[Devel] [PATCH RH8] ve/cgroup: hide ve and ub cgroups in CT

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Mon Apr 26 11:36:46 MSK 2021 

The corresponding hunk in proc_cgroupstats_show is missing.

On 4/26/21 10:17 AM, Andrey Zhadchenko wrote:
> From: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> 
> Reasons:
> 1) We don't need to show these cgroups in CT, they are vz specific,
> and nobody should use them inside.
> 2) Docker from v17.11 checks that all cgroups are mounted, but we
> don't mount beancounter and ve, thus docker fails.
> 
> Still show ve and ub for pseudosuper, so that these change does not
> influence criu. I checked that with these patch c/r of container works
> fine and values in ve cgroup files persist.
> 
> Docker ct starts fine after these change.
> 
> https://jira.sw.ru/browse/PSBM-80421
> 
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> Reviewed-by: Cyrill Gorcunov <gorcunov at openvz.org>
> 
> Rebased to vz8:
>   - Deleted beancounter
>   - Added #ifdef CONFIG_VE
> 
> (cherry picked from d1580bf6a02ab7d2bedf4b6ecd506a2c6a44d59e)
> Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
> ---
>   kernel/cgroup/cgroup.c | 20 ++++++++++++++++++++
>   1 file changed, 20 insertions(+)
> 
> diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
> index 779a71b..bb04943 100644
> --- a/kernel/cgroup/cgroup.c
> +++ b/kernel/cgroup/cgroup.c
> @@ -5984,6 +5984,21 @@ void cgroup_path_from_kernfs_id(const union kernfs_node_id *id,
>   	kernfs_put(kn);
>   }
>   
> +#ifdef CONFIG_VE
> +static int ve_hide_cgroups(struct cgroup_root *root)
> +{
> +	struct ve_struct *ve = get_exec_env();
> +	unsigned long hidden_mask = (1UL << ve_cgrp_id);
> +
> +	/*
> +	 * Hide ve cgroup in CT for docker,
> +	 * still showing it to pseudosuper (criu)
> +	 */
> +	return !ve_is_super(ve) && !ve->is_pseudosuper
> +		&& (root->subsys_mask & hidden_mask);
> +}
> +#endif
> +
>   /*
>    * proc_cgroup_show()
>    *  - Print task's cgroup paths into seq_file, one line for each hierarchy
> @@ -6012,6 +6027,11 @@ int proc_cgroup_show(struct seq_file *m, struct pid_namespace *ns,
>   		if (root == &cgrp_dfl_root && !cgrp_dfl_visible)
>   			continue;
>   
> +#ifdef CONFIG_VE
> +		if (ve_hide_cgroups(root))
> +			continue;
> +#endif
> +
>   		seq_printf(m, "%d:", root->hierarchy_id);
>   		if (root != &cgrp_dfl_root)
>   			for_each_subsys(ss, ssid)
> 

-- 
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.

More information about the Devel mailing list