1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 #include <sys/types.h>
35 #include "formats-util.h"
36 #include "process-util.h"
37 #include "path-util.h"
38 #include "unit-name.h"
42 #include "login-util.h"
43 #include "cgroup-util.h"
45 int cg_enumerate_processes(const char *controller
, const char *path
, FILE **_f
) {
46 _cleanup_free_
char *fs
= NULL
;
52 r
= cg_get_path(controller
, path
, "cgroup.procs", &fs
);
64 int cg_read_pid(FILE *f
, pid_t
*_pid
) {
67 /* Note that the cgroup.procs might contain duplicates! See
68 * cgroups.txt for details. */
74 if (fscanf(f
, "%lu", &ul
) != 1) {
79 return errno
? -errno
: -EIO
;
89 int cg_enumerate_subgroups(const char *controller
, const char *path
, DIR **_d
) {
90 _cleanup_free_
char *fs
= NULL
;
96 /* This is not recursive! */
98 r
= cg_get_path(controller
, path
, NULL
, &fs
);
110 int cg_read_subgroup(DIR *d
, char **fn
) {
116 FOREACH_DIRENT_ALL(de
, d
, return -errno
) {
119 if (de
->d_type
!= DT_DIR
)
122 if (streq(de
->d_name
, ".") ||
123 streq(de
->d_name
, ".."))
126 b
= strdup(de
->d_name
);
137 int cg_rmdir(const char *controller
, const char *path
) {
138 _cleanup_free_
char *p
= NULL
;
141 r
= cg_get_path(controller
, path
, NULL
, &p
);
146 if (r
< 0 && errno
!= ENOENT
)
152 int cg_kill(const char *controller
, const char *path
, int sig
, bool sigcont
, bool ignore_self
, Set
*s
) {
153 _cleanup_set_free_ Set
*allocated_set
= NULL
;
160 /* This goes through the tasks list and kills them all. This
161 * is repeated until no further processes are added to the
162 * tasks list, to properly handle forking processes */
165 s
= allocated_set
= set_new(NULL
);
173 _cleanup_fclose_
FILE *f
= NULL
;
177 r
= cg_enumerate_processes(controller
, path
, &f
);
179 if (ret
>= 0 && r
!= -ENOENT
)
185 while ((r
= cg_read_pid(f
, &pid
)) > 0) {
187 if (ignore_self
&& pid
== my_pid
)
190 if (set_get(s
, LONG_TO_PTR(pid
)) == LONG_TO_PTR(pid
))
193 /* If we haven't killed this process yet, kill
195 if (kill(pid
, sig
) < 0) {
196 if (ret
>= 0 && errno
!= ESRCH
)
199 if (sigcont
&& sig
!= SIGKILL
)
200 (void) kill(pid
, SIGCONT
);
208 r
= set_put(s
, LONG_TO_PTR(pid
));
224 /* To avoid racing against processes which fork
225 * quicker than we can kill them we repeat this until
226 * no new pids need to be killed. */
233 int cg_kill_recursive(const char *controller
, const char *path
, int sig
, bool sigcont
, bool ignore_self
, bool rem
, Set
*s
) {
234 _cleanup_set_free_ Set
*allocated_set
= NULL
;
235 _cleanup_closedir_
DIR *d
= NULL
;
243 s
= allocated_set
= set_new(NULL
);
248 ret
= cg_kill(controller
, path
, sig
, sigcont
, ignore_self
, s
);
250 r
= cg_enumerate_subgroups(controller
, path
, &d
);
252 if (ret
>= 0 && r
!= -ENOENT
)
258 while ((r
= cg_read_subgroup(d
, &fn
)) > 0) {
259 _cleanup_free_
char *p
= NULL
;
261 p
= strjoin(path
, "/", fn
, NULL
);
266 r
= cg_kill_recursive(controller
, p
, sig
, sigcont
, ignore_self
, rem
, s
);
267 if (r
!= 0 && ret
>= 0)
271 if (ret
>= 0 && r
< 0)
275 r
= cg_rmdir(controller
, path
);
276 if (r
< 0 && ret
>= 0 && r
!= -ENOENT
&& r
!= -EBUSY
)
283 int cg_migrate(const char *cfrom
, const char *pfrom
, const char *cto
, const char *pto
, bool ignore_self
) {
285 _cleanup_set_free_ Set
*s
= NULL
;
301 _cleanup_fclose_
FILE *f
= NULL
;
305 r
= cg_enumerate_processes(cfrom
, pfrom
, &f
);
307 if (ret
>= 0 && r
!= -ENOENT
)
313 while ((r
= cg_read_pid(f
, &pid
)) > 0) {
315 /* This might do weird stuff if we aren't a
316 * single-threaded program. However, we
317 * luckily know we are not */
318 if (ignore_self
&& pid
== my_pid
)
321 if (set_get(s
, LONG_TO_PTR(pid
)) == LONG_TO_PTR(pid
))
324 /* Ignore kernel threads. Since they can only
325 * exist in the root cgroup, we only check for
328 (isempty(pfrom
) || path_equal(pfrom
, "/")) &&
329 is_kernel_thread(pid
) > 0)
332 r
= cg_attach(cto
, pto
, pid
);
334 if (ret
>= 0 && r
!= -ESRCH
)
341 r
= set_put(s
, LONG_TO_PTR(pid
));
361 int cg_migrate_recursive(
369 _cleanup_closedir_
DIR *d
= NULL
;
378 ret
= cg_migrate(cfrom
, pfrom
, cto
, pto
, ignore_self
);
380 r
= cg_enumerate_subgroups(cfrom
, pfrom
, &d
);
382 if (ret
>= 0 && r
!= -ENOENT
)
388 while ((r
= cg_read_subgroup(d
, &fn
)) > 0) {
389 _cleanup_free_
char *p
= NULL
;
391 p
= strjoin(pfrom
, "/", fn
, NULL
);
396 r
= cg_migrate_recursive(cfrom
, p
, cto
, pto
, ignore_self
, rem
);
397 if (r
!= 0 && ret
>= 0)
401 if (r
< 0 && ret
>= 0)
405 r
= cg_rmdir(cfrom
, pfrom
);
406 if (r
< 0 && ret
>= 0 && r
!= -ENOENT
&& r
!= -EBUSY
)
413 int cg_migrate_recursive_fallback(
428 r
= cg_migrate_recursive(cfrom
, pfrom
, cto
, pto
, ignore_self
, rem
);
430 char prefix
[strlen(pto
) + 1];
432 /* This didn't work? Then let's try all prefixes of the destination */
434 PATH_FOREACH_PREFIX(prefix
, pto
) {
437 q
= cg_migrate_recursive(cfrom
, pfrom
, cto
, prefix
, ignore_self
, rem
);
446 static const char *controller_to_dirname(const char *controller
) {
451 /* Converts a controller name to the directory name below
452 * /sys/fs/cgroup/ we want to mount it to. Effectively, this
453 * just cuts off the name= prefixed used for named
454 * hierarchies, if it is specified. */
456 e
= startswith(controller
, "name=");
463 static int join_path_legacy(const char *controller_dn
, const char *path
, const char *suffix
, char **fs
) {
467 assert(controller_dn
);
469 if (isempty(path
) && isempty(suffix
))
470 t
= strappend("/sys/fs/cgroup/", controller_dn
);
471 else if (isempty(path
))
472 t
= strjoin("/sys/fs/cgroup/", controller_dn
, "/", suffix
, NULL
);
473 else if (isempty(suffix
))
474 t
= strjoin("/sys/fs/cgroup/", controller_dn
, "/", path
, NULL
);
476 t
= strjoin("/sys/fs/cgroup/", controller_dn
, "/", path
, "/", suffix
, NULL
);
484 static int join_path_unified(const char *path
, const char *suffix
, char **fs
) {
489 if (isempty(path
) && isempty(suffix
))
490 t
= strdup("/sys/fs/cgroup");
491 else if (isempty(path
))
492 t
= strappend("/sys/fs/cgroup/", suffix
);
493 else if (isempty(suffix
))
494 t
= strappend("/sys/fs/cgroup/", path
);
496 t
= strjoin("/sys/fs/cgroup/", path
, "/", suffix
, NULL
);
504 int cg_get_path(const char *controller
, const char *path
, const char *suffix
, char **fs
) {
512 /* If no controller is specified, we assume only the
513 * path below the controller matters */
515 if (!path
&& !suffix
)
520 else if (isempty(path
))
523 t
= strjoin(path
, "/", suffix
, NULL
);
527 *fs
= path_kill_slashes(t
);
531 if (!cg_controller_is_valid(controller
))
534 unified
= cg_unified();
539 r
= join_path_unified(path
, suffix
, fs
);
543 dn
= controller_to_dirname(controller
);
545 r
= join_path_legacy(dn
, path
, suffix
, fs
);
551 path_kill_slashes(*fs
);
555 static int controller_is_accessible(const char *controller
) {
560 /* Checks whether a specific controller is accessible,
561 * i.e. its hierarchy mounted. In the unified hierarchy all
562 * controllers are considered accessible, except for the named
565 if (!cg_controller_is_valid(controller
))
568 unified
= cg_unified();
572 /* We don't support named hierarchies if we are using
573 * the unified hierarchy. */
575 if (streq(controller
, SYSTEMD_CGROUP_CONTROLLER
))
578 if (startswith(controller
, "name="))
584 dn
= controller_to_dirname(controller
);
585 cc
= strjoina("/sys/fs/cgroup/", dn
);
587 if (laccess(cc
, F_OK
) < 0)
594 int cg_get_path_and_check(const char *controller
, const char *path
, const char *suffix
, char **fs
) {
600 /* Check if the specified controller is actually accessible */
601 r
= controller_is_accessible(controller
);
605 return cg_get_path(controller
, path
, suffix
, fs
);
608 static int trim_cb(const char *path
, const struct stat
*sb
, int typeflag
, struct FTW
*ftwbuf
) {
613 if (typeflag
!= FTW_DP
)
616 if (ftwbuf
->level
< 1)
623 int cg_trim(const char *controller
, const char *path
, bool delete_root
) {
624 _cleanup_free_
char *fs
= NULL
;
629 r
= cg_get_path(controller
, path
, NULL
, &fs
);
634 if (nftw(fs
, trim_cb
, 64, FTW_DEPTH
|FTW_MOUNT
|FTW_PHYS
) != 0) {
644 if (rmdir(fs
) < 0 && errno
!= ENOENT
)
651 int cg_create(const char *controller
, const char *path
) {
652 _cleanup_free_
char *fs
= NULL
;
655 r
= cg_get_path_and_check(controller
, path
, NULL
, &fs
);
659 r
= mkdir_parents(fs
, 0755);
663 if (mkdir(fs
, 0755) < 0) {
674 int cg_create_and_attach(const char *controller
, const char *path
, pid_t pid
) {
679 r
= cg_create(controller
, path
);
683 q
= cg_attach(controller
, path
, pid
);
687 /* This does not remove the cgroup on failure */
691 int cg_attach(const char *controller
, const char *path
, pid_t pid
) {
692 _cleanup_free_
char *fs
= NULL
;
693 char c
[DECIMAL_STR_MAX(pid_t
) + 2];
699 r
= cg_get_path_and_check(controller
, path
, "cgroup.procs", &fs
);
706 snprintf(c
, sizeof(c
), PID_FMT
"\n", pid
);
708 return write_string_file(fs
, c
, 0);
711 int cg_attach_fallback(const char *controller
, const char *path
, pid_t pid
) {
718 r
= cg_attach(controller
, path
, pid
);
720 char prefix
[strlen(path
) + 1];
722 /* This didn't work? Then let's try all prefixes of
725 PATH_FOREACH_PREFIX(prefix
, path
) {
728 q
= cg_attach(controller
, prefix
, pid
);
737 int cg_set_group_access(
738 const char *controller
,
744 _cleanup_free_
char *fs
= NULL
;
747 if (mode
== MODE_INVALID
&& uid
== UID_INVALID
&& gid
== GID_INVALID
)
750 if (mode
!= MODE_INVALID
)
753 r
= cg_get_path(controller
, path
, NULL
, &fs
);
757 return chmod_and_chown(fs
, mode
, uid
, gid
);
760 int cg_set_task_access(
761 const char *controller
,
767 _cleanup_free_
char *fs
= NULL
, *procs
= NULL
;
772 if (mode
== MODE_INVALID
&& uid
== UID_INVALID
&& gid
== GID_INVALID
)
775 if (mode
!= MODE_INVALID
)
778 r
= cg_get_path(controller
, path
, "cgroup.procs", &fs
);
782 r
= chmod_and_chown(fs
, mode
, uid
, gid
);
786 unified
= cg_unified();
792 /* Compatibility, Always keep values for "tasks" in sync with
794 if (cg_get_path(controller
, path
, "tasks", &procs
) >= 0)
795 (void) chmod_and_chown(procs
, mode
, uid
, gid
);
800 int cg_pid_get_path(const char *controller
, pid_t pid
, char **path
) {
801 _cleanup_fclose_
FILE *f
= NULL
;
810 unified
= cg_unified();
815 if (!cg_controller_is_valid(controller
))
818 controller
= SYSTEMD_CGROUP_CONTROLLER
;
820 cs
= strlen(controller
);
823 fs
= procfs_file_alloca(pid
, "cgroup");
826 return errno
== ENOENT
? -ESRCH
: -errno
;
828 FOREACH_LINE(line
, f
, return -errno
) {
834 e
= startswith(line
, "0:");
844 const char *word
, *state
;
847 l
= strchr(line
, ':');
857 FOREACH_WORD_SEPARATOR(word
, k
, l
, ",", state
) {
858 if (k
== cs
&& memcmp(word
, controller
, cs
) == 0) {
879 int cg_install_release_agent(const char *controller
, const char *agent
) {
880 _cleanup_free_
char *fs
= NULL
, *contents
= NULL
;
886 unified
= cg_unified();
889 if (unified
) /* doesn't apply to unified hierarchy */
892 r
= cg_get_path(controller
, NULL
, "release_agent", &fs
);
896 r
= read_one_line_file(fs
, &contents
);
900 sc
= strstrip(contents
);
902 r
= write_string_file(fs
, agent
, 0);
905 } else if (!streq(sc
, agent
))
909 r
= cg_get_path(controller
, NULL
, "notify_on_release", &fs
);
913 contents
= mfree(contents
);
914 r
= read_one_line_file(fs
, &contents
);
918 sc
= strstrip(contents
);
919 if (streq(sc
, "0")) {
920 r
= write_string_file(fs
, "1", 0);
933 int cg_uninstall_release_agent(const char *controller
) {
934 _cleanup_free_
char *fs
= NULL
;
937 unified
= cg_unified();
940 if (unified
) /* Doesn't apply to unified hierarchy */
943 r
= cg_get_path(controller
, NULL
, "notify_on_release", &fs
);
947 r
= write_string_file(fs
, "0", 0);
953 r
= cg_get_path(controller
, NULL
, "release_agent", &fs
);
957 r
= write_string_file(fs
, "", 0);
964 int cg_is_empty(const char *controller
, const char *path
) {
965 _cleanup_fclose_
FILE *f
= NULL
;
971 r
= cg_enumerate_processes(controller
, path
, &f
);
977 r
= cg_read_pid(f
, &pid
);
984 int cg_is_empty_recursive(const char *controller
, const char *path
) {
989 /* The root cgroup is always populated */
990 if (controller
&& (isempty(path
) || path_equal(path
, "/")))
993 unified
= cg_unified();
998 _cleanup_free_
char *populated
= NULL
, *t
= NULL
;
1000 /* On the unified hierarchy we can check empty state
1001 * via the "cgroup.populated" attribute. */
1003 r
= cg_get_path(controller
, path
, "cgroup.populated", &populated
);
1007 r
= read_one_line_file(populated
, &t
);
1011 return streq(t
, "0");
1013 _cleanup_closedir_
DIR *d
= NULL
;
1016 r
= cg_is_empty(controller
, path
);
1020 r
= cg_enumerate_subgroups(controller
, path
, &d
);
1026 while ((r
= cg_read_subgroup(d
, &fn
)) > 0) {
1027 _cleanup_free_
char *p
= NULL
;
1029 p
= strjoin(path
, "/", fn
, NULL
);
1034 r
= cg_is_empty_recursive(controller
, p
);
1045 int cg_split_spec(const char *spec
, char **controller
, char **path
) {
1046 char *t
= NULL
, *u
= NULL
;
1052 if (!path_is_safe(spec
))
1060 *path
= path_kill_slashes(t
);
1069 e
= strchr(spec
, ':');
1071 if (!cg_controller_is_valid(spec
))
1088 t
= strndup(spec
, e
-spec
);
1091 if (!cg_controller_is_valid(t
)) {
1105 if (!path_is_safe(u
) ||
1106 !path_is_absolute(u
)) {
1112 path_kill_slashes(u
);
1128 int cg_mangle_path(const char *path
, char **result
) {
1129 _cleanup_free_
char *c
= NULL
, *p
= NULL
;
1136 /* First, check if it already is a filesystem path */
1137 if (path_startswith(path
, "/sys/fs/cgroup")) {
1143 *result
= path_kill_slashes(t
);
1147 /* Otherwise, treat it as cg spec */
1148 r
= cg_split_spec(path
, &c
, &p
);
1152 return cg_get_path(c
?: SYSTEMD_CGROUP_CONTROLLER
, p
?: "/", NULL
, result
);
1155 int cg_get_root_path(char **path
) {
1161 r
= cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER
, 1, &p
);
1165 e
= endswith(p
, "/" SPECIAL_INIT_SCOPE
);
1167 e
= endswith(p
, "/" SPECIAL_SYSTEM_SLICE
); /* legacy */
1169 e
= endswith(p
, "/system"); /* even more legacy */
1177 int cg_shift_path(const char *cgroup
, const char *root
, const char **shifted
) {
1178 _cleanup_free_
char *rt
= NULL
;
1186 /* If the root was specified let's use that, otherwise
1187 * let's determine it from PID 1 */
1189 r
= cg_get_root_path(&rt
);
1196 p
= path_startswith(cgroup
, root
);
1197 if (p
&& p
> cgroup
)
1205 int cg_pid_get_path_shifted(pid_t pid
, const char *root
, char **cgroup
) {
1206 _cleanup_free_
char *raw
= NULL
;
1213 r
= cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER
, pid
, &raw
);
1217 r
= cg_shift_path(raw
, root
, &c
);
1237 int cg_path_decode_unit(const char *cgroup
, char **unit
){
1244 n
= strcspn(cgroup
, "/");
1248 c
= strndupa(cgroup
, n
);
1251 if (!unit_name_is_valid(c
, UNIT_NAME_PLAIN
|UNIT_NAME_INSTANCE
))
1262 static bool valid_slice_name(const char *p
, size_t n
) {
1267 if (n
< strlen("x.slice"))
1270 if (memcmp(p
+ n
- 6, ".slice", 6) == 0) {
1276 c
= cg_unescape(buf
);
1278 return unit_name_is_valid(c
, UNIT_NAME_PLAIN
);
1284 static const char *skip_slices(const char *p
) {
1287 /* Skips over all slice assignments */
1292 p
+= strspn(p
, "/");
1294 n
= strcspn(p
, "/");
1295 if (!valid_slice_name(p
, n
))
1302 int cg_path_get_unit(const char *path
, char **ret
) {
1310 e
= skip_slices(path
);
1312 r
= cg_path_decode_unit(e
, &unit
);
1316 /* We skipped over the slices, don't accept any now */
1317 if (endswith(unit
, ".slice")) {
1326 int cg_pid_get_unit(pid_t pid
, char **unit
) {
1327 _cleanup_free_
char *cgroup
= NULL
;
1332 r
= cg_pid_get_path_shifted(pid
, NULL
, &cgroup
);
1336 return cg_path_get_unit(cgroup
, unit
);
1340 * Skip session-*.scope, but require it to be there.
1342 static const char *skip_session(const char *p
) {
1348 p
+= strspn(p
, "/");
1350 n
= strcspn(p
, "/");
1351 if (n
< strlen("session-x.scope"))
1354 if (memcmp(p
, "session-", 8) == 0 && memcmp(p
+ n
- 6, ".scope", 6) == 0) {
1355 char buf
[n
- 8 - 6 + 1];
1357 memcpy(buf
, p
+ 8, n
- 8 - 6);
1360 /* Note that session scopes never need unescaping,
1361 * since they cannot conflict with the kernel's own
1362 * names, hence we don't need to call cg_unescape()
1365 if (!session_id_valid(buf
))
1369 p
+= strspn(p
, "/");
1377 * Skip user@*.service, but require it to be there.
1379 static const char *skip_user_manager(const char *p
) {
1385 p
+= strspn(p
, "/");
1387 n
= strcspn(p
, "/");
1388 if (n
< strlen("user@x.service"))
1391 if (memcmp(p
, "user@", 5) == 0 && memcmp(p
+ n
- 8, ".service", 8) == 0) {
1392 char buf
[n
- 5 - 8 + 1];
1394 memcpy(buf
, p
+ 5, n
- 5 - 8);
1397 /* Note that user manager services never need unescaping,
1398 * since they cannot conflict with the kernel's own
1399 * names, hence we don't need to call cg_unescape()
1402 if (parse_uid(buf
, NULL
) < 0)
1406 p
+= strspn(p
, "/");
1414 static const char *skip_user_prefix(const char *path
) {
1419 /* Skip slices, if there are any */
1420 e
= skip_slices(path
);
1422 /* Skip the user manager, if it's in the path now... */
1423 t
= skip_user_manager(e
);
1427 /* Alternatively skip the user session if it is in the path... */
1428 return skip_session(e
);
1431 int cg_path_get_user_unit(const char *path
, char **ret
) {
1437 t
= skip_user_prefix(path
);
1441 /* And from here on it looks pretty much the same as for a
1442 * system unit, hence let's use the same parser from here
1444 return cg_path_get_unit(t
, ret
);
1447 int cg_pid_get_user_unit(pid_t pid
, char **unit
) {
1448 _cleanup_free_
char *cgroup
= NULL
;
1453 r
= cg_pid_get_path_shifted(pid
, NULL
, &cgroup
);
1457 return cg_path_get_user_unit(cgroup
, unit
);
1460 int cg_path_get_machine_name(const char *path
, char **machine
) {
1461 _cleanup_free_
char *u
= NULL
;
1465 r
= cg_path_get_unit(path
, &u
);
1469 sl
= strjoina("/run/systemd/machines/unit:", u
);
1470 return readlink_malloc(sl
, machine
);
1473 int cg_pid_get_machine_name(pid_t pid
, char **machine
) {
1474 _cleanup_free_
char *cgroup
= NULL
;
1479 r
= cg_pid_get_path_shifted(pid
, NULL
, &cgroup
);
1483 return cg_path_get_machine_name(cgroup
, machine
);
1486 int cg_path_get_session(const char *path
, char **session
) {
1487 _cleanup_free_
char *unit
= NULL
;
1493 r
= cg_path_get_unit(path
, &unit
);
1497 start
= startswith(unit
, "session-");
1500 end
= endswith(start
, ".scope");
1505 if (!session_id_valid(start
))
1521 int cg_pid_get_session(pid_t pid
, char **session
) {
1522 _cleanup_free_
char *cgroup
= NULL
;
1525 r
= cg_pid_get_path_shifted(pid
, NULL
, &cgroup
);
1529 return cg_path_get_session(cgroup
, session
);
1532 int cg_path_get_owner_uid(const char *path
, uid_t
*uid
) {
1533 _cleanup_free_
char *slice
= NULL
;
1539 r
= cg_path_get_slice(path
, &slice
);
1543 start
= startswith(slice
, "user-");
1546 end
= endswith(start
, ".slice");
1551 if (parse_uid(start
, uid
) < 0)
1557 int cg_pid_get_owner_uid(pid_t pid
, uid_t
*uid
) {
1558 _cleanup_free_
char *cgroup
= NULL
;
1561 r
= cg_pid_get_path_shifted(pid
, NULL
, &cgroup
);
1565 return cg_path_get_owner_uid(cgroup
, uid
);
1568 int cg_path_get_slice(const char *p
, char **slice
) {
1569 const char *e
= NULL
;
1574 /* Finds the right-most slice unit from the beginning, but
1575 * stops before we come to the first non-slice unit. */
1580 p
+= strspn(p
, "/");
1582 n
= strcspn(p
, "/");
1583 if (!valid_slice_name(p
, n
)) {
1588 s
= strdup("-.slice");
1596 return cg_path_decode_unit(e
, slice
);
1604 int cg_pid_get_slice(pid_t pid
, char **slice
) {
1605 _cleanup_free_
char *cgroup
= NULL
;
1610 r
= cg_pid_get_path_shifted(pid
, NULL
, &cgroup
);
1614 return cg_path_get_slice(cgroup
, slice
);
1617 int cg_path_get_user_slice(const char *p
, char **slice
) {
1622 t
= skip_user_prefix(p
);
1626 /* And now it looks pretty much the same as for a system
1627 * slice, so let's just use the same parser from here on. */
1628 return cg_path_get_slice(t
, slice
);
1631 int cg_pid_get_user_slice(pid_t pid
, char **slice
) {
1632 _cleanup_free_
char *cgroup
= NULL
;
1637 r
= cg_pid_get_path_shifted(pid
, NULL
, &cgroup
);
1641 return cg_path_get_user_slice(cgroup
, slice
);
1644 char *cg_escape(const char *p
) {
1645 bool need_prefix
= false;
1647 /* This implements very minimal escaping for names to be used
1648 * as file names in the cgroup tree: any name which might
1649 * conflict with a kernel name or is prefixed with '_' is
1650 * prefixed with a '_'. That way, when reading cgroup names it
1651 * is sufficient to remove a single prefixing underscore if
1654 /* The return value of this function (unlike cg_unescape())
1660 streq(p
, "notify_on_release") ||
1661 streq(p
, "release_agent") ||
1662 streq(p
, "tasks") ||
1663 startswith(p
, "cgroup."))
1668 dot
= strrchr(p
, '.');
1673 for (c
= 0; c
< _CGROUP_CONTROLLER_MAX
; c
++) {
1676 n
= cgroup_controller_to_string(c
);
1681 if (memcmp(p
, n
, l
) != 0)
1691 return strappend("_", p
);
1696 char *cg_unescape(const char *p
) {
1699 /* The return value of this function (unlike cg_escape())
1700 * doesn't need free()! */
1708 #define CONTROLLER_VALID \
1712 bool cg_controller_is_valid(const char *p
) {
1718 s
= startswith(p
, "name=");
1722 if (*p
== 0 || *p
== '_')
1725 for (t
= p
; *t
; t
++)
1726 if (!strchr(CONTROLLER_VALID
, *t
))
1729 if (t
- p
> FILENAME_MAX
)
1735 int cg_slice_to_path(const char *unit
, char **ret
) {
1736 _cleanup_free_
char *p
= NULL
, *s
= NULL
, *e
= NULL
;
1743 if (streq(unit
, "-.slice")) {
1753 if (!unit_name_is_valid(unit
, UNIT_NAME_PLAIN
))
1756 if (!endswith(unit
, ".slice"))
1759 r
= unit_name_to_prefix(unit
, &p
);
1763 dash
= strchr(p
, '-');
1765 /* Don't allow initial dashes */
1770 _cleanup_free_
char *escaped
= NULL
;
1771 char n
[dash
- p
+ sizeof(".slice")];
1773 /* Don't allow trailing or double dashes */
1774 if (dash
[1] == 0 || dash
[1] == '-')
1777 strcpy(stpncpy(n
, p
, dash
- p
), ".slice");
1778 if (!unit_name_is_valid(n
, UNIT_NAME_PLAIN
))
1781 escaped
= cg_escape(n
);
1785 if (!strextend(&s
, escaped
, "/", NULL
))
1788 dash
= strchr(dash
+1, '-');
1791 e
= cg_escape(unit
);
1795 if (!strextend(&s
, e
, NULL
))
1804 int cg_set_attribute(const char *controller
, const char *path
, const char *attribute
, const char *value
) {
1805 _cleanup_free_
char *p
= NULL
;
1808 r
= cg_get_path(controller
, path
, attribute
, &p
);
1812 return write_string_file(p
, value
, 0);
1815 int cg_get_attribute(const char *controller
, const char *path
, const char *attribute
, char **ret
) {
1816 _cleanup_free_
char *p
= NULL
;
1819 r
= cg_get_path(controller
, path
, attribute
, &p
);
1823 return read_one_line_file(p
, ret
);
1826 int cg_create_everywhere(CGroupMask supported
, CGroupMask mask
, const char *path
) {
1830 /* This one will create a cgroup in our private tree, but also
1831 * duplicate it in the trees specified in mask, and remove it
1834 /* First create the cgroup in our own hierarchy. */
1835 r
= cg_create(SYSTEMD_CGROUP_CONTROLLER
, path
);
1839 /* If we are in the unified hierarchy, we are done now */
1840 unified
= cg_unified();
1846 /* Otherwise, do the same in the other hierarchies */
1847 for (c
= 0; c
< _CGROUP_CONTROLLER_MAX
; c
++) {
1848 CGroupMask bit
= CGROUP_CONTROLLER_TO_MASK(c
);
1851 n
= cgroup_controller_to_string(c
);
1854 (void) cg_create(n
, path
);
1855 else if (supported
& bit
)
1856 (void) cg_trim(n
, path
, true);
1862 int cg_attach_everywhere(CGroupMask supported
, const char *path
, pid_t pid
, cg_migrate_callback_t path_callback
, void *userdata
) {
1866 r
= cg_attach(SYSTEMD_CGROUP_CONTROLLER
, path
, pid
);
1870 unified
= cg_unified();
1876 for (c
= 0; c
< _CGROUP_CONTROLLER_MAX
; c
++) {
1877 CGroupMask bit
= CGROUP_CONTROLLER_TO_MASK(c
);
1878 const char *p
= NULL
;
1880 if (!(supported
& bit
))
1884 p
= path_callback(bit
, userdata
);
1889 (void) cg_attach_fallback(cgroup_controller_to_string(c
), p
, pid
);
1895 int cg_attach_many_everywhere(CGroupMask supported
, const char *path
, Set
* pids
, cg_migrate_callback_t path_callback
, void *userdata
) {
1900 SET_FOREACH(pidp
, pids
, i
) {
1901 pid_t pid
= PTR_TO_LONG(pidp
);
1904 q
= cg_attach_everywhere(supported
, path
, pid
, path_callback
, userdata
);
1905 if (q
< 0 && r
>= 0)
1912 int cg_migrate_everywhere(CGroupMask supported
, const char *from
, const char *to
, cg_migrate_callback_t to_callback
, void *userdata
) {
1916 if (!path_equal(from
, to
)) {
1917 r
= cg_migrate_recursive(SYSTEMD_CGROUP_CONTROLLER
, from
, SYSTEMD_CGROUP_CONTROLLER
, to
, false, true);
1922 unified
= cg_unified();
1928 for (c
= 0; c
< _CGROUP_CONTROLLER_MAX
; c
++) {
1929 CGroupMask bit
= CGROUP_CONTROLLER_TO_MASK(c
);
1930 const char *p
= NULL
;
1932 if (!(supported
& bit
))
1936 p
= to_callback(bit
, userdata
);
1941 (void) cg_migrate_recursive_fallback(SYSTEMD_CGROUP_CONTROLLER
, to
, cgroup_controller_to_string(c
), p
, false, false);
1947 int cg_trim_everywhere(CGroupMask supported
, const char *path
, bool delete_root
) {
1951 r
= cg_trim(SYSTEMD_CGROUP_CONTROLLER
, path
, delete_root
);
1955 unified
= cg_unified();
1961 for (c
= 0; c
< _CGROUP_CONTROLLER_MAX
; c
++) {
1962 CGroupMask bit
= CGROUP_CONTROLLER_TO_MASK(c
);
1964 if (!(supported
& bit
))
1967 (void) cg_trim(cgroup_controller_to_string(c
), path
, delete_root
);
1973 int cg_mask_supported(CGroupMask
*ret
) {
1974 CGroupMask mask
= 0;
1977 /* Determines the mask of supported cgroup controllers. Only
1978 * includes controllers we can make sense of and that are
1979 * actually accessible. */
1981 unified
= cg_unified();
1985 _cleanup_free_
char *controllers
= NULL
;
1988 /* In the unified hierarchy we can read the supported
1989 * and accessible controllers from a the top-level
1990 * cgroup attribute */
1992 r
= read_one_line_file("/sys/fs/cgroup/cgroup.controllers", &controllers
);
1998 _cleanup_free_
char *n
= NULL
;
2001 r
= extract_first_word(&c
, &n
, NULL
, 0);
2007 v
= cgroup_controller_from_string(n
);
2011 mask
|= CGROUP_CONTROLLER_TO_MASK(v
);
2014 /* Currently, we only support the memory controller in
2015 * the unified hierarchy, mask everything else off. */
2016 mask
&= CGROUP_MASK_MEMORY
;
2021 /* In the legacy hierarchy, we check whether which
2022 * hierarchies are mounted. */
2024 for (c
= 0; c
< _CGROUP_CONTROLLER_MAX
; c
++) {
2027 n
= cgroup_controller_to_string(c
);
2028 if (controller_is_accessible(n
) >= 0)
2029 mask
|= CGROUP_CONTROLLER_TO_MASK(c
);
2037 int cg_kernel_controllers(Set
*controllers
) {
2038 _cleanup_fclose_
FILE *f
= NULL
;
2042 assert(controllers
);
2044 /* Determines the full list of kernel-known controllers. Might
2045 * include controllers we don't actually support, arbitrary
2046 * named hierarchies and controllers that aren't currently
2047 * accessible (because not mounted). */
2049 f
= fopen("/proc/cgroups", "re");
2051 if (errno
== ENOENT
)
2056 /* Ignore the header line */
2057 (void) fgets(buf
, sizeof(buf
), f
);
2064 if (fscanf(f
, "%ms %*i %*i %i", &controller
, &enabled
) != 2) {
2069 if (ferror(f
) && errno
!= 0)
2080 if (!cg_controller_is_valid(controller
)) {
2085 r
= set_consume(controllers
, controller
);
2093 static thread_local
int unified_cache
= -1;
2095 int cg_unified(void) {
2098 /* Checks if we support the unified hierarchy. Returns an
2099 * error when the cgroup hierarchies aren't mounted yet or we
2100 * have any other trouble determining if the unified hierarchy
2103 if (unified_cache
>= 0)
2104 return unified_cache
;
2106 if (statfs("/sys/fs/cgroup/", &fs
) < 0)
2109 if (F_TYPE_EQUAL(fs
.f_type
, CGROUP_SUPER_MAGIC
))
2110 unified_cache
= true;
2111 else if (F_TYPE_EQUAL(fs
.f_type
, TMPFS_MAGIC
))
2112 unified_cache
= false;
2116 return unified_cache
;
2119 void cg_unified_flush(void) {
2123 int cg_enable_everywhere(CGroupMask supported
, CGroupMask mask
, const char *p
) {
2124 _cleanup_free_
char *fs
= NULL
;
2133 unified
= cg_unified();
2136 if (!unified
) /* on the legacy hiearchy there's no joining of controllers defined */
2139 r
= cg_get_path(SYSTEMD_CGROUP_CONTROLLER
, p
, "cgroup.subtree_control", &fs
);
2143 for (c
= 0; c
< _CGROUP_CONTROLLER_MAX
; c
++) {
2144 CGroupMask bit
= CGROUP_CONTROLLER_TO_MASK(c
);
2147 if (!(supported
& bit
))
2150 n
= cgroup_controller_to_string(c
);
2152 char s
[1 + strlen(n
) + 1];
2154 s
[0] = mask
& bit
? '+' : '-';
2157 r
= write_string_file(fs
, s
, 0);
2159 log_warning_errno(r
, "Failed to enable controller %s for %s (%s): %m", n
, p
, fs
);
2166 bool cg_is_unified_wanted(void) {
2167 static thread_local
int wanted
= -1;
2170 /* If the hierarchy is already mounted, then follow whatever
2171 * was chosen for it. */
2172 unified
= cg_unified();
2176 /* Otherwise, let's see what the kernel command line has to
2177 * say. Since checking that is expensive, let's cache the
2182 r
= get_proc_cmdline_key("systemd.unified_cgroup_hierarchy", NULL
);
2184 return (wanted
= true);
2186 _cleanup_free_
char *value
= NULL
;
2188 r
= get_proc_cmdline_key("systemd.unified_cgroup_hierarchy=", &value
);
2192 return (wanted
= false);
2194 return (wanted
= parse_boolean(value
) > 0);
2198 bool cg_is_legacy_wanted(void) {
2199 return !cg_is_unified_wanted();
2202 static const char *cgroup_controller_table
[_CGROUP_CONTROLLER_MAX
] = {
2203 [CGROUP_CONTROLLER_CPU
] = "cpu",
2204 [CGROUP_CONTROLLER_CPUACCT
] = "cpuacct",
2205 [CGROUP_CONTROLLER_BLKIO
] = "blkio",
2206 [CGROUP_CONTROLLER_MEMORY
] = "memory",
2207 [CGROUP_CONTROLLER_DEVICE
] = "device",
2210 DEFINE_STRING_TABLE_LOOKUP(cgroup_controller
, CGroupController
);