mirror of
https://github.com/systemd/systemd.git
synced 2025-01-25 10:04:04 +03:00
Merge pull request #6893 from poettering/cgroup-delegate-yay
cgroup delegation fixes, as well as socket unit slice assignment
This commit is contained in:
Zbigniew Jędrzejewski-Szmek
GitHub
commit
efaa3176ad
@ -902,7 +902,7 @@ int cg_set_group_access(
|
|||||||
if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
|
if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
|
||||||
r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid);
|
r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_warning_errno(r, "Failed to set group access on compat systemd cgroup %s: %m", path);
|
log_debug_errno(r, "Failed to set group access on compatibility systemd cgroup %s, ignoring: %m", path);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -915,7 +915,7 @@ int cg_set_task_access(
|
|||||||
uid_t uid,
|
uid_t uid,
|
||||||
gid_t gid) {
|
gid_t gid) {
|
||||||
|
|
||||||
_cleanup_free_ char *fs = NULL, *procs = NULL;
|
_cleanup_free_ char *fs = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(path);
|
assert(path);
|
||||||
@ -926,6 +926,7 @@ int cg_set_task_access(
|
|||||||
if (mode != MODE_INVALID)
|
if (mode != MODE_INVALID)
|
||||||
mode &= 0666;
|
mode &= 0666;
|
||||||
|
|
||||||
|
/* For both the legacy and unified hierarchies, "cgroup.procs" is the main entry point for PIDs */
|
||||||
r = cg_get_path(controller, path, "cgroup.procs", &fs);
|
r = cg_get_path(controller, path, "cgroup.procs", &fs);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
@ -938,19 +939,48 @@ int cg_set_task_access(
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
if (r == 0) {
|
if (r == 0) {
|
||||||
/* Compatibility, Always keep values for "tasks" in sync with
|
const char *fn;
|
||||||
* "cgroup.procs" */
|
|
||||||
if (cg_get_path(controller, path, "tasks", &procs) >= 0)
|
/* Compatibility: on cgroupsv1 always keep values for the legacy files "tasks" and
|
||||||
(void) chmod_and_chown(procs, mode, uid, gid);
|
* "cgroup.clone_children" in sync with "cgroup.procs". Since this is legacy stuff, we don't care if
|
||||||
|
* this fails. */
|
||||||
|
|
||||||
|
FOREACH_STRING(fn,
|
||||||
|
"tasks",
|
||||||
|
"cgroup.clone_children") {
|
||||||
|
|
||||||
|
fs = mfree(fs);
|
||||||
|
|
||||||
|
r = cg_get_path(controller, path, fn, &fs);
|
||||||
|
if (r < 0)
|
||||||
|
log_debug_errno(r, "Failed to get path for %s of %s, ignoring: %m", fn, path);
|
||||||
|
|
||||||
|
r = chmod_and_chown(fs, mode, uid, gid);
|
||||||
|
if (r < 0)
|
||||||
|
log_debug_errno(r, "Failed to to change ownership/access mode for %s of %s, ignoring: %m", fn, path);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/* On the unified controller, we want to permit subtree controllers too. */
|
||||||
|
|
||||||
|
fs = mfree(fs);
|
||||||
|
r = cg_get_path(controller, path, "cgroup.subtree_control", &fs);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
r = chmod_and_chown(fs, mode, uid, gid);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = cg_hybrid_unified();
|
r = cg_hybrid_unified();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
|
if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
|
||||||
|
/* Always propagate access mode from unified to legacy controller */
|
||||||
|
|
||||||
r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid);
|
r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_warning_errno(r, "Failed to set task access on compat systemd cgroup %s: %m", path);
|
log_debug_errno(r, "Failed to set task access on compatibility systemd cgroup %s, ignoring: %m", path);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@ -397,12 +397,12 @@ static int socket_add_extras(Socket *s) {
|
|||||||
r = unit_add_exec_dependencies(u, &s->exec_context);
|
r = unit_add_exec_dependencies(u, &s->exec_context);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
r = unit_set_default_slice(u);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
r = unit_set_default_slice(u);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
r = socket_add_default_dependencies(s);
|
r = socket_add_default_dependencies(s);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|||||||
@ -4429,14 +4429,10 @@ int unit_acquire_invocation_id(Unit *u) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void unit_set_exec_params(Unit *s, ExecParameters *p) {
|
void unit_set_exec_params(Unit *u, ExecParameters *p) {
|
||||||
CGroupContext *c;
|
assert(u);
|
||||||
|
assert(p);
|
||||||
|
|
||||||
assert(s);
|
p->cgroup_path = u->cgroup_path;
|
||||||
assert(s);
|
SET_FLAG(p->flags, EXEC_CGROUP_DELEGATE, unit_cgroup_delegate(u));
|
||||||
|
|
||||||
p->cgroup_path = s->cgroup_path;
|
|
||||||
|
|
||||||
c = unit_get_cgroup_context(s);
|
|
||||||
SET_FLAG(p->flags, EXEC_CGROUP_DELEGATE, c && c->delegate);
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user