Quoting Christian Seiler (christ...@iwakd.de):
> This patch splits off ns legacy cgroup handling from main cgroup
> handling. It moves the creation of the cgroups before clone(), so that
> the child will easily know which cgroups it will later belong to. Since
> this is not possible for the renaming of the 'ns' cgroup, keep that
> part after clone.
>
> Signed-off-by: Christian Seiler <christ...@iwakd.de>
Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com>
> ---
> src/lxc/cgroup.c | 61
> +++++++++++++++++++++++++++++++++++-------------------
> src/lxc/cgroup.h | 3 ++-
> src/lxc/start.c | 15 ++++++++++++--
> 3 files changed, 55 insertions(+), 24 deletions(-)
>
> diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
> index aaee546..ad95fc4 100644
> --- a/src/lxc/cgroup.c
> +++ b/src/lxc/cgroup.c
> @@ -604,7 +604,7 @@ static char *cgroup_rename_nsgroup(const char *mountpath,
> const char *oldname, p
> }
>
> /* create a new cgroup */
> -extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const
> char *path_pattern, struct cgroup_meta_data *meta_data, const char
> *sub_pattern, pid_t pid)
> +extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const
> char *path_pattern, struct cgroup_meta_data *meta_data, const char
> *sub_pattern)
> {
> char **cgroup_path_components = NULL;
> char **p = NULL;
> @@ -826,27 +826,16 @@ extern struct cgroup_process_info
> *lxc_cgroup_create(const char *name, const cha
>
> /* we're done, now update the paths */
> for (i = 0, info_ptr = base_info; info_ptr; info_ptr = info_ptr->next,
> i++) {
> - /*
> - * For any path which has ns cgroup mounted, handler->pid is
> already
> - * moved into a container called '%d % (handler->pid)'. Rename
> it to
> - * the cgroup name and record that.
> + /* ignore legacy 'ns' subsystem here, lxc_cgroup_create_legacy
> + * will take care of it
> + * Since we do a continue in above loop, new_cgroup_paths[i] is
> + * unset anyway, as is new_cgroup_paths_sub[i]
> */
> - if (lxc_string_in_array("ns", (const char
> **)info_ptr->hierarchy->subsystems)) {
> - char *tmp = cgroup_rename_nsgroup((const char
> *)info_ptr->designated_mount_point->mount_point,
> - info_ptr->cgroup_path, pid, name);
> - if (!tmp)
> - goto out_initial_error;
> - free(info_ptr->cgroup_path);
> - info_ptr->cgroup_path = tmp;
> - r = lxc_grow_array((void ***)&info_ptr->created_paths,
> &info_ptr->created_paths_capacity, info_ptr->created_paths_count + 1, 8);
> - if (r < 0)
> - goto out_initial_error;
> -
> info_ptr->created_paths[info_ptr->created_paths_count++] = strdup(tmp);
> - } else {
> - free(info_ptr->cgroup_path);
> - info_ptr->cgroup_path = new_cgroup_paths[i];
> - info_ptr->cgroup_path_sub = new_cgroup_paths_sub[i];
> - }
> + if (lxc_string_in_array("ns", (const char
> **)info_ptr->hierarchy->subsystems))
> + continue;
> + free(info_ptr->cgroup_path);
> + info_ptr->cgroup_path = new_cgroup_paths[i];
> + info_ptr->cgroup_path_sub = new_cgroup_paths_sub[i];
> }
> /* don't use lxc_free_array since we used the array members
> * to store them in our result...
> @@ -868,6 +857,36 @@ out_initial_error:
> return NULL;
> }
>
> +int lxc_cgroup_create_legacy(struct cgroup_process_info *base_info, const
> char *name, pid_t pid)
> +{
> + struct cgroup_process_info *info_ptr;
> + int r;
> +
> + for (info_ptr = base_info; info_ptr; info_ptr = info_ptr->next) {
> + if (!lxc_string_in_array("ns", (const char
> **)info_ptr->hierarchy->subsystems))
> + continue;
> + /*
> + * For any path which has ns cgroup mounted, handler->pid is
> already
> + * moved into a container called '%d % (handler->pid)'. Rename
> it to
> + * the cgroup name and record that.
> + */
> + char *tmp = cgroup_rename_nsgroup((const char
> *)info_ptr->designated_mount_point->mount_point,
> + info_ptr->cgroup_path, pid, name);
> + if (!tmp)
> + return -1;
> + free(info_ptr->cgroup_path);
> + info_ptr->cgroup_path = tmp;
> + r = lxc_grow_array((void ***)&info_ptr->created_paths,
> &info_ptr->created_paths_capacity, info_ptr->created_paths_count + 1, 8);
> + if (r < 0)
> + return -1;
> + tmp = strdup(tmp);
> + if (!tmp)
> + return -1;
> + info_ptr->created_paths[info_ptr->created_paths_count++] = tmp;
> + }
> + return 0;
> +}
> +
> /* get the cgroup membership of a given container */
> struct cgroup_process_info *lxc_cgroup_get_container_info(const char *name,
> const char *lxcpath, struct cgroup_meta_data *meta_data)
> {
> diff --git a/src/lxc/cgroup.h b/src/lxc/cgroup.h
> index bd2da25..2555390 100644
> --- a/src/lxc/cgroup.h
> +++ b/src/lxc/cgroup.h
> @@ -113,7 +113,8 @@ extern struct cgroup_process_info
> *lxc_cgroup_process_info_get_init(struct cgrou
> extern struct cgroup_process_info *lxc_cgroup_process_info_get_self(struct
> cgroup_meta_data *meta);
>
> /* create a new cgroup */
> -extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const
> char *path_pattern, struct cgroup_meta_data *meta_data, const char
> *sub_pattern, int pid);
> +extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const
> char *path_pattern, struct cgroup_meta_data *meta_data, const char
> *sub_pattern);
> +extern int lxc_cgroup_create_legacy(struct cgroup_process_info *base_info,
> const char *name, pid_t pid);
>
> /* get the cgroup membership of a given container */
> extern struct cgroup_process_info *lxc_cgroup_get_container_info(const char
> *name, const char *lxcpath, struct cgroup_meta_data *meta_data);
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index 6e95ff1..56a2e6b 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -663,6 +663,14 @@ int lxc_spawn(struct lxc_handler *handler)
> if (!cgroup_pattern)
> cgroup_pattern = "%n";
>
> + /* Create cgroup before doing clone(), so the child will know from
> + * handler which cgroup it is going to be put in later.
> + */
> + if ((handler->cgroup = lxc_cgroup_create(name, cgroup_pattern,
> cgroup_meta, NULL)) == NULL) {
> + ERROR("failed to create cgroups for '%s'", name);
> + goto out_delete_net;
> + }
> +
> /*
> * if the rootfs is not a blockdev, prevent the container from
> * marking it readonly.
> @@ -684,8 +692,11 @@ int lxc_spawn(struct lxc_handler *handler)
> if (lxc_sync_wait_child(handler, LXC_SYNC_CONFIGURE))
> failed_before_rename = 1;
>
> - if ((handler->cgroup = lxc_cgroup_create(name, cgroup_pattern,
> cgroup_meta, NULL, handler->pid)) == NULL) {
> - ERROR("failed to create cgroups for '%s'", name);
> + /* In case there is still legacy ns cgroup support in the kernel.
> + * Should be removed at some later point in time.
> + */
> + if (lxc_cgroup_create_legacy(handler->cgroup, name, handler->pid) < 0) {
> + ERROR("failed to create legacy ns cgroups for '%s'", name);
> goto out_delete_net;
> }
>
> --
> 1.7.10.4
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. Consolidate legacy IT systems to a single system of record for IT
> 2. Standardize and globalize service processes across IT
> 3. Implement zero-touch automation to replace manual, redundant tasks
> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
