support pure cgroupv2 environments

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-06-10 12:03:28 +02:00 · 2021-06-10 12:03:28 +02:00 · fe73c2fb92
commit fe73c2fb92
parent b5019f1a23
3 changed files with 17 additions and 4 deletions
--- a/src/process/cgroups.rs
+++ b/src/process/cgroups.rs
@ -3,7 +3,7 @@ use std::ffi::{OsStr, OsString};

 #[derive(Default)]
 pub struct CGroups {
-    pub v1: HashMap<String, OsString>,
+    pub v1: Option<HashMap<String, OsString>>,
    pub v2: Option<OsString>,
 }

@ -13,10 +13,16 @@ impl CGroups {
    }

    pub fn get(&self, name: &str) -> Option<&OsStr> {
-        self.v1.get(name).map(|s| s.as_os_str())
+        self.v1
+            .as_ref()
+            .and_then(|v1| v1.get(name).map(|s| s.as_os_str()))
    }

    pub fn v2(&self) -> Option<&OsStr> {
        self.v2.as_ref().map(|s| s.as_os_str())
    }
+
+    pub fn has_v1(&self) -> bool {
+        self.v1.is_some()
+    }
 }
--- a/src/process/pid_fd.rs
+++ b/src/process/pid_fd.rs
@ -222,7 +222,10 @@ impl PidFd {
                cgroups.v2 = Some(path);
            } else {
                for entry in name.split(',') {
-                    cgroups.v1.insert(entry.to_string(), path.clone());
+                    cgroups
+                        .v1
+                        .get_or_insert_with(Default::default)
+                        .insert(entry.to_string(), path.clone());
                }
            }
        }
--- a/src/process/user_caps.rs
+++ b/src/process/user_caps.rs
@ -47,6 +47,7 @@ pub struct UserCaps<'a> {
    capabilities: Capabilities,
    umask: libc::mode_t,
    cgroup_v1_devices: Option<OsString>,
+    cgroup_v2_base: &'static str,
    cgroup_v2: Option<OsString>,
    apparmor_profile: Option<OsString>,
 }
@ -67,12 +68,15 @@ impl UserCaps<'_> {
            capabilities: status.capabilities,
            umask: status.umask,
            cgroup_v1_devices: cgroups.get("devices").map(|s| s.to_owned()),
+            cgroup_v2_base: if cgroups.has_v1() { "unified/" } else { "" },
            cgroup_v2: cgroups.v2().map(|s| s.to_owned()),
            apparmor_profile,
        })
    }

    fn apply_cgroups(&self) -> io::Result<()> {
+        // FIXME: Handle `kind` taking /proc/self/mountinfo into account instead of assuming
+        // "unified/"
        fn enter_cgroup(kind: &str, name: &OsStr) -> io::Result<()> {
            let mut path = OsString::with_capacity(15 + kind.len() + name.len() + 13 + 1);
            path.push(OsStr::from_bytes(b"/sys/fs/cgroup/"));
@ -87,7 +91,7 @@ impl UserCaps<'_> {
        }

        if let Some(ref cg) = self.cgroup_v2 {
-            enter_cgroup("unified/", cg)?;
+            enter_cgroup(self.cgroup_v2_base, cg)?;
        }

        Ok(())