git.ipfire.org Git - thirdparty/systemd.git/commit

author	Chris Down <chris@chrisdown.name>
	Mon, 30 Sep 2019 15:13:32 +0000 (16:13 +0100)
committer	Chris Down <chris@chrisdown.name>
	Thu, 3 Oct 2019 14:06:25 +0000 (15:06 +0100)
commit	74b5fb272f3c6e8c05f6fb63fa6f23db8204b3a6
tree	e597a43c9d51d827b0240e22b51205d784bfef9b	tree \| snapshot
parent	3a6da69a93f599588b9bfaf3bee2c36ec938c9a8	commit \| diff

cgroup: Allow checking systemd-internal limits against the kernel

We currently don't have any mitigations against another privileged user
on the system messing with the cgroup hierarchy, bringing the system out
of line with what we've set in systemd. We also don't have any real way
to surface this to the user (we do have logs, but you have to know to
look in the first place).

There are a few possible solutions:

1. Maintaining our own cgroup tree with the new fsopen API and having a
   read-only copy for everyone else. However, there are some
   complications on this front, and this may be infeasible in some
   environments. I'd rate this as a longer term effort that's tangential
   to this patch.
2. Actively checking for changes with {fa,i}notify and changing them
   back afterwards to match our configuration again. This is also
   possible, but it's also good to have a way to do passive monitoring
   of the situation without taking hard action. Also, currently daemons
   like senpai do actually need to modify the tree behind systemd's
   back (although hopefully this should be more integrated soon).

This patch implements another option, where one can, on demand, monitor
deviations in cgroup memory configuration from systemd's internal state.
Currently the only consumer is `systemd-analyze dump`, but the interface
is generic enough that it can also be exposed elsewhere later (for
example, over D-Bus).

Currently only memory limit style properties are supported, but later I
also plan to expand this out to other properties that systemd should
have ultimate control over.