]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/cgroup-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #8417 from brauner/2018-03-09/add_bind_mount_fallback_to_private_d...
[thirdparty/systemd.git] / src / basic / cgroup-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6 ***/
7
8 #include <dirent.h>
9 #include <errno.h>
10 #include <ftw.h>
11 #include <limits.h>
12 #include <signal.h>
13 #include <stddef.h>
14 #include <stdio_ext.h>
15 #include <stdlib.h>
16 #include <string.h>
17 #include <sys/stat.h>
18 #include <sys/statfs.h>
19 #include <sys/types.h>
20 #include <sys/xattr.h>
21 #include <unistd.h>
22
23 #include "alloc-util.h"
24 #include "cgroup-util.h"
25 #include "def.h"
26 #include "dirent-util.h"
27 #include "extract-word.h"
28 #include "fd-util.h"
29 #include "fileio.h"
30 #include "format-util.h"
31 #include "fs-util.h"
32 #include "log.h"
33 #include "login-util.h"
34 #include "macro.h"
35 #include "missing.h"
36 #include "mkdir.h"
37 #include "parse-util.h"
38 #include "path-util.h"
39 #include "proc-cmdline.h"
40 #include "process-util.h"
41 #include "set.h"
42 #include "special.h"
43 #include "stat-util.h"
44 #include "stdio-util.h"
45 #include "string-table.h"
46 #include "string-util.h"
47 #include "strv.h"
48 #include "unit-name.h"
49 #include "user-util.h"
50
51 int cg_enumerate_processes(const char *controller, const char *path, FILE **_f) {
52 _cleanup_free_ char *fs = NULL;
53 FILE *f;
54 int r;
55
56 assert(_f);
57
58 r = cg_get_path(controller, path, "cgroup.procs", &fs);
59 if (r < 0)
60 return r;
61
62 f = fopen(fs, "re");
63 if (!f)
64 return -errno;
65
66 *_f = f;
67 return 0;
68 }
69
70 int cg_read_pid(FILE *f, pid_t *_pid) {
71 unsigned long ul;
72
73 /* Note that the cgroup.procs might contain duplicates! See
74 * cgroups.txt for details. */
75
76 assert(f);
77 assert(_pid);
78
79 errno = 0;
80 if (fscanf(f, "%lu", &ul) != 1) {
81
82 if (feof(f))
83 return 0;
84
85 return errno > 0 ? -errno : -EIO;
86 }
87
88 if (ul <= 0)
89 return -EIO;
90
91 *_pid = (pid_t) ul;
92 return 1;
93 }
94
95 int cg_read_event(
96 const char *controller,
97 const char *path,
98 const char *event,
99 char **val) {
100
101 _cleanup_free_ char *events = NULL, *content = NULL;
102 char *p, *line;
103 int r;
104
105 r = cg_get_path(controller, path, "cgroup.events", &events);
106 if (r < 0)
107 return r;
108
109 r = read_full_file(events, &content, NULL);
110 if (r < 0)
111 return r;
112
113 p = content;
114 while ((line = strsep(&p, "\n"))) {
115 char *key;
116
117 key = strsep(&line, " ");
118 if (!key || !line)
119 return -EINVAL;
120
121 if (strcmp(key, event))
122 continue;
123
124 *val = strdup(line);
125 return 0;
126 }
127
128 return -ENOENT;
129 }
130
131 bool cg_ns_supported(void) {
132 static thread_local int enabled = -1;
133
134 if (enabled >= 0)
135 return enabled;
136
137 if (access("/proc/self/ns/cgroup", F_OK) == 0)
138 enabled = 1;
139 else
140 enabled = 0;
141
142 return enabled;
143 }
144
145 int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d) {
146 _cleanup_free_ char *fs = NULL;
147 int r;
148 DIR *d;
149
150 assert(_d);
151
152 /* This is not recursive! */
153
154 r = cg_get_path(controller, path, NULL, &fs);
155 if (r < 0)
156 return r;
157
158 d = opendir(fs);
159 if (!d)
160 return -errno;
161
162 *_d = d;
163 return 0;
164 }
165
166 int cg_read_subgroup(DIR *d, char **fn) {
167 struct dirent *de;
168
169 assert(d);
170 assert(fn);
171
172 FOREACH_DIRENT_ALL(de, d, return -errno) {
173 char *b;
174
175 if (de->d_type != DT_DIR)
176 continue;
177
178 if (dot_or_dot_dot(de->d_name))
179 continue;
180
181 b = strdup(de->d_name);
182 if (!b)
183 return -ENOMEM;
184
185 *fn = b;
186 return 1;
187 }
188
189 return 0;
190 }
191
192 int cg_rmdir(const char *controller, const char *path) {
193 _cleanup_free_ char *p = NULL;
194 int r;
195
196 r = cg_get_path(controller, path, NULL, &p);
197 if (r < 0)
198 return r;
199
200 r = rmdir(p);
201 if (r < 0 && errno != ENOENT)
202 return -errno;
203
204 r = cg_hybrid_unified();
205 if (r < 0)
206 return r;
207 if (r == 0)
208 return 0;
209
210 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
211 r = cg_rmdir(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path);
212 if (r < 0)
213 log_warning_errno(r, "Failed to remove compat systemd cgroup %s: %m", path);
214 }
215
216 return 0;
217 }
218
219 int cg_kill(
220 const char *controller,
221 const char *path,
222 int sig,
223 CGroupFlags flags,
224 Set *s,
225 cg_kill_log_func_t log_kill,
226 void *userdata) {
227
228 _cleanup_set_free_ Set *allocated_set = NULL;
229 bool done = false;
230 int r, ret = 0;
231 pid_t my_pid;
232
233 assert(sig >= 0);
234
235 /* Don't send SIGCONT twice. Also, SIGKILL always works even when process is suspended, hence don't send
236 * SIGCONT on SIGKILL. */
237 if (IN_SET(sig, SIGCONT, SIGKILL))
238 flags &= ~CGROUP_SIGCONT;
239
240 /* This goes through the tasks list and kills them all. This
241 * is repeated until no further processes are added to the
242 * tasks list, to properly handle forking processes */
243
244 if (!s) {
245 s = allocated_set = set_new(NULL);
246 if (!s)
247 return -ENOMEM;
248 }
249
250 my_pid = getpid_cached();
251
252 do {
253 _cleanup_fclose_ FILE *f = NULL;
254 pid_t pid = 0;
255 done = true;
256
257 r = cg_enumerate_processes(controller, path, &f);
258 if (r < 0) {
259 if (ret >= 0 && r != -ENOENT)
260 return r;
261
262 return ret;
263 }
264
265 while ((r = cg_read_pid(f, &pid)) > 0) {
266
267 if ((flags & CGROUP_IGNORE_SELF) && pid == my_pid)
268 continue;
269
270 if (set_get(s, PID_TO_PTR(pid)) == PID_TO_PTR(pid))
271 continue;
272
273 if (log_kill)
274 log_kill(pid, sig, userdata);
275
276 /* If we haven't killed this process yet, kill
277 * it */
278 if (kill(pid, sig) < 0) {
279 if (ret >= 0 && errno != ESRCH)
280 ret = -errno;
281 } else {
282 if (flags & CGROUP_SIGCONT)
283 (void) kill(pid, SIGCONT);
284
285 if (ret == 0)
286 ret = 1;
287 }
288
289 done = false;
290
291 r = set_put(s, PID_TO_PTR(pid));
292 if (r < 0) {
293 if (ret >= 0)
294 return r;
295
296 return ret;
297 }
298 }
299
300 if (r < 0) {
301 if (ret >= 0)
302 return r;
303
304 return ret;
305 }
306
307 /* To avoid racing against processes which fork
308 * quicker than we can kill them we repeat this until
309 * no new pids need to be killed. */
310
311 } while (!done);
312
313 return ret;
314 }
315
316 int cg_kill_recursive(
317 const char *controller,
318 const char *path,
319 int sig,
320 CGroupFlags flags,
321 Set *s,
322 cg_kill_log_func_t log_kill,
323 void *userdata) {
324
325 _cleanup_set_free_ Set *allocated_set = NULL;
326 _cleanup_closedir_ DIR *d = NULL;
327 int r, ret;
328 char *fn;
329
330 assert(path);
331 assert(sig >= 0);
332
333 if (!s) {
334 s = allocated_set = set_new(NULL);
335 if (!s)
336 return -ENOMEM;
337 }
338
339 ret = cg_kill(controller, path, sig, flags, s, log_kill, userdata);
340
341 r = cg_enumerate_subgroups(controller, path, &d);
342 if (r < 0) {
343 if (ret >= 0 && r != -ENOENT)
344 return r;
345
346 return ret;
347 }
348
349 while ((r = cg_read_subgroup(d, &fn)) > 0) {
350 _cleanup_free_ char *p = NULL;
351
352 p = strjoin(path, "/", fn);
353 free(fn);
354 if (!p)
355 return -ENOMEM;
356
357 r = cg_kill_recursive(controller, p, sig, flags, s, log_kill, userdata);
358 if (r != 0 && ret >= 0)
359 ret = r;
360 }
361 if (ret >= 0 && r < 0)
362 ret = r;
363
364 if (flags & CGROUP_REMOVE) {
365 r = cg_rmdir(controller, path);
366 if (r < 0 && ret >= 0 && !IN_SET(r, -ENOENT, -EBUSY))
367 return r;
368 }
369
370 return ret;
371 }
372
373 int cg_migrate(
374 const char *cfrom,
375 const char *pfrom,
376 const char *cto,
377 const char *pto,
378 CGroupFlags flags) {
379
380 bool done = false;
381 _cleanup_set_free_ Set *s = NULL;
382 int r, ret = 0;
383 pid_t my_pid;
384
385 assert(cfrom);
386 assert(pfrom);
387 assert(cto);
388 assert(pto);
389
390 s = set_new(NULL);
391 if (!s)
392 return -ENOMEM;
393
394 my_pid = getpid_cached();
395
396 do {
397 _cleanup_fclose_ FILE *f = NULL;
398 pid_t pid = 0;
399 done = true;
400
401 r = cg_enumerate_processes(cfrom, pfrom, &f);
402 if (r < 0) {
403 if (ret >= 0 && r != -ENOENT)
404 return r;
405
406 return ret;
407 }
408
409 while ((r = cg_read_pid(f, &pid)) > 0) {
410
411 /* This might do weird stuff if we aren't a
412 * single-threaded program. However, we
413 * luckily know we are not */
414 if ((flags & CGROUP_IGNORE_SELF) && pid == my_pid)
415 continue;
416
417 if (set_get(s, PID_TO_PTR(pid)) == PID_TO_PTR(pid))
418 continue;
419
420 /* Ignore kernel threads. Since they can only
421 * exist in the root cgroup, we only check for
422 * them there. */
423 if (cfrom &&
424 (isempty(pfrom) || path_equal(pfrom, "/")) &&
425 is_kernel_thread(pid) > 0)
426 continue;
427
428 r = cg_attach(cto, pto, pid);
429 if (r < 0) {
430 if (ret >= 0 && r != -ESRCH)
431 ret = r;
432 } else if (ret == 0)
433 ret = 1;
434
435 done = false;
436
437 r = set_put(s, PID_TO_PTR(pid));
438 if (r < 0) {
439 if (ret >= 0)
440 return r;
441
442 return ret;
443 }
444 }
445
446 if (r < 0) {
447 if (ret >= 0)
448 return r;
449
450 return ret;
451 }
452 } while (!done);
453
454 return ret;
455 }
456
457 int cg_migrate_recursive(
458 const char *cfrom,
459 const char *pfrom,
460 const char *cto,
461 const char *pto,
462 CGroupFlags flags) {
463
464 _cleanup_closedir_ DIR *d = NULL;
465 int r, ret = 0;
466 char *fn;
467
468 assert(cfrom);
469 assert(pfrom);
470 assert(cto);
471 assert(pto);
472
473 ret = cg_migrate(cfrom, pfrom, cto, pto, flags);
474
475 r = cg_enumerate_subgroups(cfrom, pfrom, &d);
476 if (r < 0) {
477 if (ret >= 0 && r != -ENOENT)
478 return r;
479
480 return ret;
481 }
482
483 while ((r = cg_read_subgroup(d, &fn)) > 0) {
484 _cleanup_free_ char *p = NULL;
485
486 p = strjoin(pfrom, "/", fn);
487 free(fn);
488 if (!p)
489 return -ENOMEM;
490
491 r = cg_migrate_recursive(cfrom, p, cto, pto, flags);
492 if (r != 0 && ret >= 0)
493 ret = r;
494 }
495
496 if (r < 0 && ret >= 0)
497 ret = r;
498
499 if (flags & CGROUP_REMOVE) {
500 r = cg_rmdir(cfrom, pfrom);
501 if (r < 0 && ret >= 0 && !IN_SET(r, -ENOENT, -EBUSY))
502 return r;
503 }
504
505 return ret;
506 }
507
508 int cg_migrate_recursive_fallback(
509 const char *cfrom,
510 const char *pfrom,
511 const char *cto,
512 const char *pto,
513 CGroupFlags flags) {
514
515 int r;
516
517 assert(cfrom);
518 assert(pfrom);
519 assert(cto);
520 assert(pto);
521
522 r = cg_migrate_recursive(cfrom, pfrom, cto, pto, flags);
523 if (r < 0) {
524 char prefix[strlen(pto) + 1];
525
526 /* This didn't work? Then let's try all prefixes of the destination */
527
528 PATH_FOREACH_PREFIX(prefix, pto) {
529 int q;
530
531 q = cg_migrate_recursive(cfrom, pfrom, cto, prefix, flags);
532 if (q >= 0)
533 return q;
534 }
535 }
536
537 return r;
538 }
539
540 static const char *controller_to_dirname(const char *controller) {
541 const char *e;
542
543 assert(controller);
544
545 /* Converts a controller name to the directory name below
546 * /sys/fs/cgroup/ we want to mount it to. Effectively, this
547 * just cuts off the name= prefixed used for named
548 * hierarchies, if it is specified. */
549
550 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
551 if (cg_hybrid_unified() > 0)
552 controller = SYSTEMD_CGROUP_CONTROLLER_HYBRID;
553 else
554 controller = SYSTEMD_CGROUP_CONTROLLER_LEGACY;
555 }
556
557 e = startswith(controller, "name=");
558 if (e)
559 return e;
560
561 return controller;
562 }
563
564 static int join_path_legacy(const char *controller, const char *path, const char *suffix, char **fs) {
565 const char *dn;
566 char *t = NULL;
567
568 assert(fs);
569 assert(controller);
570
571 dn = controller_to_dirname(controller);
572
573 if (isempty(path) && isempty(suffix))
574 t = strappend("/sys/fs/cgroup/", dn);
575 else if (isempty(path))
576 t = strjoin("/sys/fs/cgroup/", dn, "/", suffix);
577 else if (isempty(suffix))
578 t = strjoin("/sys/fs/cgroup/", dn, "/", path);
579 else
580 t = strjoin("/sys/fs/cgroup/", dn, "/", path, "/", suffix);
581 if (!t)
582 return -ENOMEM;
583
584 *fs = t;
585 return 0;
586 }
587
588 static int join_path_unified(const char *path, const char *suffix, char **fs) {
589 char *t;
590
591 assert(fs);
592
593 if (isempty(path) && isempty(suffix))
594 t = strdup("/sys/fs/cgroup");
595 else if (isempty(path))
596 t = strappend("/sys/fs/cgroup/", suffix);
597 else if (isempty(suffix))
598 t = strappend("/sys/fs/cgroup/", path);
599 else
600 t = strjoin("/sys/fs/cgroup/", path, "/", suffix);
601 if (!t)
602 return -ENOMEM;
603
604 *fs = t;
605 return 0;
606 }
607
608 int cg_get_path(const char *controller, const char *path, const char *suffix, char **fs) {
609 int r;
610
611 assert(fs);
612
613 if (!controller) {
614 char *t;
615
616 /* If no controller is specified, we return the path
617 * *below* the controllers, without any prefix. */
618
619 if (!path && !suffix)
620 return -EINVAL;
621
622 if (!suffix)
623 t = strdup(path);
624 else if (!path)
625 t = strdup(suffix);
626 else
627 t = strjoin(path, "/", suffix);
628 if (!t)
629 return -ENOMEM;
630
631 *fs = path_kill_slashes(t);
632 return 0;
633 }
634
635 if (!cg_controller_is_valid(controller))
636 return -EINVAL;
637
638 r = cg_all_unified();
639 if (r < 0)
640 return r;
641 if (r > 0)
642 r = join_path_unified(path, suffix, fs);
643 else
644 r = join_path_legacy(controller, path, suffix, fs);
645 if (r < 0)
646 return r;
647
648 path_kill_slashes(*fs);
649 return 0;
650 }
651
652 static int controller_is_accessible(const char *controller) {
653 int r;
654
655 assert(controller);
656
657 /* Checks whether a specific controller is accessible,
658 * i.e. its hierarchy mounted. In the unified hierarchy all
659 * controllers are considered accessible, except for the named
660 * hierarchies */
661
662 if (!cg_controller_is_valid(controller))
663 return -EINVAL;
664
665 r = cg_all_unified();
666 if (r < 0)
667 return r;
668 if (r > 0) {
669 /* We don't support named hierarchies if we are using
670 * the unified hierarchy. */
671
672 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER))
673 return 0;
674
675 if (startswith(controller, "name="))
676 return -EOPNOTSUPP;
677
678 } else {
679 const char *cc, *dn;
680
681 dn = controller_to_dirname(controller);
682 cc = strjoina("/sys/fs/cgroup/", dn);
683
684 if (laccess(cc, F_OK) < 0)
685 return -errno;
686 }
687
688 return 0;
689 }
690
691 int cg_get_path_and_check(const char *controller, const char *path, const char *suffix, char **fs) {
692 int r;
693
694 assert(controller);
695 assert(fs);
696
697 /* Check if the specified controller is actually accessible */
698 r = controller_is_accessible(controller);
699 if (r < 0)
700 return r;
701
702 return cg_get_path(controller, path, suffix, fs);
703 }
704
705 static int trim_cb(const char *path, const struct stat *sb, int typeflag, struct FTW *ftwbuf) {
706 assert(path);
707 assert(sb);
708 assert(ftwbuf);
709
710 if (typeflag != FTW_DP)
711 return 0;
712
713 if (ftwbuf->level < 1)
714 return 0;
715
716 (void) rmdir(path);
717 return 0;
718 }
719
720 int cg_trim(const char *controller, const char *path, bool delete_root) {
721 _cleanup_free_ char *fs = NULL;
722 int r = 0, q;
723
724 assert(path);
725
726 r = cg_get_path(controller, path, NULL, &fs);
727 if (r < 0)
728 return r;
729
730 errno = 0;
731 if (nftw(fs, trim_cb, 64, FTW_DEPTH|FTW_MOUNT|FTW_PHYS) != 0) {
732 if (errno == ENOENT)
733 r = 0;
734 else if (errno > 0)
735 r = -errno;
736 else
737 r = -EIO;
738 }
739
740 if (delete_root) {
741 if (rmdir(fs) < 0 && errno != ENOENT)
742 return -errno;
743 }
744
745 q = cg_hybrid_unified();
746 if (q < 0)
747 return q;
748 if (q > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
749 q = cg_trim(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, delete_root);
750 if (q < 0)
751 log_warning_errno(q, "Failed to trim compat systemd cgroup %s: %m", path);
752 }
753
754 return r;
755 }
756
757 int cg_create(const char *controller, const char *path) {
758 _cleanup_free_ char *fs = NULL;
759 int r;
760
761 r = cg_get_path_and_check(controller, path, NULL, &fs);
762 if (r < 0)
763 return r;
764
765 r = mkdir_parents(fs, 0755);
766 if (r < 0)
767 return r;
768
769 r = mkdir_errno_wrapper(fs, 0755);
770 if (r == -EEXIST)
771 return 0;
772 if (r < 0)
773 return r;
774
775 r = cg_hybrid_unified();
776 if (r < 0)
777 return r;
778
779 if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
780 r = cg_create(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path);
781 if (r < 0)
782 log_warning_errno(r, "Failed to create compat systemd cgroup %s: %m", path);
783 }
784
785 return 1;
786 }
787
788 int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
789 int r, q;
790
791 assert(pid >= 0);
792
793 r = cg_create(controller, path);
794 if (r < 0)
795 return r;
796
797 q = cg_attach(controller, path, pid);
798 if (q < 0)
799 return q;
800
801 /* This does not remove the cgroup on failure */
802 return r;
803 }
804
805 int cg_attach(const char *controller, const char *path, pid_t pid) {
806 _cleanup_free_ char *fs = NULL;
807 char c[DECIMAL_STR_MAX(pid_t) + 2];
808 int r;
809
810 assert(path);
811 assert(pid >= 0);
812
813 r = cg_get_path_and_check(controller, path, "cgroup.procs", &fs);
814 if (r < 0)
815 return r;
816
817 if (pid == 0)
818 pid = getpid_cached();
819
820 xsprintf(c, PID_FMT "\n", pid);
821
822 r = write_string_file(fs, c, 0);
823 if (r < 0)
824 return r;
825
826 r = cg_hybrid_unified();
827 if (r < 0)
828 return r;
829
830 if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
831 r = cg_attach(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, pid);
832 if (r < 0)
833 log_warning_errno(r, "Failed to attach "PID_FMT" to compat systemd cgroup %s: %m", pid, path);
834 }
835
836 return 0;
837 }
838
839 int cg_attach_fallback(const char *controller, const char *path, pid_t pid) {
840 int r;
841
842 assert(controller);
843 assert(path);
844 assert(pid >= 0);
845
846 r = cg_attach(controller, path, pid);
847 if (r < 0) {
848 char prefix[strlen(path) + 1];
849
850 /* This didn't work? Then let's try all prefixes of
851 * the destination */
852
853 PATH_FOREACH_PREFIX(prefix, path) {
854 int q;
855
856 q = cg_attach(controller, prefix, pid);
857 if (q >= 0)
858 return q;
859 }
860 }
861
862 return r;
863 }
864
865 int cg_set_access(
866 const char *controller,
867 const char *path,
868 uid_t uid,
869 gid_t gid) {
870
871 struct Attribute {
872 const char *name;
873 bool fatal;
874 };
875
876 /* cgroupsv1, aka legacy/non-unified */
877 static const struct Attribute legacy_attributes[] = {
878 { "cgroup.procs", true },
879 { "tasks", false },
880 { "cgroup.clone_children", false },
881 {},
882 };
883
884 /* cgroupsv2, aka unified */
885 static const struct Attribute unified_attributes[] = {
886 { "cgroup.procs", true },
887 { "cgroup.subtree_control", true },
888 { "cgroup.threads", false },
889 {},
890 };
891
892 static const struct Attribute* const attributes[] = {
893 [false] = legacy_attributes,
894 [true] = unified_attributes,
895 };
896
897 _cleanup_free_ char *fs = NULL;
898 const struct Attribute *i;
899 int r, unified;
900
901 assert(path);
902
903 if (uid == UID_INVALID && gid == GID_INVALID)
904 return 0;
905
906 unified = cg_unified_controller(controller);
907 if (unified < 0)
908 return unified;
909
910 /* Configure access to the cgroup itself */
911 r = cg_get_path(controller, path, NULL, &fs);
912 if (r < 0)
913 return r;
914
915 r = chmod_and_chown(fs, 0755, uid, gid);
916 if (r < 0)
917 return r;
918
919 /* Configure access to the cgroup's attributes */
920 for (i = attributes[unified]; i->name; i++) {
921 fs = mfree(fs);
922
923 r = cg_get_path(controller, path, i->name, &fs);
924 if (r < 0)
925 return r;
926
927 r = chmod_and_chown(fs, 0644, uid, gid);
928 if (r < 0) {
929 if (i->fatal)
930 return r;
931
932 log_debug_errno(r, "Failed to set access on cgroup %s, ignoring: %m", fs);
933 }
934 }
935
936 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
937 r = cg_hybrid_unified();
938 if (r < 0)
939 return r;
940 if (r > 0) {
941 /* Always propagate access mode from unified to legacy controller */
942 r = cg_set_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, uid, gid);
943 if (r < 0)
944 log_debug_errno(r, "Failed to set access on compatibility systemd cgroup %s, ignoring: %m", path);
945 }
946 }
947
948 return 0;
949 }
950
951 int cg_set_xattr(const char *controller, const char *path, const char *name, const void *value, size_t size, int flags) {
952 _cleanup_free_ char *fs = NULL;
953 int r;
954
955 assert(path);
956 assert(name);
957 assert(value || size <= 0);
958
959 r = cg_get_path(controller, path, NULL, &fs);
960 if (r < 0)
961 return r;
962
963 if (setxattr(fs, name, value, size, flags) < 0)
964 return -errno;
965
966 return 0;
967 }
968
969 int cg_get_xattr(const char *controller, const char *path, const char *name, void *value, size_t size) {
970 _cleanup_free_ char *fs = NULL;
971 ssize_t n;
972 int r;
973
974 assert(path);
975 assert(name);
976
977 r = cg_get_path(controller, path, NULL, &fs);
978 if (r < 0)
979 return r;
980
981 n = getxattr(fs, name, value, size);
982 if (n < 0)
983 return -errno;
984
985 return (int) n;
986 }
987
988 int cg_pid_get_path(const char *controller, pid_t pid, char **path) {
989 _cleanup_fclose_ FILE *f = NULL;
990 char line[LINE_MAX];
991 const char *fs, *controller_str;
992 size_t cs = 0;
993 int unified;
994
995 assert(path);
996 assert(pid >= 0);
997
998 if (controller) {
999 if (!cg_controller_is_valid(controller))
1000 return -EINVAL;
1001 } else
1002 controller = SYSTEMD_CGROUP_CONTROLLER;
1003
1004 unified = cg_unified_controller(controller);
1005 if (unified < 0)
1006 return unified;
1007 if (unified == 0) {
1008 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER))
1009 controller_str = SYSTEMD_CGROUP_CONTROLLER_LEGACY;
1010 else
1011 controller_str = controller;
1012
1013 cs = strlen(controller_str);
1014 }
1015
1016 fs = procfs_file_alloca(pid, "cgroup");
1017 f = fopen(fs, "re");
1018 if (!f)
1019 return errno == ENOENT ? -ESRCH : -errno;
1020
1021 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
1022
1023 FOREACH_LINE(line, f, return -errno) {
1024 char *e, *p;
1025
1026 truncate_nl(line);
1027
1028 if (unified) {
1029 e = startswith(line, "0:");
1030 if (!e)
1031 continue;
1032
1033 e = strchr(e, ':');
1034 if (!e)
1035 continue;
1036 } else {
1037 char *l;
1038 size_t k;
1039 const char *word, *state;
1040 bool found = false;
1041
1042 l = strchr(line, ':');
1043 if (!l)
1044 continue;
1045
1046 l++;
1047 e = strchr(l, ':');
1048 if (!e)
1049 continue;
1050
1051 *e = 0;
1052 FOREACH_WORD_SEPARATOR(word, k, l, ",", state)
1053 if (k == cs && memcmp(word, controller_str, cs) == 0) {
1054 found = true;
1055 break;
1056 }
1057 if (!found)
1058 continue;
1059 }
1060
1061 p = strdup(e + 1);
1062 if (!p)
1063 return -ENOMEM;
1064
1065 /* Truncate suffix indicating the process is a zombie */
1066 e = endswith(p, " (deleted)");
1067 if (e)
1068 *e = 0;
1069
1070 *path = p;
1071 return 0;
1072 }
1073
1074 return -ENODATA;
1075 }
1076
1077 int cg_install_release_agent(const char *controller, const char *agent) {
1078 _cleanup_free_ char *fs = NULL, *contents = NULL;
1079 const char *sc;
1080 int r;
1081
1082 assert(agent);
1083
1084 r = cg_unified_controller(controller);
1085 if (r < 0)
1086 return r;
1087 if (r > 0) /* doesn't apply to unified hierarchy */
1088 return -EOPNOTSUPP;
1089
1090 r = cg_get_path(controller, NULL, "release_agent", &fs);
1091 if (r < 0)
1092 return r;
1093
1094 r = read_one_line_file(fs, &contents);
1095 if (r < 0)
1096 return r;
1097
1098 sc = strstrip(contents);
1099 if (isempty(sc)) {
1100 r = write_string_file(fs, agent, 0);
1101 if (r < 0)
1102 return r;
1103 } else if (!path_equal(sc, agent))
1104 return -EEXIST;
1105
1106 fs = mfree(fs);
1107 r = cg_get_path(controller, NULL, "notify_on_release", &fs);
1108 if (r < 0)
1109 return r;
1110
1111 contents = mfree(contents);
1112 r = read_one_line_file(fs, &contents);
1113 if (r < 0)
1114 return r;
1115
1116 sc = strstrip(contents);
1117 if (streq(sc, "0")) {
1118 r = write_string_file(fs, "1", 0);
1119 if (r < 0)
1120 return r;
1121
1122 return 1;
1123 }
1124
1125 if (!streq(sc, "1"))
1126 return -EIO;
1127
1128 return 0;
1129 }
1130
1131 int cg_uninstall_release_agent(const char *controller) {
1132 _cleanup_free_ char *fs = NULL;
1133 int r;
1134
1135 r = cg_unified_controller(controller);
1136 if (r < 0)
1137 return r;
1138 if (r > 0) /* Doesn't apply to unified hierarchy */
1139 return -EOPNOTSUPP;
1140
1141 r = cg_get_path(controller, NULL, "notify_on_release", &fs);
1142 if (r < 0)
1143 return r;
1144
1145 r = write_string_file(fs, "0", 0);
1146 if (r < 0)
1147 return r;
1148
1149 fs = mfree(fs);
1150
1151 r = cg_get_path(controller, NULL, "release_agent", &fs);
1152 if (r < 0)
1153 return r;
1154
1155 r = write_string_file(fs, "", 0);
1156 if (r < 0)
1157 return r;
1158
1159 return 0;
1160 }
1161
1162 int cg_is_empty(const char *controller, const char *path) {
1163 _cleanup_fclose_ FILE *f = NULL;
1164 pid_t pid;
1165 int r;
1166
1167 assert(path);
1168
1169 r = cg_enumerate_processes(controller, path, &f);
1170 if (r == -ENOENT)
1171 return 1;
1172 if (r < 0)
1173 return r;
1174
1175 r = cg_read_pid(f, &pid);
1176 if (r < 0)
1177 return r;
1178
1179 return r == 0;
1180 }
1181
1182 int cg_is_empty_recursive(const char *controller, const char *path) {
1183 int r;
1184
1185 assert(path);
1186
1187 /* The root cgroup is always populated */
1188 if (controller && (isempty(path) || path_equal(path, "/")))
1189 return false;
1190
1191 r = cg_unified_controller(controller);
1192 if (r < 0)
1193 return r;
1194 if (r > 0) {
1195 _cleanup_free_ char *t = NULL;
1196
1197 /* On the unified hierarchy we can check empty state
1198 * via the "populated" attribute of "cgroup.events". */
1199
1200 r = cg_read_event(controller, path, "populated", &t);
1201 if (r < 0)
1202 return r;
1203
1204 return streq(t, "0");
1205 } else {
1206 _cleanup_closedir_ DIR *d = NULL;
1207 char *fn;
1208
1209 r = cg_is_empty(controller, path);
1210 if (r <= 0)
1211 return r;
1212
1213 r = cg_enumerate_subgroups(controller, path, &d);
1214 if (r == -ENOENT)
1215 return 1;
1216 if (r < 0)
1217 return r;
1218
1219 while ((r = cg_read_subgroup(d, &fn)) > 0) {
1220 _cleanup_free_ char *p = NULL;
1221
1222 p = strjoin(path, "/", fn);
1223 free(fn);
1224 if (!p)
1225 return -ENOMEM;
1226
1227 r = cg_is_empty_recursive(controller, p);
1228 if (r <= 0)
1229 return r;
1230 }
1231 if (r < 0)
1232 return r;
1233
1234 return true;
1235 }
1236 }
1237
1238 int cg_split_spec(const char *spec, char **controller, char **path) {
1239 char *t = NULL, *u = NULL;
1240 const char *e;
1241
1242 assert(spec);
1243
1244 if (*spec == '/') {
1245 if (!path_is_normalized(spec))
1246 return -EINVAL;
1247
1248 if (path) {
1249 t = strdup(spec);
1250 if (!t)
1251 return -ENOMEM;
1252
1253 *path = path_kill_slashes(t);
1254 }
1255
1256 if (controller)
1257 *controller = NULL;
1258
1259 return 0;
1260 }
1261
1262 e = strchr(spec, ':');
1263 if (!e) {
1264 if (!cg_controller_is_valid(spec))
1265 return -EINVAL;
1266
1267 if (controller) {
1268 t = strdup(spec);
1269 if (!t)
1270 return -ENOMEM;
1271
1272 *controller = t;
1273 }
1274
1275 if (path)
1276 *path = NULL;
1277
1278 return 0;
1279 }
1280
1281 t = strndup(spec, e-spec);
1282 if (!t)
1283 return -ENOMEM;
1284 if (!cg_controller_is_valid(t)) {
1285 free(t);
1286 return -EINVAL;
1287 }
1288
1289 if (isempty(e+1))
1290 u = NULL;
1291 else {
1292 u = strdup(e+1);
1293 if (!u) {
1294 free(t);
1295 return -ENOMEM;
1296 }
1297
1298 if (!path_is_normalized(u) ||
1299 !path_is_absolute(u)) {
1300 free(t);
1301 free(u);
1302 return -EINVAL;
1303 }
1304
1305 path_kill_slashes(u);
1306 }
1307
1308 if (controller)
1309 *controller = t;
1310 else
1311 free(t);
1312
1313 if (path)
1314 *path = u;
1315 else
1316 free(u);
1317
1318 return 0;
1319 }
1320
1321 int cg_mangle_path(const char *path, char **result) {
1322 _cleanup_free_ char *c = NULL, *p = NULL;
1323 char *t;
1324 int r;
1325
1326 assert(path);
1327 assert(result);
1328
1329 /* First, check if it already is a filesystem path */
1330 if (path_startswith(path, "/sys/fs/cgroup")) {
1331
1332 t = strdup(path);
1333 if (!t)
1334 return -ENOMEM;
1335
1336 *result = path_kill_slashes(t);
1337 return 0;
1338 }
1339
1340 /* Otherwise, treat it as cg spec */
1341 r = cg_split_spec(path, &c, &p);
1342 if (r < 0)
1343 return r;
1344
1345 return cg_get_path(c ?: SYSTEMD_CGROUP_CONTROLLER, p ?: "/", NULL, result);
1346 }
1347
1348 int cg_get_root_path(char **path) {
1349 char *p, *e;
1350 int r;
1351
1352 assert(path);
1353
1354 r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 1, &p);
1355 if (r < 0)
1356 return r;
1357
1358 e = endswith(p, "/" SPECIAL_INIT_SCOPE);
1359 if (!e)
1360 e = endswith(p, "/" SPECIAL_SYSTEM_SLICE); /* legacy */
1361 if (!e)
1362 e = endswith(p, "/system"); /* even more legacy */
1363 if (e)
1364 *e = 0;
1365
1366 *path = p;
1367 return 0;
1368 }
1369
1370 int cg_shift_path(const char *cgroup, const char *root, const char **shifted) {
1371 _cleanup_free_ char *rt = NULL;
1372 char *p;
1373 int r;
1374
1375 assert(cgroup);
1376 assert(shifted);
1377
1378 if (!root) {
1379 /* If the root was specified let's use that, otherwise
1380 * let's determine it from PID 1 */
1381
1382 r = cg_get_root_path(&rt);
1383 if (r < 0)
1384 return r;
1385
1386 root = rt;
1387 }
1388
1389 p = path_startswith(cgroup, root);
1390 if (p && p > cgroup)
1391 *shifted = p - 1;
1392 else
1393 *shifted = cgroup;
1394
1395 return 0;
1396 }
1397
1398 int cg_pid_get_path_shifted(pid_t pid, const char *root, char **cgroup) {
1399 _cleanup_free_ char *raw = NULL;
1400 const char *c;
1401 int r;
1402
1403 assert(pid >= 0);
1404 assert(cgroup);
1405
1406 r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, pid, &raw);
1407 if (r < 0)
1408 return r;
1409
1410 r = cg_shift_path(raw, root, &c);
1411 if (r < 0)
1412 return r;
1413
1414 if (c == raw)
1415 *cgroup = TAKE_PTR(raw);
1416 else {
1417 char *n;
1418
1419 n = strdup(c);
1420 if (!n)
1421 return -ENOMEM;
1422
1423 *cgroup = n;
1424 }
1425
1426 return 0;
1427 }
1428
1429 int cg_path_decode_unit(const char *cgroup, char **unit) {
1430 char *c, *s;
1431 size_t n;
1432
1433 assert(cgroup);
1434 assert(unit);
1435
1436 n = strcspn(cgroup, "/");
1437 if (n < 3)
1438 return -ENXIO;
1439
1440 c = strndupa(cgroup, n);
1441 c = cg_unescape(c);
1442
1443 if (!unit_name_is_valid(c, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
1444 return -ENXIO;
1445
1446 s = strdup(c);
1447 if (!s)
1448 return -ENOMEM;
1449
1450 *unit = s;
1451 return 0;
1452 }
1453
1454 static bool valid_slice_name(const char *p, size_t n) {
1455
1456 if (!p)
1457 return false;
1458
1459 if (n < STRLEN("x.slice"))
1460 return false;
1461
1462 if (memcmp(p + n - 6, ".slice", 6) == 0) {
1463 char buf[n+1], *c;
1464
1465 memcpy(buf, p, n);
1466 buf[n] = 0;
1467
1468 c = cg_unescape(buf);
1469
1470 return unit_name_is_valid(c, UNIT_NAME_PLAIN);
1471 }
1472
1473 return false;
1474 }
1475
1476 static const char *skip_slices(const char *p) {
1477 assert(p);
1478
1479 /* Skips over all slice assignments */
1480
1481 for (;;) {
1482 size_t n;
1483
1484 p += strspn(p, "/");
1485
1486 n = strcspn(p, "/");
1487 if (!valid_slice_name(p, n))
1488 return p;
1489
1490 p += n;
1491 }
1492 }
1493
1494 int cg_path_get_unit(const char *path, char **ret) {
1495 const char *e;
1496 char *unit;
1497 int r;
1498
1499 assert(path);
1500 assert(ret);
1501
1502 e = skip_slices(path);
1503
1504 r = cg_path_decode_unit(e, &unit);
1505 if (r < 0)
1506 return r;
1507
1508 /* We skipped over the slices, don't accept any now */
1509 if (endswith(unit, ".slice")) {
1510 free(unit);
1511 return -ENXIO;
1512 }
1513
1514 *ret = unit;
1515 return 0;
1516 }
1517
1518 int cg_pid_get_unit(pid_t pid, char **unit) {
1519 _cleanup_free_ char *cgroup = NULL;
1520 int r;
1521
1522 assert(unit);
1523
1524 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1525 if (r < 0)
1526 return r;
1527
1528 return cg_path_get_unit(cgroup, unit);
1529 }
1530
1531 /**
1532 * Skip session-*.scope, but require it to be there.
1533 */
1534 static const char *skip_session(const char *p) {
1535 size_t n;
1536
1537 if (isempty(p))
1538 return NULL;
1539
1540 p += strspn(p, "/");
1541
1542 n = strcspn(p, "/");
1543 if (n < STRLEN("session-x.scope"))
1544 return NULL;
1545
1546 if (memcmp(p, "session-", 8) == 0 && memcmp(p + n - 6, ".scope", 6) == 0) {
1547 char buf[n - 8 - 6 + 1];
1548
1549 memcpy(buf, p + 8, n - 8 - 6);
1550 buf[n - 8 - 6] = 0;
1551
1552 /* Note that session scopes never need unescaping,
1553 * since they cannot conflict with the kernel's own
1554 * names, hence we don't need to call cg_unescape()
1555 * here. */
1556
1557 if (!session_id_valid(buf))
1558 return false;
1559
1560 p += n;
1561 p += strspn(p, "/");
1562 return p;
1563 }
1564
1565 return NULL;
1566 }
1567
1568 /**
1569 * Skip user@*.service, but require it to be there.
1570 */
1571 static const char *skip_user_manager(const char *p) {
1572 size_t n;
1573
1574 if (isempty(p))
1575 return NULL;
1576
1577 p += strspn(p, "/");
1578
1579 n = strcspn(p, "/");
1580 if (n < STRLEN("user@x.service"))
1581 return NULL;
1582
1583 if (memcmp(p, "user@", 5) == 0 && memcmp(p + n - 8, ".service", 8) == 0) {
1584 char buf[n - 5 - 8 + 1];
1585
1586 memcpy(buf, p + 5, n - 5 - 8);
1587 buf[n - 5 - 8] = 0;
1588
1589 /* Note that user manager services never need unescaping,
1590 * since they cannot conflict with the kernel's own
1591 * names, hence we don't need to call cg_unescape()
1592 * here. */
1593
1594 if (parse_uid(buf, NULL) < 0)
1595 return NULL;
1596
1597 p += n;
1598 p += strspn(p, "/");
1599
1600 return p;
1601 }
1602
1603 return NULL;
1604 }
1605
1606 static const char *skip_user_prefix(const char *path) {
1607 const char *e, *t;
1608
1609 assert(path);
1610
1611 /* Skip slices, if there are any */
1612 e = skip_slices(path);
1613
1614 /* Skip the user manager, if it's in the path now... */
1615 t = skip_user_manager(e);
1616 if (t)
1617 return t;
1618
1619 /* Alternatively skip the user session if it is in the path... */
1620 return skip_session(e);
1621 }
1622
1623 int cg_path_get_user_unit(const char *path, char **ret) {
1624 const char *t;
1625
1626 assert(path);
1627 assert(ret);
1628
1629 t = skip_user_prefix(path);
1630 if (!t)
1631 return -ENXIO;
1632
1633 /* And from here on it looks pretty much the same as for a
1634 * system unit, hence let's use the same parser from here
1635 * on. */
1636 return cg_path_get_unit(t, ret);
1637 }
1638
1639 int cg_pid_get_user_unit(pid_t pid, char **unit) {
1640 _cleanup_free_ char *cgroup = NULL;
1641 int r;
1642
1643 assert(unit);
1644
1645 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1646 if (r < 0)
1647 return r;
1648
1649 return cg_path_get_user_unit(cgroup, unit);
1650 }
1651
1652 int cg_path_get_machine_name(const char *path, char **machine) {
1653 _cleanup_free_ char *u = NULL;
1654 const char *sl;
1655 int r;
1656
1657 r = cg_path_get_unit(path, &u);
1658 if (r < 0)
1659 return r;
1660
1661 sl = strjoina("/run/systemd/machines/unit:", u);
1662 return readlink_malloc(sl, machine);
1663 }
1664
1665 int cg_pid_get_machine_name(pid_t pid, char **machine) {
1666 _cleanup_free_ char *cgroup = NULL;
1667 int r;
1668
1669 assert(machine);
1670
1671 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1672 if (r < 0)
1673 return r;
1674
1675 return cg_path_get_machine_name(cgroup, machine);
1676 }
1677
1678 int cg_path_get_session(const char *path, char **session) {
1679 _cleanup_free_ char *unit = NULL;
1680 char *start, *end;
1681 int r;
1682
1683 assert(path);
1684
1685 r = cg_path_get_unit(path, &unit);
1686 if (r < 0)
1687 return r;
1688
1689 start = startswith(unit, "session-");
1690 if (!start)
1691 return -ENXIO;
1692 end = endswith(start, ".scope");
1693 if (!end)
1694 return -ENXIO;
1695
1696 *end = 0;
1697 if (!session_id_valid(start))
1698 return -ENXIO;
1699
1700 if (session) {
1701 char *rr;
1702
1703 rr = strdup(start);
1704 if (!rr)
1705 return -ENOMEM;
1706
1707 *session = rr;
1708 }
1709
1710 return 0;
1711 }
1712
1713 int cg_pid_get_session(pid_t pid, char **session) {
1714 _cleanup_free_ char *cgroup = NULL;
1715 int r;
1716
1717 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1718 if (r < 0)
1719 return r;
1720
1721 return cg_path_get_session(cgroup, session);
1722 }
1723
1724 int cg_path_get_owner_uid(const char *path, uid_t *uid) {
1725 _cleanup_free_ char *slice = NULL;
1726 char *start, *end;
1727 int r;
1728
1729 assert(path);
1730
1731 r = cg_path_get_slice(path, &slice);
1732 if (r < 0)
1733 return r;
1734
1735 start = startswith(slice, "user-");
1736 if (!start)
1737 return -ENXIO;
1738 end = endswith(start, ".slice");
1739 if (!end)
1740 return -ENXIO;
1741
1742 *end = 0;
1743 if (parse_uid(start, uid) < 0)
1744 return -ENXIO;
1745
1746 return 0;
1747 }
1748
1749 int cg_pid_get_owner_uid(pid_t pid, uid_t *uid) {
1750 _cleanup_free_ char *cgroup = NULL;
1751 int r;
1752
1753 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1754 if (r < 0)
1755 return r;
1756
1757 return cg_path_get_owner_uid(cgroup, uid);
1758 }
1759
1760 int cg_path_get_slice(const char *p, char **slice) {
1761 const char *e = NULL;
1762
1763 assert(p);
1764 assert(slice);
1765
1766 /* Finds the right-most slice unit from the beginning, but
1767 * stops before we come to the first non-slice unit. */
1768
1769 for (;;) {
1770 size_t n;
1771
1772 p += strspn(p, "/");
1773
1774 n = strcspn(p, "/");
1775 if (!valid_slice_name(p, n)) {
1776
1777 if (!e) {
1778 char *s;
1779
1780 s = strdup(SPECIAL_ROOT_SLICE);
1781 if (!s)
1782 return -ENOMEM;
1783
1784 *slice = s;
1785 return 0;
1786 }
1787
1788 return cg_path_decode_unit(e, slice);
1789 }
1790
1791 e = p;
1792 p += n;
1793 }
1794 }
1795
1796 int cg_pid_get_slice(pid_t pid, char **slice) {
1797 _cleanup_free_ char *cgroup = NULL;
1798 int r;
1799
1800 assert(slice);
1801
1802 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1803 if (r < 0)
1804 return r;
1805
1806 return cg_path_get_slice(cgroup, slice);
1807 }
1808
1809 int cg_path_get_user_slice(const char *p, char **slice) {
1810 const char *t;
1811 assert(p);
1812 assert(slice);
1813
1814 t = skip_user_prefix(p);
1815 if (!t)
1816 return -ENXIO;
1817
1818 /* And now it looks pretty much the same as for a system
1819 * slice, so let's just use the same parser from here on. */
1820 return cg_path_get_slice(t, slice);
1821 }
1822
1823 int cg_pid_get_user_slice(pid_t pid, char **slice) {
1824 _cleanup_free_ char *cgroup = NULL;
1825 int r;
1826
1827 assert(slice);
1828
1829 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1830 if (r < 0)
1831 return r;
1832
1833 return cg_path_get_user_slice(cgroup, slice);
1834 }
1835
1836 char *cg_escape(const char *p) {
1837 bool need_prefix = false;
1838
1839 /* This implements very minimal escaping for names to be used
1840 * as file names in the cgroup tree: any name which might
1841 * conflict with a kernel name or is prefixed with '_' is
1842 * prefixed with a '_'. That way, when reading cgroup names it
1843 * is sufficient to remove a single prefixing underscore if
1844 * there is one. */
1845
1846 /* The return value of this function (unlike cg_unescape())
1847 * needs free()! */
1848
1849 if (IN_SET(p[0], 0, '_', '.') ||
1850 streq(p, "notify_on_release") ||
1851 streq(p, "release_agent") ||
1852 streq(p, "tasks") ||
1853 startswith(p, "cgroup."))
1854 need_prefix = true;
1855 else {
1856 const char *dot;
1857
1858 dot = strrchr(p, '.');
1859 if (dot) {
1860 CGroupController c;
1861 size_t l = dot - p;
1862
1863 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
1864 const char *n;
1865
1866 n = cgroup_controller_to_string(c);
1867
1868 if (l != strlen(n))
1869 continue;
1870
1871 if (memcmp(p, n, l) != 0)
1872 continue;
1873
1874 need_prefix = true;
1875 break;
1876 }
1877 }
1878 }
1879
1880 if (need_prefix)
1881 return strappend("_", p);
1882
1883 return strdup(p);
1884 }
1885
1886 char *cg_unescape(const char *p) {
1887 assert(p);
1888
1889 /* The return value of this function (unlike cg_escape())
1890 * doesn't need free()! */
1891
1892 if (p[0] == '_')
1893 return (char*) p+1;
1894
1895 return (char*) p;
1896 }
1897
1898 #define CONTROLLER_VALID \
1899 DIGITS LETTERS \
1900 "_"
1901
1902 bool cg_controller_is_valid(const char *p) {
1903 const char *t, *s;
1904
1905 if (!p)
1906 return false;
1907
1908 if (streq(p, SYSTEMD_CGROUP_CONTROLLER))
1909 return true;
1910
1911 s = startswith(p, "name=");
1912 if (s)
1913 p = s;
1914
1915 if (IN_SET(*p, 0, '_'))
1916 return false;
1917
1918 for (t = p; *t; t++)
1919 if (!strchr(CONTROLLER_VALID, *t))
1920 return false;
1921
1922 if (t - p > FILENAME_MAX)
1923 return false;
1924
1925 return true;
1926 }
1927
1928 int cg_slice_to_path(const char *unit, char **ret) {
1929 _cleanup_free_ char *p = NULL, *s = NULL, *e = NULL;
1930 const char *dash;
1931 int r;
1932
1933 assert(unit);
1934 assert(ret);
1935
1936 if (streq(unit, SPECIAL_ROOT_SLICE)) {
1937 char *x;
1938
1939 x = strdup("");
1940 if (!x)
1941 return -ENOMEM;
1942 *ret = x;
1943 return 0;
1944 }
1945
1946 if (!unit_name_is_valid(unit, UNIT_NAME_PLAIN))
1947 return -EINVAL;
1948
1949 if (!endswith(unit, ".slice"))
1950 return -EINVAL;
1951
1952 r = unit_name_to_prefix(unit, &p);
1953 if (r < 0)
1954 return r;
1955
1956 dash = strchr(p, '-');
1957
1958 /* Don't allow initial dashes */
1959 if (dash == p)
1960 return -EINVAL;
1961
1962 while (dash) {
1963 _cleanup_free_ char *escaped = NULL;
1964 char n[dash - p + sizeof(".slice")];
1965
1966 #if HAS_FEATURE_MEMORY_SANITIZER
1967 /* msan doesn't instrument stpncpy, so it thinks
1968 * n is later used unitialized:
1969 * https://github.com/google/sanitizers/issues/926
1970 */
1971 zero(n);
1972 #endif
1973
1974 /* Don't allow trailing or double dashes */
1975 if (IN_SET(dash[1], 0, '-'))
1976 return -EINVAL;
1977
1978 strcpy(stpncpy(n, p, dash - p), ".slice");
1979 if (!unit_name_is_valid(n, UNIT_NAME_PLAIN))
1980 return -EINVAL;
1981
1982 escaped = cg_escape(n);
1983 if (!escaped)
1984 return -ENOMEM;
1985
1986 if (!strextend(&s, escaped, "/", NULL))
1987 return -ENOMEM;
1988
1989 dash = strchr(dash+1, '-');
1990 }
1991
1992 e = cg_escape(unit);
1993 if (!e)
1994 return -ENOMEM;
1995
1996 if (!strextend(&s, e, NULL))
1997 return -ENOMEM;
1998
1999 *ret = TAKE_PTR(s);
2000
2001 return 0;
2002 }
2003
2004 int cg_set_attribute(const char *controller, const char *path, const char *attribute, const char *value) {
2005 _cleanup_free_ char *p = NULL;
2006 int r;
2007
2008 r = cg_get_path(controller, path, attribute, &p);
2009 if (r < 0)
2010 return r;
2011
2012 return write_string_file(p, value, 0);
2013 }
2014
2015 int cg_get_attribute(const char *controller, const char *path, const char *attribute, char **ret) {
2016 _cleanup_free_ char *p = NULL;
2017 int r;
2018
2019 r = cg_get_path(controller, path, attribute, &p);
2020 if (r < 0)
2021 return r;
2022
2023 return read_one_line_file(p, ret);
2024 }
2025
2026 int cg_get_keyed_attribute(
2027 const char *controller,
2028 const char *path,
2029 const char *attribute,
2030 char **keys,
2031 char **ret_values) {
2032
2033 _cleanup_free_ char *filename = NULL, *contents = NULL;
2034 const char *p;
2035 size_t n, i, n_done = 0;
2036 char **v;
2037 int r;
2038
2039 /* Reads one or more fields of a cgroupsv2 keyed attribute file. The 'keys' parameter should be an strv with
2040 * all keys to retrieve. The 'ret_values' parameter should be passed as string size with the same number of
2041 * entries as 'keys'. On success each entry will be set to the value of the matching key.
2042 *
2043 * If the attribute file doesn't exist at all returns ENOENT, if any key is not found returns ENXIO. */
2044
2045 r = cg_get_path(controller, path, attribute, &filename);
2046 if (r < 0)
2047 return r;
2048
2049 r = read_full_file(filename, &contents, NULL);
2050 if (r < 0)
2051 return r;
2052
2053 n = strv_length(keys);
2054 if (n == 0) /* No keys to retrieve? That's easy, we are done then */
2055 return 0;
2056
2057 /* Let's build this up in a temporary array for now in order not to clobber the return parameter on failure */
2058 v = newa0(char*, n);
2059
2060 for (p = contents; *p;) {
2061 const char *w = NULL;
2062
2063 for (i = 0; i < n; i++)
2064 if (!v[i]) {
2065 w = first_word(p, keys[i]);
2066 if (w)
2067 break;
2068 }
2069
2070 if (w) {
2071 size_t l;
2072
2073 l = strcspn(w, NEWLINE);
2074 v[i] = strndup(w, l);
2075 if (!v[i]) {
2076 r = -ENOMEM;
2077 goto fail;
2078 }
2079
2080 n_done++;
2081 if (n_done >= n)
2082 goto done;
2083
2084 p = w + l;
2085 } else
2086 p += strcspn(p, NEWLINE);
2087
2088 p += strspn(p, NEWLINE);
2089 }
2090
2091 r = -ENXIO;
2092
2093 fail:
2094 for (i = 0; i < n; i++)
2095 free(v[i]);
2096
2097 return r;
2098
2099 done:
2100 memcpy(ret_values, v, sizeof(char*) * n);
2101 return 0;
2102
2103 }
2104
2105 int cg_create_everywhere(CGroupMask supported, CGroupMask mask, const char *path) {
2106 CGroupController c;
2107 int r;
2108
2109 /* This one will create a cgroup in our private tree, but also
2110 * duplicate it in the trees specified in mask, and remove it
2111 * in all others */
2112
2113 /* First create the cgroup in our own hierarchy. */
2114 r = cg_create(SYSTEMD_CGROUP_CONTROLLER, path);
2115 if (r < 0)
2116 return r;
2117
2118 /* If we are in the unified hierarchy, we are done now */
2119 r = cg_all_unified();
2120 if (r < 0)
2121 return r;
2122 if (r > 0)
2123 return 0;
2124
2125 /* Otherwise, do the same in the other hierarchies */
2126 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2127 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2128 const char *n;
2129
2130 n = cgroup_controller_to_string(c);
2131
2132 if (mask & bit)
2133 (void) cg_create(n, path);
2134 else if (supported & bit)
2135 (void) cg_trim(n, path, true);
2136 }
2137
2138 return 0;
2139 }
2140
2141 int cg_attach_everywhere(CGroupMask supported, const char *path, pid_t pid, cg_migrate_callback_t path_callback, void *userdata) {
2142 CGroupController c;
2143 int r;
2144
2145 r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, path, pid);
2146 if (r < 0)
2147 return r;
2148
2149 r = cg_all_unified();
2150 if (r < 0)
2151 return r;
2152 if (r > 0)
2153 return 0;
2154
2155 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2156 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2157 const char *p = NULL;
2158
2159 if (!(supported & bit))
2160 continue;
2161
2162 if (path_callback)
2163 p = path_callback(bit, userdata);
2164
2165 if (!p)
2166 p = path;
2167
2168 (void) cg_attach_fallback(cgroup_controller_to_string(c), p, pid);
2169 }
2170
2171 return 0;
2172 }
2173
2174 int cg_attach_many_everywhere(CGroupMask supported, const char *path, Set* pids, cg_migrate_callback_t path_callback, void *userdata) {
2175 Iterator i;
2176 void *pidp;
2177 int r = 0;
2178
2179 SET_FOREACH(pidp, pids, i) {
2180 pid_t pid = PTR_TO_PID(pidp);
2181 int q;
2182
2183 q = cg_attach_everywhere(supported, path, pid, path_callback, userdata);
2184 if (q < 0 && r >= 0)
2185 r = q;
2186 }
2187
2188 return r;
2189 }
2190
2191 int cg_migrate_everywhere(CGroupMask supported, const char *from, const char *to, cg_migrate_callback_t to_callback, void *userdata) {
2192 CGroupController c;
2193 int r = 0, q;
2194
2195 if (!path_equal(from, to)) {
2196 r = cg_migrate_recursive(SYSTEMD_CGROUP_CONTROLLER, from, SYSTEMD_CGROUP_CONTROLLER, to, CGROUP_REMOVE);
2197 if (r < 0)
2198 return r;
2199 }
2200
2201 q = cg_all_unified();
2202 if (q < 0)
2203 return q;
2204 if (q > 0)
2205 return r;
2206
2207 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2208 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2209 const char *p = NULL;
2210
2211 if (!(supported & bit))
2212 continue;
2213
2214 if (to_callback)
2215 p = to_callback(bit, userdata);
2216
2217 if (!p)
2218 p = to;
2219
2220 (void) cg_migrate_recursive_fallback(SYSTEMD_CGROUP_CONTROLLER, to, cgroup_controller_to_string(c), p, 0);
2221 }
2222
2223 return 0;
2224 }
2225
2226 int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root) {
2227 CGroupController c;
2228 int r, q;
2229
2230 r = cg_trim(SYSTEMD_CGROUP_CONTROLLER, path, delete_root);
2231 if (r < 0)
2232 return r;
2233
2234 q = cg_all_unified();
2235 if (q < 0)
2236 return q;
2237 if (q > 0)
2238 return r;
2239
2240 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2241 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2242
2243 if (!(supported & bit))
2244 continue;
2245
2246 (void) cg_trim(cgroup_controller_to_string(c), path, delete_root);
2247 }
2248
2249 return 0;
2250 }
2251
2252 int cg_mask_to_string(CGroupMask mask, char **ret) {
2253 _cleanup_free_ char *s = NULL;
2254 size_t n = 0, allocated = 0;
2255 bool space = false;
2256 CGroupController c;
2257
2258 assert(ret);
2259
2260 if (mask == 0) {
2261 *ret = NULL;
2262 return 0;
2263 }
2264
2265 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2266 const char *k;
2267 size_t l;
2268
2269 if (!(mask & CGROUP_CONTROLLER_TO_MASK(c)))
2270 continue;
2271
2272 k = cgroup_controller_to_string(c);
2273 l = strlen(k);
2274
2275 if (!GREEDY_REALLOC(s, allocated, n + space + l + 1))
2276 return -ENOMEM;
2277
2278 if (space)
2279 s[n] = ' ';
2280 memcpy(s + n + space, k, l);
2281 n += space + l;
2282
2283 space = true;
2284 }
2285
2286 assert(s);
2287
2288 s[n] = 0;
2289 *ret = TAKE_PTR(s);
2290
2291 return 0;
2292 }
2293
2294 int cg_mask_from_string(const char *value, CGroupMask *mask) {
2295 assert(mask);
2296 assert(value);
2297
2298 for (;;) {
2299 _cleanup_free_ char *n = NULL;
2300 CGroupController v;
2301 int r;
2302
2303 r = extract_first_word(&value, &n, NULL, 0);
2304 if (r < 0)
2305 return r;
2306 if (r == 0)
2307 break;
2308
2309 v = cgroup_controller_from_string(n);
2310 if (v < 0)
2311 continue;
2312
2313 *mask |= CGROUP_CONTROLLER_TO_MASK(v);
2314 }
2315 return 0;
2316 }
2317
2318 int cg_mask_supported(CGroupMask *ret) {
2319 CGroupMask mask = 0;
2320 int r;
2321
2322 /* Determines the mask of supported cgroup controllers. Only
2323 * includes controllers we can make sense of and that are
2324 * actually accessible. */
2325
2326 r = cg_all_unified();
2327 if (r < 0)
2328 return r;
2329 if (r > 0) {
2330 _cleanup_free_ char *root = NULL, *controllers = NULL, *path = NULL;
2331
2332 /* In the unified hierarchy we can read the supported
2333 * and accessible controllers from a the top-level
2334 * cgroup attribute */
2335
2336 r = cg_get_root_path(&root);
2337 if (r < 0)
2338 return r;
2339
2340 r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, root, "cgroup.controllers", &path);
2341 if (r < 0)
2342 return r;
2343
2344 r = read_one_line_file(path, &controllers);
2345 if (r < 0)
2346 return r;
2347
2348 r = cg_mask_from_string(controllers, &mask);
2349 if (r < 0)
2350 return r;
2351
2352 /* Currently, we support the cpu, memory, io and pids
2353 * controller in the unified hierarchy, mask
2354 * everything else off. */
2355 mask &= CGROUP_MASK_CPU | CGROUP_MASK_MEMORY | CGROUP_MASK_IO | CGROUP_MASK_PIDS;
2356
2357 } else {
2358 CGroupController c;
2359
2360 /* In the legacy hierarchy, we check whether which
2361 * hierarchies are mounted. */
2362
2363 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2364 const char *n;
2365
2366 n = cgroup_controller_to_string(c);
2367 if (controller_is_accessible(n) >= 0)
2368 mask |= CGROUP_CONTROLLER_TO_MASK(c);
2369 }
2370 }
2371
2372 *ret = mask;
2373 return 0;
2374 }
2375
2376 int cg_kernel_controllers(Set **ret) {
2377 _cleanup_set_free_free_ Set *controllers = NULL;
2378 _cleanup_fclose_ FILE *f = NULL;
2379 int r;
2380
2381 assert(ret);
2382
2383 /* Determines the full list of kernel-known controllers. Might
2384 * include controllers we don't actually support, arbitrary
2385 * named hierarchies and controllers that aren't currently
2386 * accessible (because not mounted). */
2387
2388 controllers = set_new(&string_hash_ops);
2389 if (!controllers)
2390 return -ENOMEM;
2391
2392 f = fopen("/proc/cgroups", "re");
2393 if (!f) {
2394 if (errno == ENOENT) {
2395 *ret = NULL;
2396 return 0;
2397 }
2398
2399 return -errno;
2400 }
2401
2402 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
2403
2404 /* Ignore the header line */
2405 (void) read_line(f, (size_t) -1, NULL);
2406
2407 for (;;) {
2408 char *controller;
2409 int enabled = 0;
2410
2411 errno = 0;
2412 if (fscanf(f, "%ms %*i %*i %i", &controller, &enabled) != 2) {
2413
2414 if (feof(f))
2415 break;
2416
2417 if (ferror(f) && errno > 0)
2418 return -errno;
2419
2420 return -EBADMSG;
2421 }
2422
2423 if (!enabled) {
2424 free(controller);
2425 continue;
2426 }
2427
2428 if (!cg_controller_is_valid(controller)) {
2429 free(controller);
2430 return -EBADMSG;
2431 }
2432
2433 r = set_consume(controllers, controller);
2434 if (r < 0)
2435 return r;
2436 }
2437
2438 *ret = TAKE_PTR(controllers);
2439
2440 return 0;
2441 }
2442
2443 static thread_local CGroupUnified unified_cache = CGROUP_UNIFIED_UNKNOWN;
2444
2445 /* The hybrid mode was initially implemented in v232 and simply mounted cgroup v2 on /sys/fs/cgroup/systemd. This
2446 * unfortunately broke other tools (such as docker) which expected the v1 "name=systemd" hierarchy on
2447 * /sys/fs/cgroup/systemd. From v233 and on, the hybrid mode mountnbs v2 on /sys/fs/cgroup/unified and maintains
2448 * "name=systemd" hierarchy on /sys/fs/cgroup/systemd for compatibility with other tools.
2449 *
2450 * To keep live upgrade working, we detect and support v232 layout. When v232 layout is detected, to keep cgroup v2
2451 * process management but disable the compat dual layout, we return %true on
2452 * cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) and %false on cg_hybrid_unified().
2453 */
2454 static thread_local bool unified_systemd_v232;
2455
2456 static int cg_unified_update(void) {
2457
2458 struct statfs fs;
2459
2460 /* Checks if we support the unified hierarchy. Returns an
2461 * error when the cgroup hierarchies aren't mounted yet or we
2462 * have any other trouble determining if the unified hierarchy
2463 * is supported. */
2464
2465 if (unified_cache >= CGROUP_UNIFIED_NONE)
2466 return 0;
2467
2468 if (statfs("/sys/fs/cgroup/", &fs) < 0)
2469 return log_debug_errno(errno, "statfs(\"/sys/fs/cgroup/\") failed: %m");
2470
2471 if (F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC)) {
2472 log_debug("Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy");
2473 unified_cache = CGROUP_UNIFIED_ALL;
2474 } else if (F_TYPE_EQUAL(fs.f_type, TMPFS_MAGIC)) {
2475 if (statfs("/sys/fs/cgroup/unified/", &fs) == 0 &&
2476 F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC)) {
2477 log_debug("Found cgroup2 on /sys/fs/cgroup/unified, unified hierarchy for systemd controller");
2478 unified_cache = CGROUP_UNIFIED_SYSTEMD;
2479 unified_systemd_v232 = false;
2480 } else {
2481 if (statfs("/sys/fs/cgroup/systemd/", &fs) < 0)
2482 return log_debug_errno(errno, "statfs(\"/sys/fs/cgroup/systemd\" failed: %m");
2483
2484 if (F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC)) {
2485 log_debug("Found cgroup2 on /sys/fs/cgroup/systemd, unified hierarchy for systemd controller (v232 variant)");
2486 unified_cache = CGROUP_UNIFIED_SYSTEMD;
2487 unified_systemd_v232 = true;
2488 } else if (F_TYPE_EQUAL(fs.f_type, CGROUP_SUPER_MAGIC)) {
2489 log_debug("Found cgroup on /sys/fs/cgroup/systemd, legacy hierarchy");
2490 unified_cache = CGROUP_UNIFIED_NONE;
2491 } else {
2492 log_debug("Unexpected filesystem type %llx mounted on /sys/fs/cgroup/systemd, assuming legacy hierarchy",
2493 (unsigned long long) fs.f_type);
2494 unified_cache = CGROUP_UNIFIED_NONE;
2495 }
2496 }
2497 } else {
2498 log_debug("Unknown filesystem type %llx mounted on /sys/fs/cgroup.",
2499 (unsigned long long) fs.f_type);
2500 return -ENOMEDIUM;
2501 }
2502
2503 return 0;
2504 }
2505
2506 int cg_unified_controller(const char *controller) {
2507 int r;
2508
2509 r = cg_unified_update();
2510 if (r < 0)
2511 return r;
2512
2513 if (unified_cache == CGROUP_UNIFIED_NONE)
2514 return false;
2515
2516 if (unified_cache >= CGROUP_UNIFIED_ALL)
2517 return true;
2518
2519 return streq_ptr(controller, SYSTEMD_CGROUP_CONTROLLER);
2520 }
2521
2522 int cg_all_unified(void) {
2523 int r;
2524
2525 r = cg_unified_update();
2526 if (r < 0)
2527 return r;
2528
2529 return unified_cache >= CGROUP_UNIFIED_ALL;
2530 }
2531
2532 int cg_hybrid_unified(void) {
2533 int r;
2534
2535 r = cg_unified_update();
2536 if (r < 0)
2537 return r;
2538
2539 return unified_cache == CGROUP_UNIFIED_SYSTEMD && !unified_systemd_v232;
2540 }
2541
2542 int cg_unified_flush(void) {
2543 unified_cache = CGROUP_UNIFIED_UNKNOWN;
2544
2545 return cg_unified_update();
2546 }
2547
2548 int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p) {
2549 _cleanup_fclose_ FILE *f = NULL;
2550 _cleanup_free_ char *fs = NULL;
2551 CGroupController c;
2552 int r;
2553
2554 assert(p);
2555
2556 if (supported == 0)
2557 return 0;
2558
2559 r = cg_all_unified();
2560 if (r < 0)
2561 return r;
2562 if (r == 0) /* on the legacy hiearchy there's no joining of controllers defined */
2563 return 0;
2564
2565 r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, p, "cgroup.subtree_control", &fs);
2566 if (r < 0)
2567 return r;
2568
2569 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2570 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2571 const char *n;
2572
2573 if (!(supported & bit))
2574 continue;
2575
2576 n = cgroup_controller_to_string(c);
2577 {
2578 char s[1 + strlen(n) + 1];
2579
2580 s[0] = mask & bit ? '+' : '-';
2581 strcpy(s + 1, n);
2582
2583 if (!f) {
2584 f = fopen(fs, "we");
2585 if (!f) {
2586 log_debug_errno(errno, "Failed to open cgroup.subtree_control file of %s: %m", p);
2587 break;
2588 }
2589 }
2590
2591 r = write_string_stream(f, s, 0);
2592 if (r < 0)
2593 log_debug_errno(r, "Failed to enable controller %s for %s (%s): %m", n, p, fs);
2594 }
2595 }
2596
2597 return 0;
2598 }
2599
2600 bool cg_is_unified_wanted(void) {
2601 static thread_local int wanted = -1;
2602 int r;
2603 bool b;
2604 const bool is_default = DEFAULT_HIERARCHY == CGROUP_UNIFIED_ALL;
2605
2606 /* If we have a cached value, return that. */
2607 if (wanted >= 0)
2608 return wanted;
2609
2610 /* If the hierarchy is already mounted, then follow whatever
2611 * was chosen for it. */
2612 if (cg_unified_flush() >= 0)
2613 return (wanted = unified_cache >= CGROUP_UNIFIED_ALL);
2614
2615 /* Otherwise, let's see what the kernel command line has to say.
2616 * Since checking is expensive, cache a non-error result. */
2617 r = proc_cmdline_get_bool("systemd.unified_cgroup_hierarchy", &b);
2618
2619 return (wanted = r > 0 ? b : is_default);
2620 }
2621
2622 bool cg_is_legacy_wanted(void) {
2623 static thread_local int wanted = -1;
2624
2625 /* If we have a cached value, return that. */
2626 if (wanted >= 0)
2627 return wanted;
2628
2629 /* Check if we have cgroups2 already mounted. */
2630 if (cg_unified_flush() >= 0 &&
2631 unified_cache == CGROUP_UNIFIED_ALL)
2632 return (wanted = false);
2633
2634 /* Otherwise, assume that at least partial legacy is wanted,
2635 * since cgroups2 should already be mounted at this point. */
2636 return (wanted = true);
2637 }
2638
2639 bool cg_is_hybrid_wanted(void) {
2640 static thread_local int wanted = -1;
2641 int r;
2642 bool b;
2643 const bool is_default = DEFAULT_HIERARCHY >= CGROUP_UNIFIED_SYSTEMD;
2644 /* We default to true if the default is "hybrid", obviously,
2645 * but also when the default is "unified", because if we get
2646 * called, it means that unified hierarchy was not mounted. */
2647
2648 /* If we have a cached value, return that. */
2649 if (wanted >= 0)
2650 return wanted;
2651
2652 /* If the hierarchy is already mounted, then follow whatever
2653 * was chosen for it. */
2654 if (cg_unified_flush() >= 0 &&
2655 unified_cache == CGROUP_UNIFIED_ALL)
2656 return (wanted = false);
2657
2658 /* Otherwise, let's see what the kernel command line has to say.
2659 * Since checking is expensive, cache a non-error result. */
2660 r = proc_cmdline_get_bool("systemd.legacy_systemd_cgroup_controller", &b);
2661
2662 /* The meaning of the kernel option is reversed wrt. to the return value
2663 * of this function, hence the negation. */
2664 return (wanted = r > 0 ? !b : is_default);
2665 }
2666
2667 int cg_weight_parse(const char *s, uint64_t *ret) {
2668 uint64_t u;
2669 int r;
2670
2671 if (isempty(s)) {
2672 *ret = CGROUP_WEIGHT_INVALID;
2673 return 0;
2674 }
2675
2676 r = safe_atou64(s, &u);
2677 if (r < 0)
2678 return r;
2679
2680 if (u < CGROUP_WEIGHT_MIN || u > CGROUP_WEIGHT_MAX)
2681 return -ERANGE;
2682
2683 *ret = u;
2684 return 0;
2685 }
2686
2687 const uint64_t cgroup_io_limit_defaults[_CGROUP_IO_LIMIT_TYPE_MAX] = {
2688 [CGROUP_IO_RBPS_MAX] = CGROUP_LIMIT_MAX,
2689 [CGROUP_IO_WBPS_MAX] = CGROUP_LIMIT_MAX,
2690 [CGROUP_IO_RIOPS_MAX] = CGROUP_LIMIT_MAX,
2691 [CGROUP_IO_WIOPS_MAX] = CGROUP_LIMIT_MAX,
2692 };
2693
2694 static const char* const cgroup_io_limit_type_table[_CGROUP_IO_LIMIT_TYPE_MAX] = {
2695 [CGROUP_IO_RBPS_MAX] = "IOReadBandwidthMax",
2696 [CGROUP_IO_WBPS_MAX] = "IOWriteBandwidthMax",
2697 [CGROUP_IO_RIOPS_MAX] = "IOReadIOPSMax",
2698 [CGROUP_IO_WIOPS_MAX] = "IOWriteIOPSMax",
2699 };
2700
2701 DEFINE_STRING_TABLE_LOOKUP(cgroup_io_limit_type, CGroupIOLimitType);
2702
2703 int cg_cpu_shares_parse(const char *s, uint64_t *ret) {
2704 uint64_t u;
2705 int r;
2706
2707 if (isempty(s)) {
2708 *ret = CGROUP_CPU_SHARES_INVALID;
2709 return 0;
2710 }
2711
2712 r = safe_atou64(s, &u);
2713 if (r < 0)
2714 return r;
2715
2716 if (u < CGROUP_CPU_SHARES_MIN || u > CGROUP_CPU_SHARES_MAX)
2717 return -ERANGE;
2718
2719 *ret = u;
2720 return 0;
2721 }
2722
2723 int cg_blkio_weight_parse(const char *s, uint64_t *ret) {
2724 uint64_t u;
2725 int r;
2726
2727 if (isempty(s)) {
2728 *ret = CGROUP_BLKIO_WEIGHT_INVALID;
2729 return 0;
2730 }
2731
2732 r = safe_atou64(s, &u);
2733 if (r < 0)
2734 return r;
2735
2736 if (u < CGROUP_BLKIO_WEIGHT_MIN || u > CGROUP_BLKIO_WEIGHT_MAX)
2737 return -ERANGE;
2738
2739 *ret = u;
2740 return 0;
2741 }
2742
2743 bool is_cgroup_fs(const struct statfs *s) {
2744 return is_fs_type(s, CGROUP_SUPER_MAGIC) ||
2745 is_fs_type(s, CGROUP2_SUPER_MAGIC);
2746 }
2747
2748 bool fd_is_cgroup_fs(int fd) {
2749 struct statfs s;
2750
2751 if (fstatfs(fd, &s) < 0)
2752 return -errno;
2753
2754 return is_cgroup_fs(&s);
2755 }
2756
2757 static const char *cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = {
2758 [CGROUP_CONTROLLER_CPU] = "cpu",
2759 [CGROUP_CONTROLLER_CPUACCT] = "cpuacct",
2760 [CGROUP_CONTROLLER_IO] = "io",
2761 [CGROUP_CONTROLLER_BLKIO] = "blkio",
2762 [CGROUP_CONTROLLER_MEMORY] = "memory",
2763 [CGROUP_CONTROLLER_DEVICES] = "devices",
2764 [CGROUP_CONTROLLER_PIDS] = "pids",
2765 };
2766
2767 DEFINE_STRING_TABLE_LOOKUP(cgroup_controller, CGroupController);
Unnamed repository; edit this file 'description' to name the repository.