cgfsng: respect lxc.cgroup.use

If lxc.cgroup.use is specified then only those controllers listed in there will be used others will be skipped. Closes #2447. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: respect lxc.cgroup.use
b7b18fc5 · Christian Brauner · 15dcdac4 · b7b18fc5 · b7b18fc5 · b7b18fc5
Unverified Commit b7b18fc5 authored Jul 04, 2018 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 54 additions and 9 deletions

cgfsng.c src/lxc/cgroups/cgfsng.c +48 -7

cgroup.c src/lxc/cgroups/cgroup.c +5 -1

cgroup.h src/lxc/cgroups/cgroup.h +1 -1

No files found.
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -695,8 +695,7 @@ static bool controller_found(struct hierarchy **hlist, char *entry)
 */
 static bool all_controllers_found(struct cgroup_ops *ops)
 {
-	char *p;
+	char **cur;
-	char *saveptr = NULL;
 	struct hierarchy **hlist = ops->hierarchies;
 	if (!controller_found(hlist, "freezer")) {
@@ -707,9 +706,9 @@ static bool all_controllers_found(struct cgroup_ops *ops)
 	if (!ops->cgroup_use)
 		return true;
-	for (; (p = strtok_r(ops->cgroup_use, ",", &saveptr)); ops->cgroup_use = NULL)
+	for (cur = ops->cgroup_use; cur && *cur; cur++)
-		if (!controller_found(hlist, p)) {
+		if (!controller_found(hlist, *cur)) {
-			ERROR("No %s controller mountpoint found", p);
+			ERROR("No %s controller mountpoint found", *cur);
 			return false;
 		}
@@ -2251,6 +2250,34 @@ static bool cgfsng_setup_limits(struct cgroup_ops *ops, struct lxc_conf *conf,
 	return __cg_unified_setup_limits(ops, &conf->cgroup2);
 }
+static bool cgroup_use_wants_controllers(const struct cgroup_ops *ops,
+				       char **controllers)
+{
+	char **cur_ctrl, **cur_use;
+	if (!ops->cgroup_use)
+		return true;
+	for (cur_ctrl = controllers; cur_ctrl && *cur_ctrl; cur_ctrl++) {
+		bool found = false;
+		for (cur_use = ops->cgroup_use; cur_use && *cur_use; cur_use++) {
+			if (strcmp(*cur_use, *cur_ctrl) != 0)
+				continue;
+			found = true;
+			break;
+		}
+		if (found)
+			continue;
+		return false;
+	}
+	return true;
+}
 /* At startup, parse_hierarchies finds all the info we need about cgroup
 * mountpoints and current cgroups, and stores it in @d.
 */
@@ -2366,6 +2393,10 @@ static bool cg_hybrid_init(struct cgroup_ops *ops)
 			}
 		}
+		/* Exclude all controllers that cgroup use does not want. */
+		if (!cgroup_use_wants_controllers(ops, controller_list))
+			goto next;
 		new = add_hierarchy(&ops->hierarchies, controller_list, mountpoint, base_cgroup, type);
 		if (type == CGROUP2_SUPER_MAGIC && !ops->unified)
 			ops->unified = new;
@@ -2498,8 +2529,18 @@ static bool cg_init(struct cgroup_ops *ops)
 	const char *tmp;
 	tmp = lxc_global_config_value("lxc.cgroup.use");
-	if (tmp)
+	if (tmp) {
-		ops->cgroup_use = must_copy_string(tmp);
+		char *chop, *cur, *pin;
+		char *saveptr = NULL;
+		pin = must_copy_string(tmp);
+		chop = pin;
+		for (; (cur = strtok_r(chop, ",", &saveptr)); chop = NULL)
+			must_append_string(&ops->cgroup_use, cur);
+		free(pin);
+	}
 	ret = cg_unified_init(ops);
 	if (ret < 0)

--- a/src/lxc/cgroups/cgroup.c
+++ b/src/lxc/cgroups/cgroup.c
@@ -21,6 +21,7 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 */
+#include <stdlib.h>
 #include <unistd.h>
 #include <sys/types.h>
@@ -63,12 +64,15 @@ struct cgroup_ops *cgroup_init(struct lxc_handler *handler)
 void cgroup_exit(struct cgroup_ops *ops)
 {
+	char **cur;
 	struct hierarchy **it;
 	if (!ops)
 		return;
-	free(ops->cgroup_use);
+	for (cur = ops->cgroup_use; cur && *cur; cur++)
+		free(*cur);
 	free(ops->cgroup_pattern);
 	free(ops->container_cgroup);

--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -89,7 +89,7 @@ struct cgroup_ops {
 	const char *version;
 	/* What controllers is the container supposed to use. */
-	char *cgroup_use;
+	char **cgroup_use;
 	char *cgroup_pattern;
 	char *container_cgroup;