Introduce lxc.cgroup.dir.monitor.pivot

doc/lxc.container.conf.sgml.in

@@ -1606,6 +1606,18 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
         </varlistentry>
         <varlistentry>
           <term>
+            <option>lxc.cgroup.dir.monitor.pivot</option>
+          </term>
+          <listitem>
+            <para>
+              On container termination the PID of the monitor process is attached to this cgroup.
+              This path should not be a subpath of any other configured cgroup dir to ensure
+              proper removal of other cgroup paths on container termination.
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>
             <option>lxc.cgroup.dir.container.inner</option>
           </term>
           <listitem>

src/lxc/cgroups/cgfsng.c

@@ -1093,7 +1093,10 @@ __cgfsng_ops static void cgfsng_monitor_destroy(struct cgroup_ops *ops,
 			goto try_lxc_rm_rf;
 		}
 
-		if (conf && conf->cgroup_meta.monitor_dir)
+		if (conf && conf->cgroup_meta.monitor_pivot_dir)
+			pivot_path = must_make_path(h->mountpoint, h->container_base_path,
+						    conf->cgroup_meta.monitor_pivot_dir, CGROUP_PIVOT, NULL);
+		else if (conf && conf->cgroup_meta.monitor_dir)
 			pivot_path = must_make_path(h->mountpoint, h->container_base_path,
 						    conf->cgroup_meta.monitor_dir, CGROUP_PIVOT, NULL);
 		else if (conf && conf->cgroup_meta.dir)

src/lxc/conf.h

@@ -61,6 +61,7 @@ struct lxc_cgroup {
 			char *controllers;
 			char *dir;
 			char *monitor_dir;
+			char *monitor_pivot_dir;
 			char *container_dir;
 			char *namespace_dir;
 			bool relative;

src/lxc/confile.c

@@ -73,6 +73,7 @@ lxc_config_define(cgroup_controller);
 lxc_config_define(cgroup2_controller);
 lxc_config_define(cgroup_dir);
 lxc_config_define(cgroup_monitor_dir);
+lxc_config_define(cgroup_monitor_pivot_dir);
 lxc_config_define(cgroup_container_dir);
 lxc_config_define(cgroup_container_inner_dir);
 lxc_config_define(cgroup_relative);
@@ -178,6 +179,7 @@ static struct lxc_config_t config_jump_table[] = {
 	{ "lxc.cap.drop",                   set_config_cap_drop,                   get_config_cap_drop,                   clr_config_cap_drop,                   },
 	{ "lxc.cap.keep",                   set_config_cap_keep,                   get_config_cap_keep,                   clr_config_cap_keep,                   },
 	{ "lxc.cgroup2",                    set_config_cgroup2_controller,         get_config_cgroup2_controller,         clr_config_cgroup2_controller,         },
+	{ "lxc.cgroup.dir.monitor.pivot",   set_config_cgroup_monitor_pivot_dir,   get_config_cgroup_monitor_pivot_dir,   clr_config_cgroup_monitor_pivot_dir,   },
 	{ "lxc.cgroup.dir.monitor",         set_config_cgroup_monitor_dir,         get_config_cgroup_monitor_dir,         clr_config_cgroup_monitor_dir,         },
 	{ "lxc.cgroup.dir.container.inner", set_config_cgroup_container_inner_dir, get_config_cgroup_container_inner_dir, clr_config_cgroup_container_inner_dir, },
 	{ "lxc.cgroup.dir.container",       set_config_cgroup_container_dir,       get_config_cgroup_container_dir,       clr_config_cgroup_container_dir,       },
@@ -1814,6 +1816,16 @@ static int set_config_cgroup_monitor_dir(const char *key, const char *value,
 				      value);
 }
 
+static int set_config_cgroup_monitor_pivot_dir(const char *key, const char *value,
+					 struct lxc_conf *lxc_conf, void *data)
+{
+	if (lxc_config_value_empty(value))
+		return clr_config_cgroup_monitor_pivot_dir(key, lxc_conf, NULL);
+
+	return set_config_string_item(&lxc_conf->cgroup_meta.monitor_pivot_dir,
+				      value);
+}
+
 static int set_config_cgroup_container_dir(const char *key, const char *value,
 					   struct lxc_conf *lxc_conf,
 					   void *data)
@@ -3858,6 +3870,22 @@ static int get_config_cgroup_monitor_dir(const char *key, char *retv, int inlen,
 	return fulllen;
 }
 
+static int get_config_cgroup_monitor_pivot_dir(const char *key, char *retv, int inlen,
+					 struct lxc_conf *lxc_conf, void *data)
+{
+	int len;
+	int fulllen = 0;
+
+	if (!retv)
+		inlen = 0;
+	else
+		memset(retv, 0, inlen);
+
+	strprint(retv, inlen, "%s", lxc_conf->cgroup_meta.monitor_pivot_dir);
+
+	return fulllen;
+}
+
 static int get_config_cgroup_container_dir(const char *key, char *retv,
 					   int inlen,
 					   struct lxc_conf *lxc_conf,
@@ -4756,6 +4784,14 @@ static int clr_config_cgroup_monitor_dir(const char *key,
 	return 0;
 }
 
+static int clr_config_cgroup_monitor_pivot_dir(const char *key,
+					 struct lxc_conf *lxc_conf,
+					 void *data)
+{
+	free_disarm(lxc_conf->cgroup_meta.monitor_pivot_dir);
+	return 0;
+}
+
 static int clr_config_cgroup_container_dir(const char *key,
 					   struct lxc_conf *lxc_conf,
 					   void *data)