cgroups: split delegation checks into separate helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: split delegation checks into separate helpers
0da35ac7 · Christian Brauner · 63ba9eaf · 0da35ac7 · 0da35ac7
Unverified Commit 0da35ac7 authored Feb 21, 2021 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 66 additions and 49 deletions

cgfsng.c src/lxc/cgroups/cgfsng.c +59 -49

log.h src/lxc/log.h +7 -0

No files found.
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -2942,7 +2942,42 @@ __cgfsng_ops static bool cgfsng_payload_delegate_controllers(struct cgroup_ops *
 	return __cgfsng_delegate_controllers(ops, ops->container_cgroup);
 }
-static int list_unified_delegation_files(char ***delegate)
+static inline bool unified_cgroup(const char *line)
+{
+	return *line == '0';
+}
+static inline char *current_unified_cgroup(bool relative, char *line)
+{
+	char *current_cgroup;
+	line += STRLITERALLEN("0::");
+	if (!abspath(line))
+		return ERR_PTR(-EINVAL);
+	/* remove init.scope */
+	if (!relative)
+		line = prune_init_scope(line);
+	/* create a relative path */
+	line = deabs(line);
+	current_cgroup = strdup(line);
+	if (!current_cgroup)
+		return ERR_PTR(-ENOMEM);
+	return current_cgroup;
+}
+static inline const char *unprefix(const char *controllers)
+{
+	if (strnequal(controllers, "name=", STRLITERALLEN("name=")))
+		return controllers + STRLITERALLEN("name=");
+	return controllers;
+}
+static int __list_cgroup_delegate(char ***delegate)
 {
 	__do_free char **list = NULL;
 	__do_free char *buf = NULL;
@@ -2985,39 +3020,32 @@ static int list_unified_delegation_files(char ***delegate)
 	return 0;
 }
-static inline bool unified_cgroup(const char *line)
+static bool unified_hierarchy_delegated(int dfd_base, char ***ret_files)
-{
-	return *line == '0';
-}
-static inline char *current_unified_cgroup(bool relative, char *line)
 {
-	char *current_cgroup;
+	__do_free_string_list char **list = NULL;
+	int ret;
-	line += STRLITERALLEN("0::");
-	if (!abspath(line))
-		return ERR_PTR(-EINVAL);
-	/* remove init.scope */
+	ret = __list_cgroup_delegate(&list);
-	if (!relative)
+	if (ret < 0)
-		line = prune_init_scope(line);
+		return syserrno(ret, "Failed to determine unified cgroup delegation requirements");
-	/* create a relative path */
+	for (char *const *s = list; s && *s; s++) {
-	line = deabs(line);
+		if (!faccessat(dfd_base, *s, W_OK, 0) || errno == ENOENT)
+			continue;
-	current_cgroup = strdup(line);
+		return sysinfo(false, "The %s file is not writable, skipping unified hierarchy", *s);
-	if (!current_cgroup)
+	}
-		return ERR_PTR(-ENOMEM);
-	return current_cgroup;
+	*ret_files = move_ptr(list);
+	return true;
 }
-static inline const char *unprefix(const char *controllers)
+static bool legacy_hierarchy_delegated(int dfd_base)
 {
-	if (strnequal(controllers, "name=", STRLITERALLEN("name=")))
+	if (faccessat(dfd_base, "cgroup.procs", W_OK, 0) && errno != ENOENT)
-		return controllers + STRLITERALLEN("name=");
+		return sysinfo(false, "The cgroup.procs file is not writable, skipping legacy hierarchy");
-	return controllers;
+	return true;
 }
 static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
@@ -3082,6 +3110,9 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 				dfd = dfd_base;
 			}
+			if (!unified_hierarchy_delegated(dfd, &delegate))
+				continue;
 			controller_list = unified_controllers(dfd, "cgroup.controllers");
 			if (!controller_list) {
 				TRACE("No controllers are enabled for delegation in the unified hierarchy");
@@ -3090,22 +3121,6 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 					return syserrno(-ENOMEM, "Failed to create empty controller list");
 			}
-			if (unprivileged) {
-				ret = list_unified_delegation_files(&delegate);
-				if (ret < 0)
-					return syserrno(ret, "Failed to determine delegation requirements");
-				for (char *const *d = delegate; d && *d; d++) {
-					if (faccessat(dfd, *d, W_OK, 0)) {
-						if (errno == ENOENT)
-							continue;
-						SYSINFO("Lacking write access to %s, skipping unified cgroup", *d);
-						break;
-					}
-				}
-			}
 			type = CGROUP2_SUPER_MAGIC;
 			controllers = strdup(unified_mnt);
 			if (!controllers)
@@ -3165,13 +3180,8 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 				dfd = dfd_base;
 			}
-			if (faccessat(dfd, "cgroup.procs", W_OK, 0)) {
+			if (!legacy_hierarchy_delegated(dfd))
-				if (errno == ENOENT)
+				continue;
-					continue;
-				SYSINFO("Lacking write access to %s", controllers);
-				break;
-			}
 			/*
 			 * We intentionally pass __current_cgroup here and not

--- a/src/lxc/log.h
+++ b/src/lxc/log.h
@@ -515,6 +515,13 @@ __lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,	\
 		__internal_ret__;                             \
 	})
+#define sysinfo(__ret__, format, ...)                         \
+	({                                                    \
+		typeof(__ret__) __internal_ret__ = (__ret__); \
+		SYSINFO(format, ##__VA_ARGS__);               \
+		__internal_ret__;                             \
+	})
 #define syserrno_set(__ret__, format, ...)                    \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \