[Devel] [PATCH RHEL7 COMMIT] ve/cgroup: fix mangle root in CT
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Sep 1 05:13:30 PDT 2015
The commit is pushed to "branch-rh7-3.10.0-229.7.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.6.5
------>
commit 1518ff8ef0a78d8be1b19774506f355424103e9a
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date: Tue Sep 1 16:13:30 2015 +0400
ve/cgroup: fix mangle root in CT
cgroups with depth level more than 2 were not mangled inside a
container, that might caused problems with docker, docker were able
to see in /proc/self/cgroup paths relative to host.
But it is not docker specific:
CT-103 /# mkdir /sys/fs/cgroup/devices/test.slice
CT-103 /# mkdir /sys/fs/cgroup/devices/test.slice/test.scope
CT-103 /# sleep 1000&
[1] 578
CT-103 /# echo 578 > /sys/fs/cgroup/devices/test.slice/test.scope/tasks
with patch:
CT-103 /# cat /proc/578/cgroup
16:ve:/
15:hugetlb:/
14:perf_event:/
12:net_cls:/
11:freezer:/
10:devices:/test.slice/test.scope
6:name=systemd:/user-0.slice/session-c109.scope
5:cpuset:/
4:cpuacct,cpu:/
3:beancounter:/
2:memory:/
1:blkio:/
without:
CT-103 /# cat /proc/480/cgroup
16:ve:/
15:hugetlb:/
14:perf_event:/
12:net_cls:/
11:freezer:/
10:devices:/103/test.slice/test.scope
6:name=systemd:/user.slice/user-0.slice/session-c2.scope
5:cpuset:/
4:cpuacct,cpu:/
3:beancounter:/
2:memory:/
1:blkio:/
https://jira.sw.ru/browse/PSBM-38634
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Reviewed-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
khorenko@: this fix is quite inflexible, if we move CTs into
machine.slice, we have to rework it.
But i accept it because we are still not sure with final
cgroups "virtualization" implementation => less work right now
which can be later dropped.
---
kernel/cgroup.c | 35 ++++++++++++++++++++---------------
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index d96176e..a07c4e0 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1808,6 +1808,7 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen)
{
int ret = -ENAMETOOLONG;
char *start;
+ struct ve_struct *ve = get_exec_env();
if (!cgrp->parent) {
if (strlcpy(buf, "/", buflen) >= buflen)
@@ -1815,21 +1816,6 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen)
return 0;
}
-#ifdef CONFIG_VE
- /*
- * Containers cgroups are bind-mounted from node
- * so they are like '/' from inside, thus we have
- * to mangle cgroup path output.
- */
- if (!ve_is_super(get_exec_env())) {
- if (cgrp->parent && !cgrp->parent->parent) {
- if (strlcpy(buf, "/", buflen) >= buflen)
- return -ENAMETOOLONG;
- return 0;
- }
- }
-#endif
-
start = buf + buflen - 1;
*start = '\0';
@@ -1838,6 +1824,25 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen)
const char *name = cgroup_name(cgrp);
int len;
+#ifdef CONFIG_VE
+ if (!ve_is_super(ve) && cgrp->parent && !cgrp->parent->parent) {
+ /*
+ * Containers cgroups are bind-mounted from node
+ * so they are like '/' from inside, thus we have
+ * to mangle cgroup path output. Effectively it is
+ * enough to remove two topmost cgroups from path.
+ * e.g. in ct 101: /101/test.slice/test.scope ->
+ * /test.slice/test.scope
+ */
+ if (*start != '/') {
+ if (--start < buf)
+ goto out;
+ *start = '/';
+ }
+ break;
+ }
+#endif
+
len = strlen(name);
if ((start -= len) < buf)
goto out;
More information about the Devel
mailing list