Merge pull request #3223 from brauner/flatten_cgroup_hierarchy

cgroups: flatten hierarchy

Merge pull request #3223 from brauner/flatten_cgroup_hierarchy
dc3cdf28 · Stéphane Graber · GitHub · e340fefe · aaa1ec28 · dc3cdf28
Unverified Commit dc3cdf28 authored Dec 10, 2019 by Stéphane Graber Committed by GitHub Dec 10, 2019
9 changed files
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -7,10 +7,14 @@
 #include <stddef.h>
 #include <sys/types.h>

+#include "macro.h"
+
 #define DEFAULT_CGROUP_MOUNTPOINT "/sys/fs/cgroup"
-#define PAYLOAD_CGROUP "lxc.payload"
-#define MONITOR_CGROUP "lxc.monitor"
-#define PIVOT_CGROUP "lxc.pivot"
+#define DEFAULT_PAYLOAD_CGROUP_PREFIX "lxc.payload."
+#define DEFAULT_MONITOR_CGROUP_PREFIX "lxc.monitor."
+#define CGROUP_CREATE_RETRY "-NNNN"
+#define CGROUP_CREATE_RETRY_LEN (STRLITERALLEN(CGROUP_CREATE_RETRY))
+#define CGROUP_PIVOT "lxc.pivot"

 struct lxc_handler;
 struct lxc_conf;
@@ -74,7 +78,7 @@ struct hierarchy {
 	int version;

 	/* cgroup2 only */
-	int bpf_device_controller:1;
+	unsigned int bpf_device_controller:1;
 };

 struct cgroup_ops {
@@ -90,9 +94,6 @@ struct cgroup_ops {
 	char *container_cgroup;
 	char *monitor_cgroup;

-	/* Static memory, do not free.*/
-	const char *monitor_pattern;
-
 	/* @hierarchies
 	 * - A NULL-terminated array of struct hierarchy, one per legacy
 	 *   hierarchy. No duplicates. First sufficient, writeable mounted

--- a/src/lxc/initutils.c
+++ b/src/lxc/initutils.c
@@ -84,7 +84,7 @@ const char *lxc_global_config_value(const char *option_name)
 		sprintf(user_config_path, "%s/.config/lxc/lxc.conf", user_home);
 		sprintf(user_default_config_path, "%s/.config/lxc/default.conf", user_home);
 		sprintf(user_lxc_path, "%s/.local/share/lxc/", user_home);
-		user_cgroup_pattern = strdup("lxc.payload/%n");
+		user_cgroup_pattern = strdup("%n");
 	}
 	else {
 		user_config_path = strdup(LXC_GLOBAL_CONF);

--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -510,7 +510,7 @@ static inline char *apparmor_dir(const char *ctname, const char *lxcpath)

 static inline char *apparmor_profile_full(const char *ctname, const char *lxcpath)
 {
-	return shorten_apparmor_name(must_concat("lxc-", ctname, "_<", lxcpath, ">", NULL));
+	return shorten_apparmor_name(must_concat(NULL, "lxc-", ctname, "_<", lxcpath, ">", NULL));
 }

 /* Like apparmor_profile_full() but with slashes replaced by hyphens */
@@ -639,7 +639,7 @@ static char *get_apparmor_profile_content(struct lxc_conf *conf, const char *lxc

 	profile_name_full = apparmor_profile_full(conf->name, lxcpath);

-	profile = must_concat(
+	profile = must_concat(NULL,
 "#include <tunables/global>\n"
 "profile \"", profile_name_full, "\" flags=(attach_disconnected,mediate_deleted) {\n",
 	                      NULL);
@@ -663,7 +663,7 @@ static char *get_apparmor_profile_content(struct lxc_conf *conf, const char *lxc
 		                  STRARRAYLEN(AA_PROFILE_STACKING_BASE));

 		namespace = apparmor_namespace(conf->name, lxcpath);
-		temp = must_concat("  change_profile -> \":", namespace, ":*\",\n"
+		temp = must_concat(NULL, "  change_profile -> \":", namespace, ":*\",\n"
 		                   "  change_profile -> \":", namespace, "://*\",\n",
 		                   NULL);
 		free(namespace);
@@ -682,7 +682,7 @@ static char *get_apparmor_profile_content(struct lxc_conf *conf, const char *lxc
 		if (!aa_can_stack || aa_is_stacked) {
 			char *temp;

-			temp = must_concat("  change_profile -> \"",
+			temp = must_concat(NULL, "  change_profile -> \"",
 			                   profile_name_full, "\",\n", NULL);
 			must_append_sized(&profile, &size, temp, strlen(temp));
 			free(temp);

--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1820,8 +1820,9 @@ static int lxc_spawn(struct lxc_handler *handler)
 		goto out_delete_net;
 	}

-	if (!cgroup_ops->payload_enter(cgroup_ops, handler))
+	if (!cgroup_ops->payload_enter(cgroup_ops, handler)) {
 		goto out_delete_net;
+	}

 	if (!cgroup_ops->payload_delegate_controllers(cgroup_ops)) {
 		ERROR("Failed to delegate controllers to payload cgroup");

--- a/src/lxc/string_utils.c
+++ b/src/lxc/string_utils.c
@@ -730,7 +730,7 @@ int lxc_safe_long_long(const char *numstr, long long int *converted)
 	return 0;
 }

-char *must_concat(const char *first, ...)
+char *must_concat(size_t *len, const char *first, ...)
 {
 	va_list args;
 	char *cur, *dest;
@@ -751,6 +751,8 @@ char *must_concat(const char *first, ...)
 	va_end(args);

 	dest[cur_len] = '\0';
+	if (len)
+		*len = cur_len;
 	return dest;
 }


--- a/src/lxc/string_utils.h
+++ b/src/lxc/string_utils.h
@@ -79,7 +79,7 @@ extern int parse_byte_size_string(const char *s, int64_t *converted);
 * Concatenate all passed-in strings into one path. Do not fail. If any piece
 * is not prefixed with '/', add a '/'.
 */
-__attribute__((sentinel)) extern char *must_concat(const char *first, ...);
+__attribute__((sentinel)) extern char *must_concat(size_t *len, const char *first, ...);
 __attribute__((sentinel)) extern char *must_make_path(const char *first, ...);
 __attribute__((sentinel)) extern char *must_append_path(char *first, ...);


--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -199,13 +199,6 @@ extern int run_command(char *buf, size_t buf_size, int (*child_fn)(void *),
 extern int run_command_status(char *buf, size_t buf_size, int (*child_fn)(void *),
 		       void *args);

-/* Concatenate all passed-in strings into one path. Do not fail. If any piece
- * is not prefixed with '/', add a '/'.
- */
-__attribute__((sentinel)) extern char *must_concat(const char *first, ...);
-__attribute__((sentinel)) extern char *must_make_path(const char *first, ...);
-__attribute__((sentinel)) extern char *must_append_path(char *first, ...);
-
 /* return copy of string @entry;  do not fail. */
 extern char *must_copy_string(const char *entry);


--- a/src/tests/cgpath.c
+++ b/src/tests/cgpath.c
@@ -46,11 +46,9 @@
 /*
 * test_running_container: test cgroup functions against a running container
 *
- * @group : name of the container group or NULL for default "lxc"
 * @name  : name of the container
 */
-static int test_running_container(const char *lxcpath,
-				  const char *group, const char *name)
+static int test_running_container(const char *lxcpath, const char *name)
 {
 	int ret = -1;
 	struct lxc_container *c = NULL;
@@ -59,7 +57,7 @@ static int test_running_container(const char *lxcpath,
 	char  value[NAME_MAX], value_save[NAME_MAX];
 	struct cgroup_ops *cgroup_ops;

-	sprintf(relpath, "%s/%s", group ? group : "lxc.payload", name);
+	sprintf(relpath, DEFAULT_PAYLOAD_CGROUP_PREFIX "%s", name);

 	if ((c = lxc_container_new(name, lxcpath)) == NULL) {
 		TSTERR("container %s couldn't instantiate", name);
@@ -128,8 +126,7 @@ err1:
 	return ret;
 }

-static int test_container(const char *lxcpath,
-			  const char *group, const char *name,
+static int test_container(const char *lxcpath, const char *name,
 			  const char *template)
 {
 	int ret;
@@ -165,7 +162,7 @@ static int test_container(const char *lxcpath,
 		goto out3;
 	}

-	ret = test_running_container(lxcpath, group, name);
+	ret = test_running_container(lxcpath, name);

 	c->stop(c);
 out3:
@@ -195,17 +192,17 @@ int main()
 	 * the container ourselves because valgrind gets confused by lxc's
 	 * internal calls to clone.
 	 */
-	if (test_running_container(NULL, NULL, "bb01") < 0)
+	if (test_running_container(NULL, "bb01") < 0)
 		goto out;
 	printf("Running container cgroup tests...Passed\n");

 	#else

-	if (test_container(NULL, NULL, MYNAME, "busybox") < 0)
+	if (test_container(NULL, MYNAME, "busybox") < 0)
 		goto out;
 	printf("Container creation tests...Passed\n");

-	if (test_container("/var/lib/lxctest2", NULL, MYNAME, "busybox") < 0)
+	if (test_container("/var/lib/lxctest2", MYNAME, "busybox") < 0)
 		goto out;
 	printf("Container creation with LXCPATH tests...Passed\n");