cgroup: Split legacy 'ns' cgroup handling off from main cgroup handling

src/lxc/cgroup.c

@@ -604,7 +604,7 @@ static char *cgroup_rename_nsgroup(const char *mountpath, const char *oldname, p
 }
 
 /* create a new cgroup */
-extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const char *path_pattern, struct cgroup_meta_data *meta_data, const char *sub_pattern, pid_t pid)
+extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const char *path_pattern, struct cgroup_meta_data *meta_data, const char *sub_pattern)
 {
 	char **cgroup_path_components = NULL;
 	char **p = NULL;
@@ -826,27 +826,16 @@ extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const cha
 
 	/* we're done, now update the paths */
 	for (i = 0, info_ptr = base_info; info_ptr; info_ptr = info_ptr->next, i++) {
-		/*
-		 * For any path which has ns cgroup mounted, handler->pid is already
-		 * moved into a container called '%d % (handler->pid)'.  Rename it to
-		 * the cgroup name and record that.
+		/* ignore legacy 'ns' subsystem here, lxc_cgroup_create_legacy
+		 * will take care of it
+		 * Since we do a continue in above loop, new_cgroup_paths[i] is
+		 * unset anyway, as is new_cgroup_paths_sub[i]
 		 */
-		if (lxc_string_in_array("ns", (const char **)info_ptr->hierarchy->subsystems)) {
-			char *tmp = cgroup_rename_nsgroup((const char *)info_ptr->designated_mount_point->mount_point,
-					info_ptr->cgroup_path, pid, name);
-			if (!tmp)
-				goto out_initial_error;
-			free(info_ptr->cgroup_path);
-			info_ptr->cgroup_path = tmp;
-			r = lxc_grow_array((void ***)&info_ptr->created_paths, &info_ptr->created_paths_capacity, info_ptr->created_paths_count + 1, 8);
-			if (r < 0)
-				goto out_initial_error;
-			info_ptr->created_paths[info_ptr->created_paths_count++] = strdup(tmp);
-		} else {
-			free(info_ptr->cgroup_path);
-			info_ptr->cgroup_path = new_cgroup_paths[i];
-			info_ptr->cgroup_path_sub = new_cgroup_paths_sub[i];
-		}
+		if (lxc_string_in_array("ns", (const char **)info_ptr->hierarchy->subsystems))
+			continue;
+		free(info_ptr->cgroup_path);
+		info_ptr->cgroup_path = new_cgroup_paths[i];
+		info_ptr->cgroup_path_sub = new_cgroup_paths_sub[i];
 	}
 	/* don't use lxc_free_array since we used the array members
 	 * to store them in our result...
@@ -868,6 +857,36 @@ out_initial_error:
 	return NULL;
 }
 
+int lxc_cgroup_create_legacy(struct cgroup_process_info *base_info, const char *name, pid_t pid)
+{
+	struct cgroup_process_info *info_ptr;
+	int r;
+
+	for (info_ptr = base_info; info_ptr; info_ptr = info_ptr->next) {
+		if (!lxc_string_in_array("ns", (const char **)info_ptr->hierarchy->subsystems))
+			continue;
+		/*
+		 * For any path which has ns cgroup mounted, handler->pid is already
+		 * moved into a container called '%d % (handler->pid)'.  Rename it to
+		 * the cgroup name and record that.
+		 */
+		char *tmp = cgroup_rename_nsgroup((const char *)info_ptr->designated_mount_point->mount_point,
+				info_ptr->cgroup_path, pid, name);
+		if (!tmp)
+			return -1;
+		free(info_ptr->cgroup_path);
+		info_ptr->cgroup_path = tmp;
+		r = lxc_grow_array((void ***)&info_ptr->created_paths, &info_ptr->created_paths_capacity, info_ptr->created_paths_count + 1, 8);
+		if (r < 0)
+			return -1;
+		tmp = strdup(tmp);
+		if (!tmp)
+			return -1;
+		info_ptr->created_paths[info_ptr->created_paths_count++] = tmp;
+	}
+	return 0;
+}
+
 /* get the cgroup membership of a given container */
 struct cgroup_process_info *lxc_cgroup_get_container_info(const char *name, const char *lxcpath, struct cgroup_meta_data *meta_data)
 {

src/lxc/cgroup.h

@@ -113,7 +113,8 @@ extern struct cgroup_process_info *lxc_cgroup_process_info_get_init(struct cgrou
 extern struct cgroup_process_info *lxc_cgroup_process_info_get_self(struct cgroup_meta_data *meta);
 
 /* create a new cgroup */
-extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const char *path_pattern, struct cgroup_meta_data *meta_data, const char *sub_pattern, int pid);
+extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const char *path_pattern, struct cgroup_meta_data *meta_data, const char *sub_pattern);
+extern int lxc_cgroup_create_legacy(struct cgroup_process_info *base_info, const char *name, pid_t pid);
 
 /* get the cgroup membership of a given container */
 extern struct cgroup_process_info *lxc_cgroup_get_container_info(const char *name, const char *lxcpath, struct cgroup_meta_data *meta_data);

src/lxc/start.c

@@ -663,6 +663,14 @@ int lxc_spawn(struct lxc_handler *handler)
 	if (!cgroup_pattern)
 		cgroup_pattern = "%n";
 
+	/* Create cgroup before doing clone(), so the child will know from
+	 * handler which cgroup it is going to be put in later.
+	 */
+	if ((handler->cgroup = lxc_cgroup_create(name, cgroup_pattern, cgroup_meta, NULL)) == NULL) {
+		ERROR("failed to create cgroups for '%s'", name);
+		goto out_delete_net;
+	}
+
 	/*
 	 * if the rootfs is not a blockdev, prevent the container from
 	 * marking it readonly.
@@ -684,8 +692,11 @@ int lxc_spawn(struct lxc_handler *handler)
 	if (lxc_sync_wait_child(handler, LXC_SYNC_CONFIGURE))
 		failed_before_rename = 1;
 
-	if ((handler->cgroup = lxc_cgroup_create(name, cgroup_pattern, cgroup_meta, NULL, handler->pid)) == NULL) {
-		ERROR("failed to create cgroups for '%s'", name);
+	/* In case there is still legacy ns cgroup support in the kernel.
+	 * Should be removed at some later point in time.
+	 */
+	if (lxc_cgroup_create_legacy(handler->cgroup, name, handler->pid) < 0) {
+		ERROR("failed to create legacy ns cgroups for '%s'", name);
 		goto out_delete_net;
 	}