shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Code

nspawn: add SYSTEMD_NSPAWN_USE_CGNS env variable (#3809)

Browse Source 
SYSTEMD_NSPAWN_USE_CGNS allows to disable the use of cgroup namespaces.
This commit is contained in:
Christian Brauner 2016-07-26 16:49:15 +02:00 committed by Lennart Poettering
parent 1d3c86c06f
commit 5a8ff0e61d
3 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/nspawn/nspawn-mount.c
View File

@ -916,11 +916,12 @@ int mount_cgroups(
const char *dest,
bool unified_requested,
bool userns, uid_t uid_shift, uid_t uid_range,
const char *selinux_apifs_context) {
const char *selinux_apifs_context,
bool use_cgns) {
if (unified_requested)
return mount_unified_cgroups(dest);
else if (cg_ns_supported())
else if (use_cgns && cg_ns_supported())
return mount_legacy_cgns_supported(userns, uid_shift, uid_range, selinux_apifs_context);
return mount_legacy_cgns_unsupported(dest, userns, uid_shift, uid_range, selinux_apifs_context);

2
src/nspawn/nspawn-mount.h
View File

@ -58,7 +58,7 @@ int custom_mount_compare(const void *a, const void *b);
int mount_all(const char *dest, bool use_userns, bool in_userns, bool use_netns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context);
int mount_sysfs(const char *dest);
int mount_cgroups(const char *dest, bool unified_requested, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context);
int mount_cgroups(const char *dest, bool unified_requested, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context, bool use_cgns);
int mount_systemd_cgroup_writable(const char *dest, bool unified_requested);
int mount_custom(const char *dest, CustomMount *mounts, unsigned n, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context);

17
src/nspawn/nspawn.c
View File

@ -194,6 +194,7 @@ static int arg_settings_trusted = -1;
static char **arg_parameters = NULL;
static const char *arg_container_service_name = "systemd-nspawn";
static bool arg_notify_ready = false;
static bool arg_use_cgns = true;
static void help(void) {
printf("%s [OPTIONS...] [PATH] [ARGUMENTS...]\n\n"
@ -1104,6 +1105,12 @@ static int parse_argv(int argc, char *argv[]) {
if (e)
arg_container_service_name = e;
r = getenv_bool("SYSTEMD_NSPAWN_USE_CGNS");
if (r < 0)
arg_use_cgns = cg_ns_supported();
else
arg_use_cgns = r;
return 1;
}
@ -2628,7 +2635,7 @@ static int inner_child(
return -ESRCH;
}
if (cg_ns_supported()) {
if (arg_use_cgns && cg_ns_supported()) {
r = unshare(CLONE_NEWCGROUP);
if (r < 0)
return log_error_errno(errno, "Failed to unshare cgroup namespace");
@ -2638,7 +2645,8 @@ static int inner_child(
arg_userns_mode != USER_NAMESPACE_NO,
arg_uid_shift,
arg_uid_range,
arg_selinux_apifs_context);
arg_selinux_apifs_context,
arg_use_cgns);
if (r < 0)
return r;
} else {
@ -3029,14 +3037,15 @@ static int outer_child(
if (r < 0)
return r;
if (!cg_ns_supported()) {
if (!arg_use_cgns || !cg_ns_supported()) {
r = mount_cgroups(
directory,
arg_unified_cgroup_hierarchy,
arg_userns_mode != USER_NAMESPACE_NO,
arg_uid_shift,
arg_uid_range,
arg_selinux_apifs_context);
arg_selinux_apifs_context,
arg_use_cgns);
if (r < 0)
return r;
}