[Devel] [PATCH RHEL7 COMMIT] ve/cgroup: Temporary allow writting cgroups files inside container

Konstantin Khorenko khorenko at odin.com
Wed May 20 05:13:32 PDT 2015 

The commit is pushed to "branch-rh7-3.10.0-123.1.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-123.1.2.vz7.5.4
------>
commit 4bf649a4b610948fab9b43583961c5e1635938f5
Author: Cyrill Gorcunov <gorcunov at odin.com>
Date:   Wed May 20 16:13:32 2015 +0400

    ve/cgroup: Temporary allow writting cgroups files inside container
    
    When we restore containers via CRIU we're writting cgroup values from
    images into appropriate entries. In particualer we're moving tasks
    into beancounter cgroup and such.
    
    For plain start/stop relaxing this restriction to VE cgroup only was
    enough but it caused problems on restore of complete container: we
    simply refuse to continue restoring because we can't attach restored
    task into beancounter cgroup.
    
    So for a while, to test c/r cycles (I got another problems here)
    I disabled this check but we need somehow to reenable it back.
    The best option would be to somehow figure out that it's CRIU
    who is writting the values (or maybe play with current::nsproxy::fowner_ve).
    Anyway, here is a WARN_ON which will nag us to fix the problem.
    
    khorenko@: this is a temporary solution, we allow this in order
    not to block CT online migration via CRIU further integration.
    
    We'll disable this functionality later in the scope of:
    https://jira.sw.ru/browse/PSBM-33664
    
    Signed-off-by: Cyrill Gorcunov <gorcunov at odin.com>
    
    CC: Vladimir Davydov <vdavydov at odin.com>
    CC: Konstantin Khorenko <khorenko at odin.com>
    CC: Pavel Emelyanov <xemul at odin.com>
    CC: Andrey Vagin <avagin at odin.com>
---
 kernel/cgroup.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 58caa0d..52c7502 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -2361,10 +2361,10 @@ static ssize_t cgroup_file_write(struct file *file, const char __user *buf,
 	 * userspace from ve0 should *never* bindmount it
 	 * inside a container FS.
 	 */
-	if (!ve_is_super(get_exec_env())			&&
-	    !(cgrp->root->subsys_mask & (1UL << ve_subsys_id))	&&
-	    (!cgrp->parent || !cgrp->parent->parent))
-		return -EACCES;
+	if (!ve_is_super(get_exec_env())) {
+		if (!cgrp->parent || !cgrp->parent->parent)
+			pr_warn_once("FIXME: Write into toplevel cgroup, restore?");
+	}
 #endif
 
 	if (cgroup_is_removed(cgrp))

More information about the Devel mailing list