]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/cgroup-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #6917 from keszybz/restore-some-tests
[thirdparty/systemd.git] / src / basic / cgroup-util.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2010 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <dirent.h>
21 #include <errno.h>
22 #include <ftw.h>
23 #include <limits.h>
24 #include <signal.h>
25 #include <stddef.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <sys/stat.h>
29 #include <sys/statfs.h>
30 #include <sys/types.h>
31 #include <sys/xattr.h>
32 #include <unistd.h>
33
34 #include "alloc-util.h"
35 #include "cgroup-util.h"
36 #include "def.h"
37 #include "dirent-util.h"
38 #include "extract-word.h"
39 #include "fd-util.h"
40 #include "fileio.h"
41 #include "format-util.h"
42 #include "fs-util.h"
43 #include "log.h"
44 #include "login-util.h"
45 #include "macro.h"
46 #include "missing.h"
47 #include "mkdir.h"
48 #include "parse-util.h"
49 #include "path-util.h"
50 #include "proc-cmdline.h"
51 #include "process-util.h"
52 #include "set.h"
53 #include "special.h"
54 #include "stat-util.h"
55 #include "stdio-util.h"
56 #include "string-table.h"
57 #include "string-util.h"
58 #include "strv.h"
59 #include "unit-name.h"
60 #include "user-util.h"
61
62 int cg_enumerate_processes(const char *controller, const char *path, FILE **_f) {
63 _cleanup_free_ char *fs = NULL;
64 FILE *f;
65 int r;
66
67 assert(_f);
68
69 r = cg_get_path(controller, path, "cgroup.procs", &fs);
70 if (r < 0)
71 return r;
72
73 f = fopen(fs, "re");
74 if (!f)
75 return -errno;
76
77 *_f = f;
78 return 0;
79 }
80
81 int cg_read_pid(FILE *f, pid_t *_pid) {
82 unsigned long ul;
83
84 /* Note that the cgroup.procs might contain duplicates! See
85 * cgroups.txt for details. */
86
87 assert(f);
88 assert(_pid);
89
90 errno = 0;
91 if (fscanf(f, "%lu", &ul) != 1) {
92
93 if (feof(f))
94 return 0;
95
96 return errno > 0 ? -errno : -EIO;
97 }
98
99 if (ul <= 0)
100 return -EIO;
101
102 *_pid = (pid_t) ul;
103 return 1;
104 }
105
106 int cg_read_event(const char *controller, const char *path, const char *event,
107 char **val)
108 {
109 _cleanup_free_ char *events = NULL, *content = NULL;
110 char *p, *line;
111 int r;
112
113 r = cg_get_path(controller, path, "cgroup.events", &events);
114 if (r < 0)
115 return r;
116
117 r = read_full_file(events, &content, NULL);
118 if (r < 0)
119 return r;
120
121 p = content;
122 while ((line = strsep(&p, "\n"))) {
123 char *key;
124
125 key = strsep(&line, " ");
126 if (!key || !line)
127 return -EINVAL;
128
129 if (strcmp(key, event))
130 continue;
131
132 *val = strdup(line);
133 return 0;
134 }
135
136 return -ENOENT;
137 }
138
139 bool cg_ns_supported(void) {
140 static thread_local int enabled = -1;
141
142 if (enabled >= 0)
143 return enabled;
144
145 if (access("/proc/self/ns/cgroup", F_OK) == 0)
146 enabled = 1;
147 else
148 enabled = 0;
149
150 return enabled;
151 }
152
153 int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d) {
154 _cleanup_free_ char *fs = NULL;
155 int r;
156 DIR *d;
157
158 assert(_d);
159
160 /* This is not recursive! */
161
162 r = cg_get_path(controller, path, NULL, &fs);
163 if (r < 0)
164 return r;
165
166 d = opendir(fs);
167 if (!d)
168 return -errno;
169
170 *_d = d;
171 return 0;
172 }
173
174 int cg_read_subgroup(DIR *d, char **fn) {
175 struct dirent *de;
176
177 assert(d);
178 assert(fn);
179
180 FOREACH_DIRENT_ALL(de, d, return -errno) {
181 char *b;
182
183 if (de->d_type != DT_DIR)
184 continue;
185
186 if (dot_or_dot_dot(de->d_name))
187 continue;
188
189 b = strdup(de->d_name);
190 if (!b)
191 return -ENOMEM;
192
193 *fn = b;
194 return 1;
195 }
196
197 return 0;
198 }
199
200 int cg_rmdir(const char *controller, const char *path) {
201 _cleanup_free_ char *p = NULL;
202 int r;
203
204 r = cg_get_path(controller, path, NULL, &p);
205 if (r < 0)
206 return r;
207
208 r = rmdir(p);
209 if (r < 0 && errno != ENOENT)
210 return -errno;
211
212 r = cg_hybrid_unified();
213 if (r < 0)
214 return r;
215 if (r == 0)
216 return 0;
217
218 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
219 r = cg_rmdir(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path);
220 if (r < 0)
221 log_warning_errno(r, "Failed to remove compat systemd cgroup %s: %m", path);
222 }
223
224 return 0;
225 }
226
227 int cg_kill(
228 const char *controller,
229 const char *path,
230 int sig,
231 CGroupFlags flags,
232 Set *s,
233 cg_kill_log_func_t log_kill,
234 void *userdata) {
235
236 _cleanup_set_free_ Set *allocated_set = NULL;
237 bool done = false;
238 int r, ret = 0;
239 pid_t my_pid;
240
241 assert(sig >= 0);
242
243 /* Don't send SIGCONT twice. Also, SIGKILL always works even when process is suspended, hence don't send
244 * SIGCONT on SIGKILL. */
245 if (IN_SET(sig, SIGCONT, SIGKILL))
246 flags &= ~CGROUP_SIGCONT;
247
248 /* This goes through the tasks list and kills them all. This
249 * is repeated until no further processes are added to the
250 * tasks list, to properly handle forking processes */
251
252 if (!s) {
253 s = allocated_set = set_new(NULL);
254 if (!s)
255 return -ENOMEM;
256 }
257
258 my_pid = getpid_cached();
259
260 do {
261 _cleanup_fclose_ FILE *f = NULL;
262 pid_t pid = 0;
263 done = true;
264
265 r = cg_enumerate_processes(controller, path, &f);
266 if (r < 0) {
267 if (ret >= 0 && r != -ENOENT)
268 return r;
269
270 return ret;
271 }
272
273 while ((r = cg_read_pid(f, &pid)) > 0) {
274
275 if ((flags & CGROUP_IGNORE_SELF) && pid == my_pid)
276 continue;
277
278 if (set_get(s, PID_TO_PTR(pid)) == PID_TO_PTR(pid))
279 continue;
280
281 if (log_kill)
282 log_kill(pid, sig, userdata);
283
284 /* If we haven't killed this process yet, kill
285 * it */
286 if (kill(pid, sig) < 0) {
287 if (ret >= 0 && errno != ESRCH)
288 ret = -errno;
289 } else {
290 if (flags & CGROUP_SIGCONT)
291 (void) kill(pid, SIGCONT);
292
293 if (ret == 0)
294 ret = 1;
295 }
296
297 done = false;
298
299 r = set_put(s, PID_TO_PTR(pid));
300 if (r < 0) {
301 if (ret >= 0)
302 return r;
303
304 return ret;
305 }
306 }
307
308 if (r < 0) {
309 if (ret >= 0)
310 return r;
311
312 return ret;
313 }
314
315 /* To avoid racing against processes which fork
316 * quicker than we can kill them we repeat this until
317 * no new pids need to be killed. */
318
319 } while (!done);
320
321 return ret;
322 }
323
324 int cg_kill_recursive(
325 const char *controller,
326 const char *path,
327 int sig,
328 CGroupFlags flags,
329 Set *s,
330 cg_kill_log_func_t log_kill,
331 void *userdata) {
332
333 _cleanup_set_free_ Set *allocated_set = NULL;
334 _cleanup_closedir_ DIR *d = NULL;
335 int r, ret;
336 char *fn;
337
338 assert(path);
339 assert(sig >= 0);
340
341 if (!s) {
342 s = allocated_set = set_new(NULL);
343 if (!s)
344 return -ENOMEM;
345 }
346
347 ret = cg_kill(controller, path, sig, flags, s, log_kill, userdata);
348
349 r = cg_enumerate_subgroups(controller, path, &d);
350 if (r < 0) {
351 if (ret >= 0 && r != -ENOENT)
352 return r;
353
354 return ret;
355 }
356
357 while ((r = cg_read_subgroup(d, &fn)) > 0) {
358 _cleanup_free_ char *p = NULL;
359
360 p = strjoin(path, "/", fn);
361 free(fn);
362 if (!p)
363 return -ENOMEM;
364
365 r = cg_kill_recursive(controller, p, sig, flags, s, log_kill, userdata);
366 if (r != 0 && ret >= 0)
367 ret = r;
368 }
369 if (ret >= 0 && r < 0)
370 ret = r;
371
372 if (flags & CGROUP_REMOVE) {
373 r = cg_rmdir(controller, path);
374 if (r < 0 && ret >= 0 && r != -ENOENT && r != -EBUSY)
375 return r;
376 }
377
378 return ret;
379 }
380
381 int cg_migrate(
382 const char *cfrom,
383 const char *pfrom,
384 const char *cto,
385 const char *pto,
386 CGroupFlags flags) {
387
388 bool done = false;
389 _cleanup_set_free_ Set *s = NULL;
390 int r, ret = 0;
391 pid_t my_pid;
392
393 assert(cfrom);
394 assert(pfrom);
395 assert(cto);
396 assert(pto);
397
398 s = set_new(NULL);
399 if (!s)
400 return -ENOMEM;
401
402 my_pid = getpid_cached();
403
404 do {
405 _cleanup_fclose_ FILE *f = NULL;
406 pid_t pid = 0;
407 done = true;
408
409 r = cg_enumerate_processes(cfrom, pfrom, &f);
410 if (r < 0) {
411 if (ret >= 0 && r != -ENOENT)
412 return r;
413
414 return ret;
415 }
416
417 while ((r = cg_read_pid(f, &pid)) > 0) {
418
419 /* This might do weird stuff if we aren't a
420 * single-threaded program. However, we
421 * luckily know we are not */
422 if ((flags & CGROUP_IGNORE_SELF) && pid == my_pid)
423 continue;
424
425 if (set_get(s, PID_TO_PTR(pid)) == PID_TO_PTR(pid))
426 continue;
427
428 /* Ignore kernel threads. Since they can only
429 * exist in the root cgroup, we only check for
430 * them there. */
431 if (cfrom &&
432 (isempty(pfrom) || path_equal(pfrom, "/")) &&
433 is_kernel_thread(pid) > 0)
434 continue;
435
436 r = cg_attach(cto, pto, pid);
437 if (r < 0) {
438 if (ret >= 0 && r != -ESRCH)
439 ret = r;
440 } else if (ret == 0)
441 ret = 1;
442
443 done = false;
444
445 r = set_put(s, PID_TO_PTR(pid));
446 if (r < 0) {
447 if (ret >= 0)
448 return r;
449
450 return ret;
451 }
452 }
453
454 if (r < 0) {
455 if (ret >= 0)
456 return r;
457
458 return ret;
459 }
460 } while (!done);
461
462 return ret;
463 }
464
465 int cg_migrate_recursive(
466 const char *cfrom,
467 const char *pfrom,
468 const char *cto,
469 const char *pto,
470 CGroupFlags flags) {
471
472 _cleanup_closedir_ DIR *d = NULL;
473 int r, ret = 0;
474 char *fn;
475
476 assert(cfrom);
477 assert(pfrom);
478 assert(cto);
479 assert(pto);
480
481 ret = cg_migrate(cfrom, pfrom, cto, pto, flags);
482
483 r = cg_enumerate_subgroups(cfrom, pfrom, &d);
484 if (r < 0) {
485 if (ret >= 0 && r != -ENOENT)
486 return r;
487
488 return ret;
489 }
490
491 while ((r = cg_read_subgroup(d, &fn)) > 0) {
492 _cleanup_free_ char *p = NULL;
493
494 p = strjoin(pfrom, "/", fn);
495 free(fn);
496 if (!p)
497 return -ENOMEM;
498
499 r = cg_migrate_recursive(cfrom, p, cto, pto, flags);
500 if (r != 0 && ret >= 0)
501 ret = r;
502 }
503
504 if (r < 0 && ret >= 0)
505 ret = r;
506
507 if (flags & CGROUP_REMOVE) {
508 r = cg_rmdir(cfrom, pfrom);
509 if (r < 0 && ret >= 0 && r != -ENOENT && r != -EBUSY)
510 return r;
511 }
512
513 return ret;
514 }
515
516 int cg_migrate_recursive_fallback(
517 const char *cfrom,
518 const char *pfrom,
519 const char *cto,
520 const char *pto,
521 CGroupFlags flags) {
522
523 int r;
524
525 assert(cfrom);
526 assert(pfrom);
527 assert(cto);
528 assert(pto);
529
530 r = cg_migrate_recursive(cfrom, pfrom, cto, pto, flags);
531 if (r < 0) {
532 char prefix[strlen(pto) + 1];
533
534 /* This didn't work? Then let's try all prefixes of the destination */
535
536 PATH_FOREACH_PREFIX(prefix, pto) {
537 int q;
538
539 q = cg_migrate_recursive(cfrom, pfrom, cto, prefix, flags);
540 if (q >= 0)
541 return q;
542 }
543 }
544
545 return r;
546 }
547
548 static const char *controller_to_dirname(const char *controller) {
549 const char *e;
550
551 assert(controller);
552
553 /* Converts a controller name to the directory name below
554 * /sys/fs/cgroup/ we want to mount it to. Effectively, this
555 * just cuts off the name= prefixed used for named
556 * hierarchies, if it is specified. */
557
558 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
559 if (cg_hybrid_unified() > 0)
560 controller = SYSTEMD_CGROUP_CONTROLLER_HYBRID;
561 else
562 controller = SYSTEMD_CGROUP_CONTROLLER_LEGACY;
563 }
564
565 e = startswith(controller, "name=");
566 if (e)
567 return e;
568
569 return controller;
570 }
571
572 static int join_path_legacy(const char *controller, const char *path, const char *suffix, char **fs) {
573 const char *dn;
574 char *t = NULL;
575
576 assert(fs);
577 assert(controller);
578
579 dn = controller_to_dirname(controller);
580
581 if (isempty(path) && isempty(suffix))
582 t = strappend("/sys/fs/cgroup/", dn);
583 else if (isempty(path))
584 t = strjoin("/sys/fs/cgroup/", dn, "/", suffix);
585 else if (isempty(suffix))
586 t = strjoin("/sys/fs/cgroup/", dn, "/", path);
587 else
588 t = strjoin("/sys/fs/cgroup/", dn, "/", path, "/", suffix);
589 if (!t)
590 return -ENOMEM;
591
592 *fs = t;
593 return 0;
594 }
595
596 static int join_path_unified(const char *path, const char *suffix, char **fs) {
597 char *t;
598
599 assert(fs);
600
601 if (isempty(path) && isempty(suffix))
602 t = strdup("/sys/fs/cgroup");
603 else if (isempty(path))
604 t = strappend("/sys/fs/cgroup/", suffix);
605 else if (isempty(suffix))
606 t = strappend("/sys/fs/cgroup/", path);
607 else
608 t = strjoin("/sys/fs/cgroup/", path, "/", suffix);
609 if (!t)
610 return -ENOMEM;
611
612 *fs = t;
613 return 0;
614 }
615
616 int cg_get_path(const char *controller, const char *path, const char *suffix, char **fs) {
617 int r;
618
619 assert(fs);
620
621 if (!controller) {
622 char *t;
623
624 /* If no controller is specified, we return the path
625 * *below* the controllers, without any prefix. */
626
627 if (!path && !suffix)
628 return -EINVAL;
629
630 if (!suffix)
631 t = strdup(path);
632 else if (!path)
633 t = strdup(suffix);
634 else
635 t = strjoin(path, "/", suffix);
636 if (!t)
637 return -ENOMEM;
638
639 *fs = path_kill_slashes(t);
640 return 0;
641 }
642
643 if (!cg_controller_is_valid(controller))
644 return -EINVAL;
645
646 r = cg_all_unified();
647 if (r < 0)
648 return r;
649 if (r > 0)
650 r = join_path_unified(path, suffix, fs);
651 else
652 r = join_path_legacy(controller, path, suffix, fs);
653 if (r < 0)
654 return r;
655
656 path_kill_slashes(*fs);
657 return 0;
658 }
659
660 static int controller_is_accessible(const char *controller) {
661 int r;
662
663 assert(controller);
664
665 /* Checks whether a specific controller is accessible,
666 * i.e. its hierarchy mounted. In the unified hierarchy all
667 * controllers are considered accessible, except for the named
668 * hierarchies */
669
670 if (!cg_controller_is_valid(controller))
671 return -EINVAL;
672
673 r = cg_all_unified();
674 if (r < 0)
675 return r;
676 if (r > 0) {
677 /* We don't support named hierarchies if we are using
678 * the unified hierarchy. */
679
680 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER))
681 return 0;
682
683 if (startswith(controller, "name="))
684 return -EOPNOTSUPP;
685
686 } else {
687 const char *cc, *dn;
688
689 dn = controller_to_dirname(controller);
690 cc = strjoina("/sys/fs/cgroup/", dn);
691
692 if (laccess(cc, F_OK) < 0)
693 return -errno;
694 }
695
696 return 0;
697 }
698
699 int cg_get_path_and_check(const char *controller, const char *path, const char *suffix, char **fs) {
700 int r;
701
702 assert(controller);
703 assert(fs);
704
705 /* Check if the specified controller is actually accessible */
706 r = controller_is_accessible(controller);
707 if (r < 0)
708 return r;
709
710 return cg_get_path(controller, path, suffix, fs);
711 }
712
713 static int trim_cb(const char *path, const struct stat *sb, int typeflag, struct FTW *ftwbuf) {
714 assert(path);
715 assert(sb);
716 assert(ftwbuf);
717
718 if (typeflag != FTW_DP)
719 return 0;
720
721 if (ftwbuf->level < 1)
722 return 0;
723
724 (void) rmdir(path);
725 return 0;
726 }
727
728 int cg_trim(const char *controller, const char *path, bool delete_root) {
729 _cleanup_free_ char *fs = NULL;
730 int r = 0, q;
731
732 assert(path);
733
734 r = cg_get_path(controller, path, NULL, &fs);
735 if (r < 0)
736 return r;
737
738 errno = 0;
739 if (nftw(fs, trim_cb, 64, FTW_DEPTH|FTW_MOUNT|FTW_PHYS) != 0) {
740 if (errno == ENOENT)
741 r = 0;
742 else if (errno > 0)
743 r = -errno;
744 else
745 r = -EIO;
746 }
747
748 if (delete_root) {
749 if (rmdir(fs) < 0 && errno != ENOENT)
750 return -errno;
751 }
752
753 q = cg_hybrid_unified();
754 if (q < 0)
755 return q;
756 if (q > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
757 q = cg_trim(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, delete_root);
758 if (q < 0)
759 log_warning_errno(q, "Failed to trim compat systemd cgroup %s: %m", path);
760 }
761
762 return r;
763 }
764
765 int cg_create(const char *controller, const char *path) {
766 _cleanup_free_ char *fs = NULL;
767 int r;
768
769 r = cg_get_path_and_check(controller, path, NULL, &fs);
770 if (r < 0)
771 return r;
772
773 r = mkdir_parents(fs, 0755);
774 if (r < 0)
775 return r;
776
777 if (mkdir(fs, 0755) < 0) {
778
779 if (errno == EEXIST)
780 return 0;
781
782 return -errno;
783 }
784
785 r = cg_hybrid_unified();
786 if (r < 0)
787 return r;
788
789 if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
790 r = cg_create(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path);
791 if (r < 0)
792 log_warning_errno(r, "Failed to create compat systemd cgroup %s: %m", path);
793 }
794
795 return 1;
796 }
797
798 int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
799 int r, q;
800
801 assert(pid >= 0);
802
803 r = cg_create(controller, path);
804 if (r < 0)
805 return r;
806
807 q = cg_attach(controller, path, pid);
808 if (q < 0)
809 return q;
810
811 /* This does not remove the cgroup on failure */
812 return r;
813 }
814
815 int cg_attach(const char *controller, const char *path, pid_t pid) {
816 _cleanup_free_ char *fs = NULL;
817 char c[DECIMAL_STR_MAX(pid_t) + 2];
818 int r;
819
820 assert(path);
821 assert(pid >= 0);
822
823 r = cg_get_path_and_check(controller, path, "cgroup.procs", &fs);
824 if (r < 0)
825 return r;
826
827 if (pid == 0)
828 pid = getpid_cached();
829
830 xsprintf(c, PID_FMT "\n", pid);
831
832 r = write_string_file(fs, c, 0);
833 if (r < 0)
834 return r;
835
836 r = cg_hybrid_unified();
837 if (r < 0)
838 return r;
839
840 if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
841 r = cg_attach(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, pid);
842 if (r < 0)
843 log_warning_errno(r, "Failed to attach "PID_FMT" to compat systemd cgroup %s: %m", pid, path);
844 }
845
846 return 0;
847 }
848
849 int cg_attach_fallback(const char *controller, const char *path, pid_t pid) {
850 int r;
851
852 assert(controller);
853 assert(path);
854 assert(pid >= 0);
855
856 r = cg_attach(controller, path, pid);
857 if (r < 0) {
858 char prefix[strlen(path) + 1];
859
860 /* This didn't work? Then let's try all prefixes of
861 * the destination */
862
863 PATH_FOREACH_PREFIX(prefix, path) {
864 int q;
865
866 q = cg_attach(controller, prefix, pid);
867 if (q >= 0)
868 return q;
869 }
870 }
871
872 return r;
873 }
874
875 int cg_set_group_access(
876 const char *controller,
877 const char *path,
878 mode_t mode,
879 uid_t uid,
880 gid_t gid) {
881
882 _cleanup_free_ char *fs = NULL;
883 int r;
884
885 if (mode == MODE_INVALID && uid == UID_INVALID && gid == GID_INVALID)
886 return 0;
887
888 if (mode != MODE_INVALID)
889 mode &= 0777;
890
891 r = cg_get_path(controller, path, NULL, &fs);
892 if (r < 0)
893 return r;
894
895 r = chmod_and_chown(fs, mode, uid, gid);
896 if (r < 0)
897 return r;
898
899 r = cg_hybrid_unified();
900 if (r < 0)
901 return r;
902 if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
903 r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid);
904 if (r < 0)
905 log_debug_errno(r, "Failed to set group access on compatibility systemd cgroup %s, ignoring: %m", path);
906 }
907
908 return 0;
909 }
910
911 int cg_set_task_access(
912 const char *controller,
913 const char *path,
914 mode_t mode,
915 uid_t uid,
916 gid_t gid) {
917
918 _cleanup_free_ char *fs = NULL;
919 int r;
920
921 assert(path);
922
923 if (mode == MODE_INVALID && uid == UID_INVALID && gid == GID_INVALID)
924 return 0;
925
926 if (mode != MODE_INVALID)
927 mode &= 0666;
928
929 /* For both the legacy and unified hierarchies, "cgroup.procs" is the main entry point for PIDs */
930 r = cg_get_path(controller, path, "cgroup.procs", &fs);
931 if (r < 0)
932 return r;
933
934 r = chmod_and_chown(fs, mode, uid, gid);
935 if (r < 0)
936 return r;
937
938 r = cg_unified_controller(controller);
939 if (r < 0)
940 return r;
941 if (r == 0) {
942 const char *fn;
943
944 /* Compatibility: on cgroupsv1 always keep values for the legacy files "tasks" and
945 * "cgroup.clone_children" in sync with "cgroup.procs". Since this is legacy stuff, we don't care if
946 * this fails. */
947
948 FOREACH_STRING(fn,
949 "tasks",
950 "cgroup.clone_children") {
951
952 fs = mfree(fs);
953
954 r = cg_get_path(controller, path, fn, &fs);
955 if (r < 0)
956 log_debug_errno(r, "Failed to get path for %s of %s, ignoring: %m", fn, path);
957
958 r = chmod_and_chown(fs, mode, uid, gid);
959 if (r < 0)
960 log_debug_errno(r, "Failed to to change ownership/access mode for %s of %s, ignoring: %m", fn, path);
961 }
962 } else {
963 /* On the unified controller, we want to permit subtree controllers too. */
964
965 fs = mfree(fs);
966 r = cg_get_path(controller, path, "cgroup.subtree_control", &fs);
967 if (r < 0)
968 return r;
969
970 r = chmod_and_chown(fs, mode, uid, gid);
971 if (r < 0)
972 return r;
973 }
974
975 r = cg_hybrid_unified();
976 if (r < 0)
977 return r;
978 if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
979 /* Always propagate access mode from unified to legacy controller */
980
981 r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, mode, uid, gid);
982 if (r < 0)
983 log_debug_errno(r, "Failed to set task access on compatibility systemd cgroup %s, ignoring: %m", path);
984 }
985
986 return 0;
987 }
988
989 int cg_set_xattr(const char *controller, const char *path, const char *name, const void *value, size_t size, int flags) {
990 _cleanup_free_ char *fs = NULL;
991 int r;
992
993 assert(path);
994 assert(name);
995 assert(value || size <= 0);
996
997 r = cg_get_path(controller, path, NULL, &fs);
998 if (r < 0)
999 return r;
1000
1001 if (setxattr(fs, name, value, size, flags) < 0)
1002 return -errno;
1003
1004 return 0;
1005 }
1006
1007 int cg_get_xattr(const char *controller, const char *path, const char *name, void *value, size_t size) {
1008 _cleanup_free_ char *fs = NULL;
1009 ssize_t n;
1010 int r;
1011
1012 assert(path);
1013 assert(name);
1014
1015 r = cg_get_path(controller, path, NULL, &fs);
1016 if (r < 0)
1017 return r;
1018
1019 n = getxattr(fs, name, value, size);
1020 if (n < 0)
1021 return -errno;
1022
1023 return (int) n;
1024 }
1025
1026 int cg_pid_get_path(const char *controller, pid_t pid, char **path) {
1027 _cleanup_fclose_ FILE *f = NULL;
1028 char line[LINE_MAX];
1029 const char *fs, *controller_str;
1030 size_t cs = 0;
1031 int unified;
1032
1033 assert(path);
1034 assert(pid >= 0);
1035
1036 if (controller) {
1037 if (!cg_controller_is_valid(controller))
1038 return -EINVAL;
1039 } else
1040 controller = SYSTEMD_CGROUP_CONTROLLER;
1041
1042 unified = cg_unified_controller(controller);
1043 if (unified < 0)
1044 return unified;
1045 if (unified == 0) {
1046 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER))
1047 controller_str = SYSTEMD_CGROUP_CONTROLLER_LEGACY;
1048 else
1049 controller_str = controller;
1050
1051 cs = strlen(controller_str);
1052 }
1053
1054 fs = procfs_file_alloca(pid, "cgroup");
1055 f = fopen(fs, "re");
1056 if (!f)
1057 return errno == ENOENT ? -ESRCH : -errno;
1058
1059 FOREACH_LINE(line, f, return -errno) {
1060 char *e, *p;
1061
1062 truncate_nl(line);
1063
1064 if (unified) {
1065 e = startswith(line, "0:");
1066 if (!e)
1067 continue;
1068
1069 e = strchr(e, ':');
1070 if (!e)
1071 continue;
1072 } else {
1073 char *l;
1074 size_t k;
1075 const char *word, *state;
1076 bool found = false;
1077
1078 l = strchr(line, ':');
1079 if (!l)
1080 continue;
1081
1082 l++;
1083 e = strchr(l, ':');
1084 if (!e)
1085 continue;
1086
1087 *e = 0;
1088 FOREACH_WORD_SEPARATOR(word, k, l, ",", state) {
1089 if (k == cs && memcmp(word, controller_str, cs) == 0) {
1090 found = true;
1091 break;
1092 }
1093 }
1094
1095 if (!found)
1096 continue;
1097 }
1098
1099 p = strdup(e + 1);
1100 if (!p)
1101 return -ENOMEM;
1102
1103 *path = p;
1104 return 0;
1105 }
1106
1107 return -ENODATA;
1108 }
1109
1110 int cg_install_release_agent(const char *controller, const char *agent) {
1111 _cleanup_free_ char *fs = NULL, *contents = NULL;
1112 const char *sc;
1113 int r;
1114
1115 assert(agent);
1116
1117 r = cg_unified_controller(controller);
1118 if (r < 0)
1119 return r;
1120 if (r > 0) /* doesn't apply to unified hierarchy */
1121 return -EOPNOTSUPP;
1122
1123 r = cg_get_path(controller, NULL, "release_agent", &fs);
1124 if (r < 0)
1125 return r;
1126
1127 r = read_one_line_file(fs, &contents);
1128 if (r < 0)
1129 return r;
1130
1131 sc = strstrip(contents);
1132 if (isempty(sc)) {
1133 r = write_string_file(fs, agent, 0);
1134 if (r < 0)
1135 return r;
1136 } else if (!path_equal(sc, agent))
1137 return -EEXIST;
1138
1139 fs = mfree(fs);
1140 r = cg_get_path(controller, NULL, "notify_on_release", &fs);
1141 if (r < 0)
1142 return r;
1143
1144 contents = mfree(contents);
1145 r = read_one_line_file(fs, &contents);
1146 if (r < 0)
1147 return r;
1148
1149 sc = strstrip(contents);
1150 if (streq(sc, "0")) {
1151 r = write_string_file(fs, "1", 0);
1152 if (r < 0)
1153 return r;
1154
1155 return 1;
1156 }
1157
1158 if (!streq(sc, "1"))
1159 return -EIO;
1160
1161 return 0;
1162 }
1163
1164 int cg_uninstall_release_agent(const char *controller) {
1165 _cleanup_free_ char *fs = NULL;
1166 int r;
1167
1168 r = cg_unified_controller(controller);
1169 if (r < 0)
1170 return r;
1171 if (r > 0) /* Doesn't apply to unified hierarchy */
1172 return -EOPNOTSUPP;
1173
1174 r = cg_get_path(controller, NULL, "notify_on_release", &fs);
1175 if (r < 0)
1176 return r;
1177
1178 r = write_string_file(fs, "0", 0);
1179 if (r < 0)
1180 return r;
1181
1182 fs = mfree(fs);
1183
1184 r = cg_get_path(controller, NULL, "release_agent", &fs);
1185 if (r < 0)
1186 return r;
1187
1188 r = write_string_file(fs, "", 0);
1189 if (r < 0)
1190 return r;
1191
1192 return 0;
1193 }
1194
1195 int cg_is_empty(const char *controller, const char *path) {
1196 _cleanup_fclose_ FILE *f = NULL;
1197 pid_t pid;
1198 int r;
1199
1200 assert(path);
1201
1202 r = cg_enumerate_processes(controller, path, &f);
1203 if (r == -ENOENT)
1204 return 1;
1205 if (r < 0)
1206 return r;
1207
1208 r = cg_read_pid(f, &pid);
1209 if (r < 0)
1210 return r;
1211
1212 return r == 0;
1213 }
1214
1215 int cg_is_empty_recursive(const char *controller, const char *path) {
1216 int r;
1217
1218 assert(path);
1219
1220 /* The root cgroup is always populated */
1221 if (controller && (isempty(path) || path_equal(path, "/")))
1222 return false;
1223
1224 r = cg_unified_controller(controller);
1225 if (r < 0)
1226 return r;
1227 if (r > 0) {
1228 _cleanup_free_ char *t = NULL;
1229
1230 /* On the unified hierarchy we can check empty state
1231 * via the "populated" attribute of "cgroup.events". */
1232
1233 r = cg_read_event(controller, path, "populated", &t);
1234 if (r < 0)
1235 return r;
1236
1237 return streq(t, "0");
1238 } else {
1239 _cleanup_closedir_ DIR *d = NULL;
1240 char *fn;
1241
1242 r = cg_is_empty(controller, path);
1243 if (r <= 0)
1244 return r;
1245
1246 r = cg_enumerate_subgroups(controller, path, &d);
1247 if (r == -ENOENT)
1248 return 1;
1249 if (r < 0)
1250 return r;
1251
1252 while ((r = cg_read_subgroup(d, &fn)) > 0) {
1253 _cleanup_free_ char *p = NULL;
1254
1255 p = strjoin(path, "/", fn);
1256 free(fn);
1257 if (!p)
1258 return -ENOMEM;
1259
1260 r = cg_is_empty_recursive(controller, p);
1261 if (r <= 0)
1262 return r;
1263 }
1264 if (r < 0)
1265 return r;
1266
1267 return true;
1268 }
1269 }
1270
1271 int cg_split_spec(const char *spec, char **controller, char **path) {
1272 char *t = NULL, *u = NULL;
1273 const char *e;
1274
1275 assert(spec);
1276
1277 if (*spec == '/') {
1278 if (!path_is_safe(spec))
1279 return -EINVAL;
1280
1281 if (path) {
1282 t = strdup(spec);
1283 if (!t)
1284 return -ENOMEM;
1285
1286 *path = path_kill_slashes(t);
1287 }
1288
1289 if (controller)
1290 *controller = NULL;
1291
1292 return 0;
1293 }
1294
1295 e = strchr(spec, ':');
1296 if (!e) {
1297 if (!cg_controller_is_valid(spec))
1298 return -EINVAL;
1299
1300 if (controller) {
1301 t = strdup(spec);
1302 if (!t)
1303 return -ENOMEM;
1304
1305 *controller = t;
1306 }
1307
1308 if (path)
1309 *path = NULL;
1310
1311 return 0;
1312 }
1313
1314 t = strndup(spec, e-spec);
1315 if (!t)
1316 return -ENOMEM;
1317 if (!cg_controller_is_valid(t)) {
1318 free(t);
1319 return -EINVAL;
1320 }
1321
1322 if (isempty(e+1))
1323 u = NULL;
1324 else {
1325 u = strdup(e+1);
1326 if (!u) {
1327 free(t);
1328 return -ENOMEM;
1329 }
1330
1331 if (!path_is_safe(u) ||
1332 !path_is_absolute(u)) {
1333 free(t);
1334 free(u);
1335 return -EINVAL;
1336 }
1337
1338 path_kill_slashes(u);
1339 }
1340
1341 if (controller)
1342 *controller = t;
1343 else
1344 free(t);
1345
1346 if (path)
1347 *path = u;
1348 else
1349 free(u);
1350
1351 return 0;
1352 }
1353
1354 int cg_mangle_path(const char *path, char **result) {
1355 _cleanup_free_ char *c = NULL, *p = NULL;
1356 char *t;
1357 int r;
1358
1359 assert(path);
1360 assert(result);
1361
1362 /* First, check if it already is a filesystem path */
1363 if (path_startswith(path, "/sys/fs/cgroup")) {
1364
1365 t = strdup(path);
1366 if (!t)
1367 return -ENOMEM;
1368
1369 *result = path_kill_slashes(t);
1370 return 0;
1371 }
1372
1373 /* Otherwise, treat it as cg spec */
1374 r = cg_split_spec(path, &c, &p);
1375 if (r < 0)
1376 return r;
1377
1378 return cg_get_path(c ?: SYSTEMD_CGROUP_CONTROLLER, p ?: "/", NULL, result);
1379 }
1380
1381 int cg_get_root_path(char **path) {
1382 char *p, *e;
1383 int r;
1384
1385 assert(path);
1386
1387 r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 1, &p);
1388 if (r < 0)
1389 return r;
1390
1391 e = endswith(p, "/" SPECIAL_INIT_SCOPE);
1392 if (!e)
1393 e = endswith(p, "/" SPECIAL_SYSTEM_SLICE); /* legacy */
1394 if (!e)
1395 e = endswith(p, "/system"); /* even more legacy */
1396 if (e)
1397 *e = 0;
1398
1399 *path = p;
1400 return 0;
1401 }
1402
1403 int cg_shift_path(const char *cgroup, const char *root, const char **shifted) {
1404 _cleanup_free_ char *rt = NULL;
1405 char *p;
1406 int r;
1407
1408 assert(cgroup);
1409 assert(shifted);
1410
1411 if (!root) {
1412 /* If the root was specified let's use that, otherwise
1413 * let's determine it from PID 1 */
1414
1415 r = cg_get_root_path(&rt);
1416 if (r < 0)
1417 return r;
1418
1419 root = rt;
1420 }
1421
1422 p = path_startswith(cgroup, root);
1423 if (p && p > cgroup)
1424 *shifted = p - 1;
1425 else
1426 *shifted = cgroup;
1427
1428 return 0;
1429 }
1430
1431 int cg_pid_get_path_shifted(pid_t pid, const char *root, char **cgroup) {
1432 _cleanup_free_ char *raw = NULL;
1433 const char *c;
1434 int r;
1435
1436 assert(pid >= 0);
1437 assert(cgroup);
1438
1439 r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, pid, &raw);
1440 if (r < 0)
1441 return r;
1442
1443 r = cg_shift_path(raw, root, &c);
1444 if (r < 0)
1445 return r;
1446
1447 if (c == raw) {
1448 *cgroup = raw;
1449 raw = NULL;
1450 } else {
1451 char *n;
1452
1453 n = strdup(c);
1454 if (!n)
1455 return -ENOMEM;
1456
1457 *cgroup = n;
1458 }
1459
1460 return 0;
1461 }
1462
1463 int cg_path_decode_unit(const char *cgroup, char **unit) {
1464 char *c, *s;
1465 size_t n;
1466
1467 assert(cgroup);
1468 assert(unit);
1469
1470 n = strcspn(cgroup, "/");
1471 if (n < 3)
1472 return -ENXIO;
1473
1474 c = strndupa(cgroup, n);
1475 c = cg_unescape(c);
1476
1477 if (!unit_name_is_valid(c, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
1478 return -ENXIO;
1479
1480 s = strdup(c);
1481 if (!s)
1482 return -ENOMEM;
1483
1484 *unit = s;
1485 return 0;
1486 }
1487
1488 static bool valid_slice_name(const char *p, size_t n) {
1489
1490 if (!p)
1491 return false;
1492
1493 if (n < strlen("x.slice"))
1494 return false;
1495
1496 if (memcmp(p + n - 6, ".slice", 6) == 0) {
1497 char buf[n+1], *c;
1498
1499 memcpy(buf, p, n);
1500 buf[n] = 0;
1501
1502 c = cg_unescape(buf);
1503
1504 return unit_name_is_valid(c, UNIT_NAME_PLAIN);
1505 }
1506
1507 return false;
1508 }
1509
1510 static const char *skip_slices(const char *p) {
1511 assert(p);
1512
1513 /* Skips over all slice assignments */
1514
1515 for (;;) {
1516 size_t n;
1517
1518 p += strspn(p, "/");
1519
1520 n = strcspn(p, "/");
1521 if (!valid_slice_name(p, n))
1522 return p;
1523
1524 p += n;
1525 }
1526 }
1527
1528 int cg_path_get_unit(const char *path, char **ret) {
1529 const char *e;
1530 char *unit;
1531 int r;
1532
1533 assert(path);
1534 assert(ret);
1535
1536 e = skip_slices(path);
1537
1538 r = cg_path_decode_unit(e, &unit);
1539 if (r < 0)
1540 return r;
1541
1542 /* We skipped over the slices, don't accept any now */
1543 if (endswith(unit, ".slice")) {
1544 free(unit);
1545 return -ENXIO;
1546 }
1547
1548 *ret = unit;
1549 return 0;
1550 }
1551
1552 int cg_pid_get_unit(pid_t pid, char **unit) {
1553 _cleanup_free_ char *cgroup = NULL;
1554 int r;
1555
1556 assert(unit);
1557
1558 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1559 if (r < 0)
1560 return r;
1561
1562 return cg_path_get_unit(cgroup, unit);
1563 }
1564
1565 /**
1566 * Skip session-*.scope, but require it to be there.
1567 */
1568 static const char *skip_session(const char *p) {
1569 size_t n;
1570
1571 if (isempty(p))
1572 return NULL;
1573
1574 p += strspn(p, "/");
1575
1576 n = strcspn(p, "/");
1577 if (n < strlen("session-x.scope"))
1578 return NULL;
1579
1580 if (memcmp(p, "session-", 8) == 0 && memcmp(p + n - 6, ".scope", 6) == 0) {
1581 char buf[n - 8 - 6 + 1];
1582
1583 memcpy(buf, p + 8, n - 8 - 6);
1584 buf[n - 8 - 6] = 0;
1585
1586 /* Note that session scopes never need unescaping,
1587 * since they cannot conflict with the kernel's own
1588 * names, hence we don't need to call cg_unescape()
1589 * here. */
1590
1591 if (!session_id_valid(buf))
1592 return false;
1593
1594 p += n;
1595 p += strspn(p, "/");
1596 return p;
1597 }
1598
1599 return NULL;
1600 }
1601
1602 /**
1603 * Skip user@*.service, but require it to be there.
1604 */
1605 static const char *skip_user_manager(const char *p) {
1606 size_t n;
1607
1608 if (isempty(p))
1609 return NULL;
1610
1611 p += strspn(p, "/");
1612
1613 n = strcspn(p, "/");
1614 if (n < strlen("user@x.service"))
1615 return NULL;
1616
1617 if (memcmp(p, "user@", 5) == 0 && memcmp(p + n - 8, ".service", 8) == 0) {
1618 char buf[n - 5 - 8 + 1];
1619
1620 memcpy(buf, p + 5, n - 5 - 8);
1621 buf[n - 5 - 8] = 0;
1622
1623 /* Note that user manager services never need unescaping,
1624 * since they cannot conflict with the kernel's own
1625 * names, hence we don't need to call cg_unescape()
1626 * here. */
1627
1628 if (parse_uid(buf, NULL) < 0)
1629 return NULL;
1630
1631 p += n;
1632 p += strspn(p, "/");
1633
1634 return p;
1635 }
1636
1637 return NULL;
1638 }
1639
1640 static const char *skip_user_prefix(const char *path) {
1641 const char *e, *t;
1642
1643 assert(path);
1644
1645 /* Skip slices, if there are any */
1646 e = skip_slices(path);
1647
1648 /* Skip the user manager, if it's in the path now... */
1649 t = skip_user_manager(e);
1650 if (t)
1651 return t;
1652
1653 /* Alternatively skip the user session if it is in the path... */
1654 return skip_session(e);
1655 }
1656
1657 int cg_path_get_user_unit(const char *path, char **ret) {
1658 const char *t;
1659
1660 assert(path);
1661 assert(ret);
1662
1663 t = skip_user_prefix(path);
1664 if (!t)
1665 return -ENXIO;
1666
1667 /* And from here on it looks pretty much the same as for a
1668 * system unit, hence let's use the same parser from here
1669 * on. */
1670 return cg_path_get_unit(t, ret);
1671 }
1672
1673 int cg_pid_get_user_unit(pid_t pid, char **unit) {
1674 _cleanup_free_ char *cgroup = NULL;
1675 int r;
1676
1677 assert(unit);
1678
1679 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1680 if (r < 0)
1681 return r;
1682
1683 return cg_path_get_user_unit(cgroup, unit);
1684 }
1685
1686 int cg_path_get_machine_name(const char *path, char **machine) {
1687 _cleanup_free_ char *u = NULL;
1688 const char *sl;
1689 int r;
1690
1691 r = cg_path_get_unit(path, &u);
1692 if (r < 0)
1693 return r;
1694
1695 sl = strjoina("/run/systemd/machines/unit:", u);
1696 return readlink_malloc(sl, machine);
1697 }
1698
1699 int cg_pid_get_machine_name(pid_t pid, char **machine) {
1700 _cleanup_free_ char *cgroup = NULL;
1701 int r;
1702
1703 assert(machine);
1704
1705 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1706 if (r < 0)
1707 return r;
1708
1709 return cg_path_get_machine_name(cgroup, machine);
1710 }
1711
1712 int cg_path_get_session(const char *path, char **session) {
1713 _cleanup_free_ char *unit = NULL;
1714 char *start, *end;
1715 int r;
1716
1717 assert(path);
1718
1719 r = cg_path_get_unit(path, &unit);
1720 if (r < 0)
1721 return r;
1722
1723 start = startswith(unit, "session-");
1724 if (!start)
1725 return -ENXIO;
1726 end = endswith(start, ".scope");
1727 if (!end)
1728 return -ENXIO;
1729
1730 *end = 0;
1731 if (!session_id_valid(start))
1732 return -ENXIO;
1733
1734 if (session) {
1735 char *rr;
1736
1737 rr = strdup(start);
1738 if (!rr)
1739 return -ENOMEM;
1740
1741 *session = rr;
1742 }
1743
1744 return 0;
1745 }
1746
1747 int cg_pid_get_session(pid_t pid, char **session) {
1748 _cleanup_free_ char *cgroup = NULL;
1749 int r;
1750
1751 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1752 if (r < 0)
1753 return r;
1754
1755 return cg_path_get_session(cgroup, session);
1756 }
1757
1758 int cg_path_get_owner_uid(const char *path, uid_t *uid) {
1759 _cleanup_free_ char *slice = NULL;
1760 char *start, *end;
1761 int r;
1762
1763 assert(path);
1764
1765 r = cg_path_get_slice(path, &slice);
1766 if (r < 0)
1767 return r;
1768
1769 start = startswith(slice, "user-");
1770 if (!start)
1771 return -ENXIO;
1772 end = endswith(start, ".slice");
1773 if (!end)
1774 return -ENXIO;
1775
1776 *end = 0;
1777 if (parse_uid(start, uid) < 0)
1778 return -ENXIO;
1779
1780 return 0;
1781 }
1782
1783 int cg_pid_get_owner_uid(pid_t pid, uid_t *uid) {
1784 _cleanup_free_ char *cgroup = NULL;
1785 int r;
1786
1787 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1788 if (r < 0)
1789 return r;
1790
1791 return cg_path_get_owner_uid(cgroup, uid);
1792 }
1793
1794 int cg_path_get_slice(const char *p, char **slice) {
1795 const char *e = NULL;
1796
1797 assert(p);
1798 assert(slice);
1799
1800 /* Finds the right-most slice unit from the beginning, but
1801 * stops before we come to the first non-slice unit. */
1802
1803 for (;;) {
1804 size_t n;
1805
1806 p += strspn(p, "/");
1807
1808 n = strcspn(p, "/");
1809 if (!valid_slice_name(p, n)) {
1810
1811 if (!e) {
1812 char *s;
1813
1814 s = strdup(SPECIAL_ROOT_SLICE);
1815 if (!s)
1816 return -ENOMEM;
1817
1818 *slice = s;
1819 return 0;
1820 }
1821
1822 return cg_path_decode_unit(e, slice);
1823 }
1824
1825 e = p;
1826 p += n;
1827 }
1828 }
1829
1830 int cg_pid_get_slice(pid_t pid, char **slice) {
1831 _cleanup_free_ char *cgroup = NULL;
1832 int r;
1833
1834 assert(slice);
1835
1836 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1837 if (r < 0)
1838 return r;
1839
1840 return cg_path_get_slice(cgroup, slice);
1841 }
1842
1843 int cg_path_get_user_slice(const char *p, char **slice) {
1844 const char *t;
1845 assert(p);
1846 assert(slice);
1847
1848 t = skip_user_prefix(p);
1849 if (!t)
1850 return -ENXIO;
1851
1852 /* And now it looks pretty much the same as for a system
1853 * slice, so let's just use the same parser from here on. */
1854 return cg_path_get_slice(t, slice);
1855 }
1856
1857 int cg_pid_get_user_slice(pid_t pid, char **slice) {
1858 _cleanup_free_ char *cgroup = NULL;
1859 int r;
1860
1861 assert(slice);
1862
1863 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1864 if (r < 0)
1865 return r;
1866
1867 return cg_path_get_user_slice(cgroup, slice);
1868 }
1869
1870 char *cg_escape(const char *p) {
1871 bool need_prefix = false;
1872
1873 /* This implements very minimal escaping for names to be used
1874 * as file names in the cgroup tree: any name which might
1875 * conflict with a kernel name or is prefixed with '_' is
1876 * prefixed with a '_'. That way, when reading cgroup names it
1877 * is sufficient to remove a single prefixing underscore if
1878 * there is one. */
1879
1880 /* The return value of this function (unlike cg_unescape())
1881 * needs free()! */
1882
1883 if (p[0] == 0 ||
1884 p[0] == '_' ||
1885 p[0] == '.' ||
1886 streq(p, "notify_on_release") ||
1887 streq(p, "release_agent") ||
1888 streq(p, "tasks") ||
1889 startswith(p, "cgroup."))
1890 need_prefix = true;
1891 else {
1892 const char *dot;
1893
1894 dot = strrchr(p, '.');
1895 if (dot) {
1896 CGroupController c;
1897 size_t l = dot - p;
1898
1899 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
1900 const char *n;
1901
1902 n = cgroup_controller_to_string(c);
1903
1904 if (l != strlen(n))
1905 continue;
1906
1907 if (memcmp(p, n, l) != 0)
1908 continue;
1909
1910 need_prefix = true;
1911 break;
1912 }
1913 }
1914 }
1915
1916 if (need_prefix)
1917 return strappend("_", p);
1918
1919 return strdup(p);
1920 }
1921
1922 char *cg_unescape(const char *p) {
1923 assert(p);
1924
1925 /* The return value of this function (unlike cg_escape())
1926 * doesn't need free()! */
1927
1928 if (p[0] == '_')
1929 return (char*) p+1;
1930
1931 return (char*) p;
1932 }
1933
1934 #define CONTROLLER_VALID \
1935 DIGITS LETTERS \
1936 "_"
1937
1938 bool cg_controller_is_valid(const char *p) {
1939 const char *t, *s;
1940
1941 if (!p)
1942 return false;
1943
1944 if (streq(p, SYSTEMD_CGROUP_CONTROLLER))
1945 return true;
1946
1947 s = startswith(p, "name=");
1948 if (s)
1949 p = s;
1950
1951 if (*p == 0 || *p == '_')
1952 return false;
1953
1954 for (t = p; *t; t++)
1955 if (!strchr(CONTROLLER_VALID, *t))
1956 return false;
1957
1958 if (t - p > FILENAME_MAX)
1959 return false;
1960
1961 return true;
1962 }
1963
1964 int cg_slice_to_path(const char *unit, char **ret) {
1965 _cleanup_free_ char *p = NULL, *s = NULL, *e = NULL;
1966 const char *dash;
1967 int r;
1968
1969 assert(unit);
1970 assert(ret);
1971
1972 if (streq(unit, SPECIAL_ROOT_SLICE)) {
1973 char *x;
1974
1975 x = strdup("");
1976 if (!x)
1977 return -ENOMEM;
1978 *ret = x;
1979 return 0;
1980 }
1981
1982 if (!unit_name_is_valid(unit, UNIT_NAME_PLAIN))
1983 return -EINVAL;
1984
1985 if (!endswith(unit, ".slice"))
1986 return -EINVAL;
1987
1988 r = unit_name_to_prefix(unit, &p);
1989 if (r < 0)
1990 return r;
1991
1992 dash = strchr(p, '-');
1993
1994 /* Don't allow initial dashes */
1995 if (dash == p)
1996 return -EINVAL;
1997
1998 while (dash) {
1999 _cleanup_free_ char *escaped = NULL;
2000 char n[dash - p + sizeof(".slice")];
2001
2002 /* Don't allow trailing or double dashes */
2003 if (dash[1] == 0 || dash[1] == '-')
2004 return -EINVAL;
2005
2006 strcpy(stpncpy(n, p, dash - p), ".slice");
2007 if (!unit_name_is_valid(n, UNIT_NAME_PLAIN))
2008 return -EINVAL;
2009
2010 escaped = cg_escape(n);
2011 if (!escaped)
2012 return -ENOMEM;
2013
2014 if (!strextend(&s, escaped, "/", NULL))
2015 return -ENOMEM;
2016
2017 dash = strchr(dash+1, '-');
2018 }
2019
2020 e = cg_escape(unit);
2021 if (!e)
2022 return -ENOMEM;
2023
2024 if (!strextend(&s, e, NULL))
2025 return -ENOMEM;
2026
2027 *ret = s;
2028 s = NULL;
2029
2030 return 0;
2031 }
2032
2033 int cg_set_attribute(const char *controller, const char *path, const char *attribute, const char *value) {
2034 _cleanup_free_ char *p = NULL;
2035 int r;
2036
2037 r = cg_get_path(controller, path, attribute, &p);
2038 if (r < 0)
2039 return r;
2040
2041 return write_string_file(p, value, 0);
2042 }
2043
2044 int cg_get_attribute(const char *controller, const char *path, const char *attribute, char **ret) {
2045 _cleanup_free_ char *p = NULL;
2046 int r;
2047
2048 r = cg_get_path(controller, path, attribute, &p);
2049 if (r < 0)
2050 return r;
2051
2052 return read_one_line_file(p, ret);
2053 }
2054
2055 int cg_get_keyed_attribute(const char *controller, const char *path, const char *attribute, const char **keys, char **values) {
2056 _cleanup_free_ char *filename = NULL, *content = NULL;
2057 char *line, *p;
2058 int i, r;
2059
2060 for (i = 0; keys[i]; i++)
2061 values[i] = NULL;
2062
2063 r = cg_get_path(controller, path, attribute, &filename);
2064 if (r < 0)
2065 return r;
2066
2067 r = read_full_file(filename, &content, NULL);
2068 if (r < 0)
2069 return r;
2070
2071 p = content;
2072 while ((line = strsep(&p, "\n"))) {
2073 char *key;
2074
2075 key = strsep(&line, " ");
2076
2077 for (i = 0; keys[i]; i++) {
2078 if (streq(key, keys[i])) {
2079 values[i] = strdup(line);
2080 break;
2081 }
2082 }
2083 }
2084
2085 for (i = 0; keys[i]; i++) {
2086 if (!values[i]) {
2087 for (i = 0; keys[i]; i++) {
2088 free(values[i]);
2089 values[i] = NULL;
2090 }
2091 return -ENOENT;
2092 }
2093 }
2094
2095 return 0;
2096 }
2097
2098 int cg_create_everywhere(CGroupMask supported, CGroupMask mask, const char *path) {
2099 CGroupController c;
2100 int r;
2101
2102 /* This one will create a cgroup in our private tree, but also
2103 * duplicate it in the trees specified in mask, and remove it
2104 * in all others */
2105
2106 /* First create the cgroup in our own hierarchy. */
2107 r = cg_create(SYSTEMD_CGROUP_CONTROLLER, path);
2108 if (r < 0)
2109 return r;
2110
2111 /* If we are in the unified hierarchy, we are done now */
2112 r = cg_all_unified();
2113 if (r < 0)
2114 return r;
2115 if (r > 0)
2116 return 0;
2117
2118 /* Otherwise, do the same in the other hierarchies */
2119 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2120 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2121 const char *n;
2122
2123 n = cgroup_controller_to_string(c);
2124
2125 if (mask & bit)
2126 (void) cg_create(n, path);
2127 else if (supported & bit)
2128 (void) cg_trim(n, path, true);
2129 }
2130
2131 return 0;
2132 }
2133
2134 int cg_attach_everywhere(CGroupMask supported, const char *path, pid_t pid, cg_migrate_callback_t path_callback, void *userdata) {
2135 CGroupController c;
2136 int r;
2137
2138 r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, path, pid);
2139 if (r < 0)
2140 return r;
2141
2142 r = cg_all_unified();
2143 if (r < 0)
2144 return r;
2145 if (r > 0)
2146 return 0;
2147
2148 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2149 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2150 const char *p = NULL;
2151
2152 if (!(supported & bit))
2153 continue;
2154
2155 if (path_callback)
2156 p = path_callback(bit, userdata);
2157
2158 if (!p)
2159 p = path;
2160
2161 (void) cg_attach_fallback(cgroup_controller_to_string(c), p, pid);
2162 }
2163
2164 return 0;
2165 }
2166
2167 int cg_attach_many_everywhere(CGroupMask supported, const char *path, Set* pids, cg_migrate_callback_t path_callback, void *userdata) {
2168 Iterator i;
2169 void *pidp;
2170 int r = 0;
2171
2172 SET_FOREACH(pidp, pids, i) {
2173 pid_t pid = PTR_TO_PID(pidp);
2174 int q;
2175
2176 q = cg_attach_everywhere(supported, path, pid, path_callback, userdata);
2177 if (q < 0 && r >= 0)
2178 r = q;
2179 }
2180
2181 return r;
2182 }
2183
2184 int cg_migrate_everywhere(CGroupMask supported, const char *from, const char *to, cg_migrate_callback_t to_callback, void *userdata) {
2185 CGroupController c;
2186 int r = 0, q;
2187
2188 if (!path_equal(from, to)) {
2189 r = cg_migrate_recursive(SYSTEMD_CGROUP_CONTROLLER, from, SYSTEMD_CGROUP_CONTROLLER, to, CGROUP_REMOVE);
2190 if (r < 0)
2191 return r;
2192 }
2193
2194 q = cg_all_unified();
2195 if (q < 0)
2196 return q;
2197 if (q > 0)
2198 return r;
2199
2200 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2201 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2202 const char *p = NULL;
2203
2204 if (!(supported & bit))
2205 continue;
2206
2207 if (to_callback)
2208 p = to_callback(bit, userdata);
2209
2210 if (!p)
2211 p = to;
2212
2213 (void) cg_migrate_recursive_fallback(SYSTEMD_CGROUP_CONTROLLER, to, cgroup_controller_to_string(c), p, 0);
2214 }
2215
2216 return 0;
2217 }
2218
2219 int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root) {
2220 CGroupController c;
2221 int r, q;
2222
2223 r = cg_trim(SYSTEMD_CGROUP_CONTROLLER, path, delete_root);
2224 if (r < 0)
2225 return r;
2226
2227 q = cg_all_unified();
2228 if (q < 0)
2229 return q;
2230 if (q > 0)
2231 return r;
2232
2233 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2234 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2235
2236 if (!(supported & bit))
2237 continue;
2238
2239 (void) cg_trim(cgroup_controller_to_string(c), path, delete_root);
2240 }
2241
2242 return 0;
2243 }
2244
2245 int cg_mask_to_string(CGroupMask mask, char **ret) {
2246 const char *controllers[_CGROUP_CONTROLLER_MAX + 1];
2247 CGroupController c;
2248 int i = 0;
2249 char *s;
2250
2251 assert(ret);
2252
2253 if (mask == 0) {
2254 *ret = NULL;
2255 return 0;
2256 }
2257
2258 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2259
2260 if (!(mask & CGROUP_CONTROLLER_TO_MASK(c)))
2261 continue;
2262
2263 controllers[i++] = cgroup_controller_to_string(c);
2264 controllers[i] = NULL;
2265 }
2266
2267 s = strv_join((char **)controllers, NULL);
2268 if (!s)
2269 return -ENOMEM;
2270
2271 *ret = s;
2272 return 0;
2273 }
2274
2275 int cg_mask_from_string(const char *value, CGroupMask *mask) {
2276 assert(mask);
2277 assert(value);
2278
2279 for (;;) {
2280 _cleanup_free_ char *n = NULL;
2281 CGroupController v;
2282 int r;
2283
2284 r = extract_first_word(&value, &n, NULL, 0);
2285 if (r < 0)
2286 return r;
2287 if (r == 0)
2288 break;
2289
2290 v = cgroup_controller_from_string(n);
2291 if (v < 0)
2292 continue;
2293
2294 *mask |= CGROUP_CONTROLLER_TO_MASK(v);
2295 }
2296 return 0;
2297 }
2298
2299 int cg_mask_supported(CGroupMask *ret) {
2300 CGroupMask mask = 0;
2301 int r;
2302
2303 /* Determines the mask of supported cgroup controllers. Only
2304 * includes controllers we can make sense of and that are
2305 * actually accessible. */
2306
2307 r = cg_all_unified();
2308 if (r < 0)
2309 return r;
2310 if (r > 0) {
2311 _cleanup_free_ char *root = NULL, *controllers = NULL, *path = NULL;
2312
2313 /* In the unified hierarchy we can read the supported
2314 * and accessible controllers from a the top-level
2315 * cgroup attribute */
2316
2317 r = cg_get_root_path(&root);
2318 if (r < 0)
2319 return r;
2320
2321 r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, root, "cgroup.controllers", &path);
2322 if (r < 0)
2323 return r;
2324
2325 r = read_one_line_file(path, &controllers);
2326 if (r < 0)
2327 return r;
2328
2329 r = cg_mask_from_string(controllers, &mask);
2330 if (r < 0)
2331 return r;
2332
2333 /* Currently, we support the cpu, memory, io and pids
2334 * controller in the unified hierarchy, mask
2335 * everything else off. */
2336 mask &= CGROUP_MASK_CPU | CGROUP_MASK_MEMORY | CGROUP_MASK_IO | CGROUP_MASK_PIDS;
2337
2338 } else {
2339 CGroupController c;
2340
2341 /* In the legacy hierarchy, we check whether which
2342 * hierarchies are mounted. */
2343
2344 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2345 const char *n;
2346
2347 n = cgroup_controller_to_string(c);
2348 if (controller_is_accessible(n) >= 0)
2349 mask |= CGROUP_CONTROLLER_TO_MASK(c);
2350 }
2351 }
2352
2353 *ret = mask;
2354 return 0;
2355 }
2356
2357 int cg_kernel_controllers(Set *controllers) {
2358 _cleanup_fclose_ FILE *f = NULL;
2359 int r;
2360
2361 assert(controllers);
2362
2363 /* Determines the full list of kernel-known controllers. Might
2364 * include controllers we don't actually support, arbitrary
2365 * named hierarchies and controllers that aren't currently
2366 * accessible (because not mounted). */
2367
2368 f = fopen("/proc/cgroups", "re");
2369 if (!f) {
2370 if (errno == ENOENT)
2371 return 0;
2372 return -errno;
2373 }
2374
2375 /* Ignore the header line */
2376 (void) read_line(f, (size_t) -1, NULL);
2377
2378 for (;;) {
2379 char *controller;
2380 int enabled = 0;
2381
2382 errno = 0;
2383 if (fscanf(f, "%ms %*i %*i %i", &controller, &enabled) != 2) {
2384
2385 if (feof(f))
2386 break;
2387
2388 if (ferror(f) && errno > 0)
2389 return -errno;
2390
2391 return -EBADMSG;
2392 }
2393
2394 if (!enabled) {
2395 free(controller);
2396 continue;
2397 }
2398
2399 if (!cg_controller_is_valid(controller)) {
2400 free(controller);
2401 return -EBADMSG;
2402 }
2403
2404 r = set_consume(controllers, controller);
2405 if (r < 0)
2406 return r;
2407 }
2408
2409 return 0;
2410 }
2411
2412 static thread_local CGroupUnified unified_cache = CGROUP_UNIFIED_UNKNOWN;
2413
2414 /* The hybrid mode was initially implemented in v232 and simply mounted cgroup v2 on /sys/fs/cgroup/systemd. This
2415 * unfortunately broke other tools (such as docker) which expected the v1 "name=systemd" hierarchy on
2416 * /sys/fs/cgroup/systemd. From v233 and on, the hybrid mode mountnbs v2 on /sys/fs/cgroup/unified and maintains
2417 * "name=systemd" hierarchy on /sys/fs/cgroup/systemd for compatibility with other tools.
2418 *
2419 * To keep live upgrade working, we detect and support v232 layout. When v232 layout is detected, to keep cgroup v2
2420 * process management but disable the compat dual layout, we return %true on
2421 * cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) and %false on cg_hybrid_unified().
2422 */
2423 static thread_local bool unified_systemd_v232;
2424
2425 static int cg_unified_update(void) {
2426
2427 struct statfs fs;
2428
2429 /* Checks if we support the unified hierarchy. Returns an
2430 * error when the cgroup hierarchies aren't mounted yet or we
2431 * have any other trouble determining if the unified hierarchy
2432 * is supported. */
2433
2434 if (unified_cache >= CGROUP_UNIFIED_NONE)
2435 return 0;
2436
2437 if (statfs("/sys/fs/cgroup/", &fs) < 0)
2438 return -errno;
2439
2440 if (F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC))
2441 unified_cache = CGROUP_UNIFIED_ALL;
2442 else if (F_TYPE_EQUAL(fs.f_type, TMPFS_MAGIC)) {
2443 if (statfs("/sys/fs/cgroup/unified/", &fs) == 0 &&
2444 F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC)) {
2445 unified_cache = CGROUP_UNIFIED_SYSTEMD;
2446 unified_systemd_v232 = false;
2447 } else if (statfs("/sys/fs/cgroup/systemd/", &fs) == 0 &&
2448 F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC)) {
2449 unified_cache = CGROUP_UNIFIED_SYSTEMD;
2450 unified_systemd_v232 = true;
2451 } else {
2452 if (statfs("/sys/fs/cgroup/systemd/", &fs) < 0)
2453 return -errno;
2454 if (!F_TYPE_EQUAL(fs.f_type, CGROUP_SUPER_MAGIC))
2455 return -ENOMEDIUM;
2456 unified_cache = CGROUP_UNIFIED_NONE;
2457 }
2458 } else
2459 return -ENOMEDIUM;
2460
2461 return 0;
2462 }
2463
2464 int cg_unified_controller(const char *controller) {
2465 int r;
2466
2467 r = cg_unified_update();
2468 if (r < 0)
2469 return r;
2470
2471 if (unified_cache == CGROUP_UNIFIED_NONE)
2472 return false;
2473
2474 if (unified_cache >= CGROUP_UNIFIED_ALL)
2475 return true;
2476
2477 return streq_ptr(controller, SYSTEMD_CGROUP_CONTROLLER);
2478 }
2479
2480 int cg_all_unified(void) {
2481 int r;
2482
2483 r = cg_unified_update();
2484 if (r < 0)
2485 return r;
2486
2487 return unified_cache >= CGROUP_UNIFIED_ALL;
2488 }
2489
2490 int cg_hybrid_unified(void) {
2491 int r;
2492
2493 r = cg_unified_update();
2494 if (r < 0)
2495 return r;
2496
2497 return unified_cache == CGROUP_UNIFIED_SYSTEMD && !unified_systemd_v232;
2498 }
2499
2500 int cg_unified_flush(void) {
2501 unified_cache = CGROUP_UNIFIED_UNKNOWN;
2502
2503 return cg_unified_update();
2504 }
2505
2506 int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p) {
2507 _cleanup_free_ char *fs = NULL;
2508 CGroupController c;
2509 int r;
2510
2511 assert(p);
2512
2513 if (supported == 0)
2514 return 0;
2515
2516 r = cg_all_unified();
2517 if (r < 0)
2518 return r;
2519 if (r == 0) /* on the legacy hiearchy there's no joining of controllers defined */
2520 return 0;
2521
2522 r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, p, "cgroup.subtree_control", &fs);
2523 if (r < 0)
2524 return r;
2525
2526 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2527 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2528 const char *n;
2529
2530 if (!(supported & bit))
2531 continue;
2532
2533 n = cgroup_controller_to_string(c);
2534 {
2535 char s[1 + strlen(n) + 1];
2536
2537 s[0] = mask & bit ? '+' : '-';
2538 strcpy(s + 1, n);
2539
2540 r = write_string_file(fs, s, 0);
2541 if (r < 0)
2542 log_debug_errno(r, "Failed to enable controller %s for %s (%s): %m", n, p, fs);
2543 }
2544 }
2545
2546 return 0;
2547 }
2548
2549 bool cg_is_unified_wanted(void) {
2550 static thread_local int wanted = -1;
2551 int r;
2552 bool b;
2553 const bool is_default = DEFAULT_HIERARCHY == CGROUP_UNIFIED_ALL;
2554
2555 /* If we have a cached value, return that. */
2556 if (wanted >= 0)
2557 return wanted;
2558
2559 /* If the hierarchy is already mounted, then follow whatever
2560 * was chosen for it. */
2561 if (cg_unified_flush() >= 0)
2562 return (wanted = unified_cache >= CGROUP_UNIFIED_ALL);
2563
2564 /* Otherwise, let's see what the kernel command line has to say.
2565 * Since checking is expensive, cache a non-error result. */
2566 r = proc_cmdline_get_bool("systemd.unified_cgroup_hierarchy", &b);
2567
2568 return (wanted = r > 0 ? b : is_default);
2569 }
2570
2571 bool cg_is_legacy_wanted(void) {
2572 static thread_local int wanted = -1;
2573
2574 /* If we have a cached value, return that. */
2575 if (wanted >= 0)
2576 return wanted;
2577
2578 /* Check if we have cgroups2 already mounted. */
2579 if (cg_unified_flush() >= 0 &&
2580 unified_cache == CGROUP_UNIFIED_ALL)
2581 return (wanted = false);
2582
2583 /* Otherwise, assume that at least partial legacy is wanted,
2584 * since cgroups2 should already be mounted at this point. */
2585 return (wanted = true);
2586 }
2587
2588 bool cg_is_hybrid_wanted(void) {
2589 static thread_local int wanted = -1;
2590 int r;
2591 bool b;
2592 const bool is_default = DEFAULT_HIERARCHY >= CGROUP_UNIFIED_SYSTEMD;
2593 /* We default to true if the default is "hybrid", obviously,
2594 * but also when the default is "unified", because if we get
2595 * called, it means that unified hierarchy was not mounted. */
2596
2597 /* If we have a cached value, return that. */
2598 if (wanted >= 0)
2599 return wanted;
2600
2601 /* If the hierarchy is already mounted, then follow whatever
2602 * was chosen for it. */
2603 if (cg_unified_flush() >= 0 &&
2604 unified_cache == CGROUP_UNIFIED_ALL)
2605 return (wanted = false);
2606
2607 /* Otherwise, let's see what the kernel command line has to say.
2608 * Since checking is expensive, cache a non-error result. */
2609 r = proc_cmdline_get_bool("systemd.legacy_systemd_cgroup_controller", &b);
2610
2611 /* The meaning of the kernel option is reversed wrt. to the return value
2612 * of this function, hence the negation. */
2613 return (wanted = r > 0 ? !b : is_default);
2614 }
2615
2616 int cg_weight_parse(const char *s, uint64_t *ret) {
2617 uint64_t u;
2618 int r;
2619
2620 if (isempty(s)) {
2621 *ret = CGROUP_WEIGHT_INVALID;
2622 return 0;
2623 }
2624
2625 r = safe_atou64(s, &u);
2626 if (r < 0)
2627 return r;
2628
2629 if (u < CGROUP_WEIGHT_MIN || u > CGROUP_WEIGHT_MAX)
2630 return -ERANGE;
2631
2632 *ret = u;
2633 return 0;
2634 }
2635
2636 const uint64_t cgroup_io_limit_defaults[_CGROUP_IO_LIMIT_TYPE_MAX] = {
2637 [CGROUP_IO_RBPS_MAX] = CGROUP_LIMIT_MAX,
2638 [CGROUP_IO_WBPS_MAX] = CGROUP_LIMIT_MAX,
2639 [CGROUP_IO_RIOPS_MAX] = CGROUP_LIMIT_MAX,
2640 [CGROUP_IO_WIOPS_MAX] = CGROUP_LIMIT_MAX,
2641 };
2642
2643 static const char* const cgroup_io_limit_type_table[_CGROUP_IO_LIMIT_TYPE_MAX] = {
2644 [CGROUP_IO_RBPS_MAX] = "IOReadBandwidthMax",
2645 [CGROUP_IO_WBPS_MAX] = "IOWriteBandwidthMax",
2646 [CGROUP_IO_RIOPS_MAX] = "IOReadIOPSMax",
2647 [CGROUP_IO_WIOPS_MAX] = "IOWriteIOPSMax",
2648 };
2649
2650 DEFINE_STRING_TABLE_LOOKUP(cgroup_io_limit_type, CGroupIOLimitType);
2651
2652 int cg_cpu_shares_parse(const char *s, uint64_t *ret) {
2653 uint64_t u;
2654 int r;
2655
2656 if (isempty(s)) {
2657 *ret = CGROUP_CPU_SHARES_INVALID;
2658 return 0;
2659 }
2660
2661 r = safe_atou64(s, &u);
2662 if (r < 0)
2663 return r;
2664
2665 if (u < CGROUP_CPU_SHARES_MIN || u > CGROUP_CPU_SHARES_MAX)
2666 return -ERANGE;
2667
2668 *ret = u;
2669 return 0;
2670 }
2671
2672 int cg_blkio_weight_parse(const char *s, uint64_t *ret) {
2673 uint64_t u;
2674 int r;
2675
2676 if (isempty(s)) {
2677 *ret = CGROUP_BLKIO_WEIGHT_INVALID;
2678 return 0;
2679 }
2680
2681 r = safe_atou64(s, &u);
2682 if (r < 0)
2683 return r;
2684
2685 if (u < CGROUP_BLKIO_WEIGHT_MIN || u > CGROUP_BLKIO_WEIGHT_MAX)
2686 return -ERANGE;
2687
2688 *ret = u;
2689 return 0;
2690 }
2691
2692 bool is_cgroup_fs(const struct statfs *s) {
2693 return is_fs_type(s, CGROUP_SUPER_MAGIC) ||
2694 is_fs_type(s, CGROUP2_SUPER_MAGIC);
2695 }
2696
2697 bool fd_is_cgroup_fs(int fd) {
2698 struct statfs s;
2699
2700 if (fstatfs(fd, &s) < 0)
2701 return -errno;
2702
2703 return is_cgroup_fs(&s);
2704 }
2705
2706 static const char *cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = {
2707 [CGROUP_CONTROLLER_CPU] = "cpu",
2708 [CGROUP_CONTROLLER_CPUACCT] = "cpuacct",
2709 [CGROUP_CONTROLLER_IO] = "io",
2710 [CGROUP_CONTROLLER_BLKIO] = "blkio",
2711 [CGROUP_CONTROLLER_MEMORY] = "memory",
2712 [CGROUP_CONTROLLER_DEVICES] = "devices",
2713 [CGROUP_CONTROLLER_PIDS] = "pids",
2714 };
2715
2716 DEFINE_STRING_TABLE_LOOKUP(cgroup_controller, CGroupController);
Unnamed repository; edit this file 'description' to name the repository.