify caching of cgroups members mask 2018-11-23 13:41:37 +01:00
dbus-swap.h tree-wide: beautify remaining copyright statements 2018-06-14 10:20:21 +02:00
dbus-target.c tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-target.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-timer.c core: optionally, trigger .timer units on timezone and clock changes 2019-04-02 08:20:10 +02:00
dbus-timer.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-unit.c core: add new API for enqueing a job with returning the transaction data 2019-03-27 12:37:37 +01:00
dbus-unit.h core: add new API for enqueing a job with returning the transaction data 2019-03-27 12:37:37 +01:00
dbus-util.c tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-util.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus.c tree-wide: port users over to use new ERRNO_IS_ACCEPT_AGAIN() call 2019-04-10 22:11:18 +02:00
dbus.h core: rename queued_message → pending_reload_message 2018-11-13 11:59:06 +01:00
device.c Merge pull request #12013 from yuwata/fix-switchroot-11997 2019-04-02 16:06:07 +02:00
device.h device: clean up DeviceFound flags set 2018-10-09 21:11:22 +02:00
dynamic-user.c headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
dynamic-user.h tree-wide: reorder various structures to make them smaller and use fewer cache lines 2019-03-27 18:11:11 +01:00
emergency-action.c core: add new API for enqueing a job with returning the transaction data 2019-03-27 12:37:37 +01:00
emergency-action.h core: change emergency_action() to return void 2019-03-18 16:06:36 +01:00
execute.c core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID= 2019-04-02 16:56:48 +02:00
execute.h core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID= 2019-04-02 16:56:48 +02:00
hostname-setup.c tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
hostname-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
ima-setup.c headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
ima-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
ip-address-access.c tree-wide: drop copyright headers from frequent contributors 2018-06-20 11:58:53 +02:00
ip-address-access.h tree-wide: drop double newline 2018-06-29 11:02:17 +09:00
job.c util: split out sorting related calls to new sort-util.[ch] 2019-03-13 12:16:43 +01:00
job.h core: rework how we deserialize jobs 2018-12-12 11:15:07 +01:00
kill.c Make Watchdog Signal Configurable 2018-09-26 16:14:29 +02:00
kill.h tree-wide: reorder various structures to make them smaller and use fewer cache lines 2019-03-27 18:11:11 +01:00
killall.c core/killall: Add documentation about broadcast_signal() 2019-04-10 19:30:38 +02:00
killall.h core/killall: Propagate errors and return the number of process left 2019-04-08 19:41:16 +02:00
kmod-setup.c tree-wide: replace 'unsigned int' with 'unsigned' 2018-10-19 22:19:12 +02:00
kmod-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
load-dropin.c pid1: drop now-unused path parameter to add_dependency_by_name() 2018-09-15 19:57:52 +02:00
load-dropin.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
load-fragment-gperf-nulstr.awk build-sys: fix the script used for generating load_fragment_gperf_nulstr (#6646) 2017-08-26 23:21:23 +09:00
load-fragment-gperf.gperf.m4 cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
load-fragment.c cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow 2019-04-12 17:23:58 +02:00
load-fragment.h core: implement OOMPolicy= and watch cgroups for OOM killings 2019-04-09 11:17:58 +02:00
locale-setup.c Make default locale a compile time option 2018-12-29 21:43:04 +09:00
locale-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
loopback-setup.c headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
loopback-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
machine-id-setup.c util: split out namespace related stuff into a new namespace-util.[ch] pair 2019-03-13 12:16:38 +01:00
machine-id-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
macros.systemd.in rpm: avoid hiding errors from systemd commands 2019-03-22 20:54:59 +01:00
main.c core: implement OOMPolicy= and watch cgroups for OOM killings 2019-04-09 11:17:58 +02:00
manager.c Merge pull request #12217 from keszybz/unlocked-operations 2019-04-12 13:51:53 +02:00
manager.h core: implement OOMPolicy= and watch cgroups for OOM killings 2019-04-09 11:17:58 +02:00
meson.build Revert "build: install /etc/systemd/{system,user}-generators" 2019-04-02 21:09:35 +02:00
mount-setup.c util: split out nulstr related stuff to nulstr-util.[ch] 2019-03-14 13:25:52 +01:00
mount-setup.h core: remove JoinControllers= configuration setting 2018-11-16 14:54:13 +01:00
mount.c pid1,shutdown: do not cunescape paths from libmount 2019-04-09 09:07:40 +02:00
mount.h mount: replace three closely related mount flags into a proper flags enum 2018-12-07 17:35:32 +01:00
namespace.c tree-wide: (void)ify a few unlink() and rmdir() 2019-03-27 18:09:56 +01:00
namespace.h namespace: when DynamicUser=1 is set, mount StateDirectory= bind mounts "nosuid" 2019-03-25 19:57:15 +01:00
org.freedesktop.systemd1.conf systemd-analyze: make dump work for large # of units 2018-05-11 08:11:02 -07:00
org.freedesktop.systemd1.policy.in core: systemd1.manage-unit-files policy implies systemd1.manage-units 2018-05-18 00:02:58 +09:00
org.freedesktop.systemd1.service Add SPDX license headers to various assorted files 2017-11-19 19:08:15 +01:00
path.c core: add new API for enqueing a job with returning the transaction data 2019-03-27 12:37:37 +01:00
path.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
scope.c scope: tiny cleanup: UNIT(s) -> u 2019-03-20 10:51:49 +01:00
scope.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
selinux-access.c headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
selinux-access.h tree-wide: drop double newline 2018-06-29 11:02:17 +09:00
selinux-setup.c headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
selinux-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
service.c core: implement OOMPolicy= and watch cgroups for OOM killings 2019-04-09 11:17:58 +02:00
service.h core: implement OOMPolicy= and watch cgroups for OOM killings 2019-04-09 11:17:58 +02:00
show-status.c headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
show-status.h show-status: fold two bool flags function arguments into a flags 2018-11-26 18:24:12 +01:00
slice.c core: whenever we change state of a unit, force out PropertiesChanged bus signal 2018-12-01 12:53:26 +01:00
slice.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
smack-setup.c Add open_memstream_unlocked() wrapper 2019-04-12 11:44:57 +02:00
smack-setup.h tree-wide: use proper unicode © instead of (C) where we can 2018-06-14 10:20:20 +02:00
socket.c tree-wide: port users over to use new ERRNO_IS_ACCEPT_AGAIN() call 2019-04-10 22:11:18 +02:00
socket.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
swap.c core: reduce the number of stalled PIDs from the watched processes list when possible 2019-03-20 10:51:49 +01:00
swap.h core: replace udev_device by sd_device 2018-08-23 04:57:39 +09:00
system.conf.in core: remove JoinControllers= configuration setting 2018-11-16 14:54:13 +01:00
systemd.pc.in pkgconfig: avoid double slash with split-usr configuration 2019-03-05 18:49:28 +01:00
target.c core: whenever we change state of a unit, force out PropertiesChanged bus signal 2018-12-01 12:53:26 +01:00
target.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
timer.c core: optionally, trigger .timer units on timezone and clock changes 2019-04-02 08:20:10 +02:00
timer.h core: optionally, trigger .timer units on timezone and clock changes 2019-04-02 08:20:10 +02:00
transaction.c core: refactor transaction.c to use fewer gotos 2019-04-02 07:28:58 +09:00
transaction.h core: add new API for enqueing a job with returning the transaction data 2019-03-27 12:37:37 +01:00
triggers.systemd.in Drop my copyright headers 2018-06-14 13:03:20 +02:00
unit-printf.c core: support %j in unit dependency resolution 2018-12-22 17:21:13 +09:00
unit-printf.h tree-wide: remove various unused functions 2018-12-02 13:35:34 +09:00
unit.c core: implement OOMPolicy= and watch cgroups for OOM killings 2019-04-09 11:17:58 +02:00
unit.h core: implement OOMPolicy= and watch cgroups for OOM killings 2019-04-09 11:17:58 +02:00
user.conf core: rename StartLimitInterval= to StartLimitIntervalSec= 2016-04-29 16:27:48 +02:00