/* Checks whether BPF firewalling is supported. For this, we check the following things:
*
- * - whether the unified hierarchy is being used
* - the BPF implementation in the kernel supports BPF_PROG_TYPE_CGROUP_SKB programs, which we require
* - the BPF implementation in the kernel supports the BPF_PROG_DETACH call, which we require
*/
if (supported >= 0)
return supported;
- r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
- if (r < 0)
- return log_error_errno(r, "bpf-firewall: Can't determine whether the unified hierarchy is used: %m");
- if (r == 0) {
- bpf_firewall_unsupported_reason =
- log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),
- "bpf-firewall: Not running with unified cgroup hierarchy, BPF firewalling is not supported.");
- return supported = BPF_FIREWALL_UNSUPPORTED;
- }
-
/* prog_name is NULL since it is supported only starting from v4.15 kernel. */
r = bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, NULL, &program);
if (r < 0) {
if (supported >= 0)
return supported;
- r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
- if (r < 0) {
- log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m");
- return (supported = false);
- }
-
- if (r == 0) {
- log_info("Not running with unified cgroup hierarchy, disabling cgroup BPF features.");
- return (supported = false);
- }
-
r = dlopen_bpf();
if (r < 0) {
log_full_errno(in_initrd() ? LOG_DEBUG : LOG_INFO,
if (!UNIT_HAS_CGROUP_CONTEXT(u))
return;
- if (cg_all_unified() <= 0)
- return;
-
CGroupRuntime *crt = unit_get_cgroup_runtime(u);
if (!crt || crt->cgroup_id == 0)
return;
if (crt->cgroup_control_inotify_wd >= 0)
return 0;
- /* Only applies to the unified hierarchy */
- r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
- if (r < 0)
- return log_error_errno(r, "Failed to determine whether the name=systemd hierarchy is unified: %m");
- if (r == 0)
- return 0;
-
/* No point in watch the top-level slice, it's never going to run empty. */
if (unit_has_name(u, SPECIAL_ROOT_SLICE))
return 0;
if (crt->cgroup_memory_inotify_wd >= 0)
return 0;
- /* Only applies to the unified hierarchy */
- r = cg_all_unified();
- if (r < 0)
- return log_error_errno(r, "Failed to determine whether the memory controller is unified: %m");
- if (r == 0)
- return 0;
-
r = hashmap_ensure_allocated(&u->manager->cgroup_memory_inotify_wd_unit, &trivial_hash_ops);
if (r < 0)
return log_oom();
}
}
- if (cg_unified() > 0 && is_pressure_supported() > 0) {
+ if (is_pressure_supported() > 0) {
if (cgroup_context_want_memory_pressure(cgroup_context)) {
r = cg_get_path("memory", params->cgroup_path, "memory.pressure", &memory_pressure_path);
if (r < 0) {
"--log-level", max_log_levels,
"--log-target", log_target_to_string(manager_get_executor_log_target(unit->manager))),
environ,
- cg_unified() > 0 ? subcgroup_path : NULL,
+ subcgroup_path,
&pidref);
/* Drop the ambient set again, so no processes other than sd-executore spawned from the manager inherit it. */
if (s->type == SERVICE_SIMPLE && s->exec_command[SERVICE_EXEC_START_POST] && exec_context_has_credentials(&s->exec_context))
log_unit_warning(UNIT(s), "Service uses a combination of Type=simple, ExecStartPost=, and credentials. This could lead to race conditions. Continuing.");
- if (s->exit_type == SERVICE_EXIT_CGROUP && cg_unified() < CGROUP_UNIFIED_SYSTEMD)
- log_unit_warning(UNIT(s), "Service has ExitType=cgroup set, but we are running with legacy cgroups v1, which might not work correctly. Continuing.");
-
if (s->restart_max_delay_usec == USEC_INFINITY && s->restart_steps > 0)
log_unit_warning(UNIT(s), "Service has RestartSteps= but no RestartMaxDelaySec= setting. Ignoring.");
if (!wants_oomd)
return 0;
- if (!cg_all_unified())
- return 0;
-
r = cg_mask_supported(&mask);
if (r < 0)
return log_debug_errno(r, "Failed to determine supported controllers: %m");
} else if (r > 0) {
- /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
- * we are running in a container or if this is a delegation unit, simply because cgroup
- * notification is unreliable in these cases. It doesn't work at all in containers, and outside
- * of containers it can be confused easily by left-over directories in the cgroup — which
- * however should not exist in non-delegated units. On the unified hierarchy that's different,
- * there we get proper events. Hence rely on them. */
-
- if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
- (detect_container() == 0 && !unit_cgroup_delegate(u)))
- wait_for_exit = true;
+ wait_for_exit = true;
if (send_sighup) {
r = unit_pid_set(u, &pid_set);
projects / thirdparty / systemd.git / commitdiff
