cgroup-util: Handle capsule@ paths like user@ paths (#36664)

The capsule instances are related to user instances, so treat them equally to user@.service when handling cgroup paths. This also saves us from polluting public libsystemd API with variant for capsules too. Fix: https://github.com/systemd/systemd/issues/36098
2025-03-28 02:50:16 +03:00 · 2025-03-11 12:03:57 +01:00 · 2025-03-11 12:03:57 +01:00 · a9178dbdd9
commit a9178dbdd9
parent f8a09ace1d 6c5703f9bc
6 changed files with 32 additions and 12 deletions
--- a/src/shared/capsule-util.c
+++ b/src/shared/capsule-util.c
--- a/src/shared/capsule-util.h
+++ b/src/shared/capsule-util.h
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@ -12,6 +12,7 @@
 #include <unistd.h>

 #include "alloc-util.h"
+#include "capsule-util.h"
 #include "cgroup-util.h"
 #include "constants.h"
 #include "dirent-util.h"
@ -1284,7 +1285,7 @@ static const char *skip_session(const char *p) {
 }

 /**
- * Skip user@*.service, but require it to be there.
+ * Skip user@*.service or capsule@*.service, but require either of them to be there.
 */
 static const char *skip_user_manager(const char *p) {
        size_t n;
@ -1295,26 +1296,37 @@ static const char *skip_user_manager(const char *p) {
        p += strspn(p, "/");

        n = strcspn(p, "/");
-        if (n < STRLEN("user@x.service"))
+        if (n < CONST_MIN(STRLEN("user@x.service"), STRLEN("capsule@x.service")))
                return NULL;

-        if (memcmp(p, "user@", 5) == 0 && memcmp(p + n - 8, ".service", 8) == 0) {
-                char buf[n - 5 - 8 + 1];
+        /* Any possible errors from functions called below are converted to NULL return, so our callers won't
+         * resolve user/capsule name. */
+        _cleanup_free_ char *unit_name = strndup(p, n);
+        if (!unit_name)
+                return NULL;

-                memcpy(buf, p + 5, n - 5 - 8);
-                buf[n - 5 - 8] = 0;
+        _cleanup_free_ char *i = NULL;
+        UnitNameFlags type = unit_name_to_instance(unit_name, &i);

-                /* Note that user manager services never need unescaping,
-                 * since they cannot conflict with the kernel's own
-                 * names, hence we don't need to call cg_unescape()
-                 * here. */
+        if (type != UNIT_NAME_INSTANCE)
+                return NULL;

-                if (parse_uid(buf, NULL) < 0)
+        /* Note that user manager services never need unescaping, since they cannot conflict with the
+         * kernel's own names, hence we don't need to call cg_unescape() here.  Prudently check validity of
+         * instance names, they should be always valid as we validate them upon unit start. */
+        if (startswith(unit_name, "user@")) {
+                if (parse_uid(i, NULL) < 0)
                        return NULL;

                p += n;
                p += strspn(p, "/");
+                return p;
+        } else if (startswith(unit_name, "capsule@")) {
+                if (capsule_name_is_valid(i) <= 0)
+                        return NULL;

+                p += n;
+                p += strspn(p, "/");
                return p;
        }

--- a/src/basic/meson.build
+++ b/src/basic/meson.build
@ -14,6 +14,7 @@ basic_sources = files(
        'bus-label.c',
        'cap-list.c',
        'capability-util.c',
+        'capsule-util.c',
        'cgroup-util.c',
        'chase.c',
        'chattr-util.c',
--- a/src/shared/meson.build
+++ b/src/shared/meson.build
@ -148,7 +148,6 @@ shared_sources = files(
        'polkit-agent.c',
        'portable-util.c',
        'pretty-print.c',
-        'capsule-util.c',
        'ptyfwd.c',
        'qrcode-util.c',
        'quota-util.c',
--- a/src/test/test-cgroup-util.c
+++ b/src/test/test-cgroup-util.c
@ -113,6 +113,9 @@ TEST(path_get_user_unit) {
        check_p_g_u_u("/user.slice/user-1000.slice/user@1000.service/server.service", 0, "server.service");
        check_p_g_u_u("/user.slice/user-1000.slice/user@1000.service/foobar.slice/foobar@pie.service", 0, "foobar@pie.service");
        check_p_g_u_u("/user.slice/user-1000.slice/user@.service/server.service", -ENXIO, NULL);
+        check_p_g_u_u("/capsule.slice/capsule@test.service/app.slice/run-p9-i1.service", 0, "run-p9-i1.service");
+        check_p_g_u_u("/capsule.slice/capsule@usr-joe.service/foo.slice/foo-bar.slice/run-p9-i1.service", 0, "run-p9-i1.service");
+        check_p_g_u_u("/capsule.slice/capsule@#.service/foo.slice/foo-bar.slice/run-p9-i1.service", -ENXIO, NULL);
 }

 static void check_p_g_s(const char *path, int code, const char *result) {
@ -157,6 +160,7 @@ TEST(path_get_slice) {
        check_p_g_slice("foobar", 0, SPECIAL_ROOT_SLICE);
        check_p_g_slice("foobar.slice", 0, "foobar.slice");
        check_p_g_slice("foo.slice/foo-bar.slice/waldo.service", 0, "foo-bar.slice");
+        check_p_g_slice("/capsule.slice/capsule@test.service/app.slice/run-p9-i1.service", 0, "capsule.slice");
 }

 static void check_p_g_u_slice(const char *path, int code, const char *result) {
@ -181,6 +185,10 @@ TEST(path_get_user_slice) {
        check_p_g_u_slice("foo.slice/foo-bar.slice/user@1000.service/waldo.service", 0, SPECIAL_ROOT_SLICE);
        check_p_g_u_slice("foo.slice/foo-bar.slice/user@1000.service/piep.slice/foo.service", 0, "piep.slice");
        check_p_g_u_slice("/foo.slice//foo-bar.slice/user@1000.service/piep.slice//piep-pap.slice//foo.service", 0, "piep-pap.slice");
+
+        check_p_g_u_slice("/capsule.slice/capsule@test.service/app.slice/run-p9-i1.service", 0, "app.slice");
+        check_p_g_u_slice("/capsule.slice/capsule@usr-joe.service/app.slice/run-p9-i1.service", 0, "app.slice");
+        check_p_g_u_slice("/capsule.slice/capsule@usr-joe.service/foo.slice/foo-bar.slice/run-p9-i1.service", 0, "foo-bar.slice");
 }

 TEST(get_paths, .sd_booted = true) {