Skip to content

L
lxc
Unverified Commit 92adc689 by Christian Brauner
Options

cgroups/cgfsng: rework cgroup removal

Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
parent add8018e
Showing with 43 additions and 102 deletions
src/lxc/cgroups/cgfsng.c
...@@ -382,7 +382,6 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup, ...@@ -382,7 +382,6 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup,
ssize_t maxisol = 0, maxoffline = 0, maxposs = 0; ssize_t maxisol = 0, maxoffline = 0, maxposs = 0;
bool flipped_bit = false; bool flipped_bit = false;
SYSERROR("AAAA: %s | %s", parent_cgroup, child_cgroup);
fpath = must_make_path(parent_cgroup, "cpuset.cpus", NULL); fpath = must_make_path(parent_cgroup, "cpuset.cpus", NULL);
posscpus = read_file(fpath); posscpus = read_file(fpath);
if (!posscpus) if (!posscpus)
...@@ -998,12 +997,10 @@ static void lxc_cgfsng_print_basecg_debuginfo(char *basecginfo, char **klist, ...@@ -998,12 +997,10 @@ static void lxc_cgfsng_print_basecg_debuginfo(char *basecginfo, char **klist,
static int cgroup_rmdir(struct hierarchy **hierarchies, static int cgroup_rmdir(struct hierarchy **hierarchies,
const char *container_cgroup) const char *container_cgroup)
{ {
int i;
if (!container_cgroup || !hierarchies) if (!container_cgroup || !hierarchies)
return 0; return 0;
for (i = 0; hierarchies[i]; i++) { for (int i = 0; hierarchies[i]; i++) {
int ret; int ret;
struct hierarchy *h = hierarchies[i]; struct hierarchy *h = hierarchies[i];
...@@ -1031,30 +1028,26 @@ struct generic_userns_exec_data { ...@@ -1031,30 +1028,26 @@ struct generic_userns_exec_data {
static int cgroup_rmdir_wrapper(void *data) static int cgroup_rmdir_wrapper(void *data)
{ {
int ret;
struct generic_userns_exec_data *arg = data; struct generic_userns_exec_data *arg = data;
uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid; uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid;
gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid; gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid;
int ret;
ret = setresgid(nsgid, nsgid, nsgid); ret = setresgid(nsgid, nsgid, nsgid);
if (ret < 0) { if (ret < 0)
SYSERROR("Failed to setresgid(%d, %d, %d)", (int)nsgid, return log_error_errno(-1, errno,
(int)nsgid, (int)nsgid); "Failed to setresgid(%d, %d, %d)",
return -1; (int)nsgid, (int)nsgid, (int)nsgid);
}
ret = setresuid(nsuid, nsuid, nsuid); ret = setresuid(nsuid, nsuid, nsuid);
if (ret < 0) { if (ret < 0)
SYSERROR("Failed to setresuid(%d, %d, %d)", (int)nsuid, return log_error_errno(-1, errno,
(int)nsuid, (int)nsuid); "Failed to setresuid(%d, %d, %d)",
return -1; (int)nsuid, (int)nsuid, (int)nsuid);
}
ret = setgroups(0, NULL); ret = setgroups(0, NULL);
if (ret < 0 && errno != EPERM) { if (ret < 0 && errno != EPERM)
SYSERROR("Failed to setgroups(0, NULL)"); return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)");
return -1;
}
return cgroup_rmdir(arg->hierarchies, arg->container_cgroup); return cgroup_rmdir(arg->hierarchies, arg->container_cgroup);
} }
...@@ -1063,7 +1056,6 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops, ...@@ -1063,7 +1056,6 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops,
struct lxc_handler *handler) struct lxc_handler *handler)
{ {
int ret; int ret;
struct generic_userns_exec_data wrap;
if (!ops) if (!ops)
log_error_errno(return, ENOENT, "Called with uninitialized cgroup operations"); log_error_errno(return, ENOENT, "Called with uninitialized cgroup operations");
...@@ -1077,26 +1069,26 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops, ...@@ -1077,26 +1069,26 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops,
if (!handler->conf) if (!handler->conf)
log_error_errno(return, EINVAL, "Called with uninitialized conf"); log_error_errno(return, EINVAL, "Called with uninitialized conf");
wrap.origuid = 0;
wrap.container_cgroup = ops->container_cgroup;
wrap.hierarchies = ops->hierarchies;
wrap.conf = handler->conf;
#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX #ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
ret = bpf_program_cgroup_detach(handler->conf->cgroup2_devices); ret = bpf_program_cgroup_detach(handler->conf->cgroup2_devices);
if (ret < 0) if (ret < 0)
WARN("Failed to detach bpf program from cgroup"); WARN("Failed to detach bpf program from cgroup");
#endif #endif
if (handler->conf && !lxc_list_empty(&handler->conf->id_map)) if (handler->conf && !lxc_list_empty(&handler->conf->id_map)) {
struct generic_userns_exec_data wrap = {
.origuid = 0,
.container_cgroup = ops->container_cgroup,
.hierarchies = ops->hierarchies,
.conf = handler->conf,
};
ret = userns_exec_1(handler->conf, cgroup_rmdir_wrapper, &wrap, ret = userns_exec_1(handler->conf, cgroup_rmdir_wrapper, &wrap,
"cgroup_rmdir_wrapper"); "cgroup_rmdir_wrapper");
else } else {
ret = cgroup_rmdir(ops->hierarchies, ops->container_cgroup); ret = cgroup_rmdir(ops->hierarchies, ops->container_cgroup);
if (ret < 0) {
WARN("Failed to destroy cgroups");
return;
} }
if (ret < 0)
log_warn_errno(return, errno, "Failed to destroy cgroups");
} }
__cgfsng_ops static void cgfsng_monitor_destroy(struct cgroup_ops *ops, __cgfsng_ops static void cgfsng_monitor_destroy(struct cgroup_ops *ops,
...@@ -1104,7 +1096,6 @@ __cgfsng_ops static void cgfsng_monitor_destroy(struct cgroup_ops *ops, ...@@ -1104,7 +1096,6 @@ __cgfsng_ops static void cgfsng_monitor_destroy(struct cgroup_ops *ops,
{ {
int len; int len;
char pidstr[INTTYPE_TO_STRLEN(pid_t)]; char pidstr[INTTYPE_TO_STRLEN(pid_t)];
struct lxc_conf *conf;
if (!ops) if (!ops)
log_error_errno(return, ENOENT, "Called with uninitialized cgroup operations"); log_error_errno(return, ENOENT, "Called with uninitialized cgroup operations");
...@@ -1115,56 +1106,24 @@ __cgfsng_ops static void cgfsng_monitor_destroy(struct cgroup_ops *ops, ...@@ -1115,56 +1106,24 @@ __cgfsng_ops static void cgfsng_monitor_destroy(struct cgroup_ops *ops,
if (!handler) if (!handler)
log_error_errno(return, EINVAL, "Called with uninitialized handler"); log_error_errno(return, EINVAL, "Called with uninitialized handler");
if (!handler->conf)
log_error_errno(return, EINVAL, "Called with uninitialized conf");
conf = handler->conf;
len = snprintf(pidstr, sizeof(pidstr), "%d", handler->monitor_pid); len = snprintf(pidstr, sizeof(pidstr), "%d", handler->monitor_pid);
if (len < 0 || (size_t)len >= sizeof(pidstr)) if (len < 0 || (size_t)len >= sizeof(pidstr))
return; return;
for (int i = 0; ops->hierarchies[i]; i++) { for (int i = 0; ops->hierarchies[i]; i++) {
__do_free char *pivot_path = NULL; __do_free char *base_path = NULL;
char pivot_cgroup[] = CGROUP_PIVOT;
struct hierarchy *h = ops->hierarchies[i]; struct hierarchy *h = ops->hierarchies[i];
int ret; int ret;
if (!h->monitor_full_path) if (!h->monitor_full_path)
continue; continue;
if (conf && conf->cgroup_meta.dir) base_path = must_make_path(h->mountpoint, h->container_base_path, NULL);
pivot_path = must_make_path(h->mountpoint, ret = lxc_write_openat(base_path, "cgroup.procs", pidstr, len);
h->container_base_path,
conf->cgroup_meta.dir,
CGROUP_PIVOT, NULL);
else
pivot_path = must_make_path(h->mountpoint,
h->container_base_path,
CGROUP_PIVOT, NULL);
/*
* Make sure not to pass in the ro string literal CGROUP_PIVOT
* here.
*/
if (cg_legacy_handle_cpuset_hierarchy(h, pivot_cgroup) < 0)
log_warn_errno(continue, errno, "Failed to handle legacy cpuset controller");
ret = mkdir_p(pivot_path, 0755);
if (ret < 0 && errno != EEXIST)
log_warn_errno(continue, errno,
"Failed to create cgroup \"%s\"\n",
pivot_path);
/*
* Move ourselves into the pivot cgroup to delete our own
* cgroup.
*/
ret = lxc_write_openat(pivot_path, "cgroup.procs", pidstr, len);
if (ret != 0) if (ret != 0)
log_warn_errno(continue, errno, log_warn_errno(continue, errno,
"Failed to move monitor %s to \"%s\"\n", "Failed to move monitor %s to \"%s\"",
pidstr, pivot_path); pidstr, base_path);
ret = recursive_destroy(h->monitor_full_path); ret = recursive_destroy(h->monitor_full_path);
if (ret < 0) if (ret < 0)
......
src/lxc/cgroups/cgroup.h
...@@ -14,7 +14,6 @@ ...@@ -14,7 +14,6 @@
#define DEFAULT_MONITOR_CGROUP_PREFIX "lxc.monitor." #define DEFAULT_MONITOR_CGROUP_PREFIX "lxc.monitor."
#define CGROUP_CREATE_RETRY "-NNNN" #define CGROUP_CREATE_RETRY "-NNNN"
#define CGROUP_CREATE_RETRY_LEN (STRLITERALLEN(CGROUP_CREATE_RETRY)) #define CGROUP_CREATE_RETRY_LEN (STRLITERALLEN(CGROUP_CREATE_RETRY))
#define CGROUP_PIVOT "lxc.pivot"
struct lxc_handler; struct lxc_handler;
struct lxc_conf; struct lxc_conf;
......
src/lxc/file_utils.c
...@@ -13,6 +13,7 @@ ...@@ -13,6 +13,7 @@
#include "config.h" #include "config.h"
#include "file_utils.h" #include "file_utils.h"
#include "log.h"
#include "macro.h" #include "macro.h"
#include "memory_utils.h" #include "memory_utils.h"
#include "string_utils.h" #include "string_utils.h"
......
src/lxc/utils.c
...@@ -1783,21 +1783,19 @@ int fd_cloexec(int fd, bool cloexec) ...@@ -1783,21 +1783,19 @@ int fd_cloexec(int fd, bool cloexec)
return 0; return 0;
} }
int recursive_destroy(char *dirname) int recursive_destroy(const char *dirname)
{ {
__do_closedir DIR *dir = NULL;
int fret = 0;
int ret; int ret;
struct dirent *direntp; struct dirent *direntp;
DIR *dir;
int r = 0;
dir = opendir(dirname); dir = opendir(dirname);
if (!dir) { if (!dir)
SYSERROR("Failed to open dir \"%s\"", dirname); return log_error_errno(-1, errno, "Failed to open dir \"%s\"", dirname);
return -1;
}
while ((direntp = readdir(dir))) { while ((direntp = readdir(dir))) {
char *pathname; __do_free char *pathname = NULL;
struct stat mystat; struct stat mystat;
if (!strcmp(direntp->d_name, ".") || if (!strcmp(direntp->d_name, ".") ||
...@@ -1805,44 +1803,28 @@ int recursive_destroy(char *dirname) ...@@ -1805,44 +1803,28 @@ int recursive_destroy(char *dirname)
continue; continue;
pathname = must_make_path(dirname, direntp->d_name, NULL); pathname = must_make_path(dirname, direntp->d_name, NULL);
ret = lstat(pathname, &mystat); ret = lstat(pathname, &mystat);
if (ret < 0) { if (ret < 0) {
if (!r) if (!fret)
SYSWARN("Failed to stat \"%s\"", pathname); SYSWARN("Failed to stat \"%s\"", pathname);
r = -1; fret = -1;
goto next; continue;
} }
if (!S_ISDIR(mystat.st_mode)) if (!S_ISDIR(mystat.st_mode))
goto next; continue;
ret = recursive_destroy(pathname); ret = recursive_destroy(pathname);
if (ret < 0) if (ret < 0)
r = -1; fret = -1;
next:
free(pathname);
} }
ret = rmdir(dirname); ret = rmdir(dirname);
if (ret < 0) { if (ret < 0)
if (!r) return log_warn_errno(-1, errno, "Failed to delete \"%s\"", dirname);
SYSWARN("Failed to delete \"%s\"", dirname);
r = -1;
}
ret = closedir(dir);
if (ret < 0) {
if (!r)
SYSWARN("Failed to delete \"%s\"", dirname);
r = -1;
}
return r; return fret;
} }
int lxc_setup_keyring(void) int lxc_setup_keyring(void)
......
src/lxc/utils.h
...@@ -230,7 +230,7 @@ extern uint64_t lxc_find_next_power2(uint64_t n); ...@@ -230,7 +230,7 @@ extern uint64_t lxc_find_next_power2(uint64_t n);
/* Set a signal the child process will receive after the parent has died. */ /* Set a signal the child process will receive after the parent has died. */
extern int lxc_set_death_signal(int signal, pid_t parent, int parent_status_fd); extern int lxc_set_death_signal(int signal, pid_t parent, int parent_status_fd);
extern int fd_cloexec(int fd, bool cloexec); extern int fd_cloexec(int fd, bool cloexec);
extern int recursive_destroy(char *dirname); extern int recursive_destroy(const char *dirname);
extern int lxc_setup_keyring(void); extern int lxc_setup_keyring(void);
#endif /* __LXC_UTILS_H */ #endif /* __LXC_UTILS_H */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment