machined: explicitly watch machine cgroup for getting empty

author Lennart Poettering <lennart@poettering.net>

Wed, 9 Jul 2025 07:35:12 +0000 (09:35 +0200)

committer Lennart Poettering <lennart@poettering.net>

Fri, 11 Jul 2025 16:15:12 +0000 (18:15 +0200)
author Lennart Poettering <lennart@poettering.net>
Wed, 9 Jul 2025 07:35:12 +0000 (09:35 +0200)
committer Lennart Poettering <lennart@poettering.net>
Fri, 11 Jul 2025 16:15:12 +0000 (18:15 +0200)
diff --git a/src/machine/machine.c b/src/machine/machine.c

index 0a8db2dfa82280e6215316caf92a88057b2327d9..26252ff9cdde57624c87ce84e093f40e9809d1fd 100644 (file)
--- a/src/machine/machine.c
+++ b/src/machine/machine.c
@@ -137,6 +137,8 @@ Machine* machine_free(Machine *m) {
  
          sd_bus_message_unref(m->create_message);
  
+        m->cgroup_empty_event_source = sd_event_source_disable_unref(m->cgroup_empty_event_source);
+
          free(m->name);
  
          free(m->state_file);
@@ -146,6 +148,7 @@ Machine* machine_free(Machine *m) {
          free(m->unit);
          free(m->subgroup);
          free(m->scope_job);
+        free(m->cgroup);
  
          free(m->netif);
          free(m->ssh_address);
@@ -584,6 +587,43 @@ static int machine_watch_pidfd(Machine *m, PidRef *pidref, sd_event_source **sou
          return 0;
  }
  
+static int machine_dispatch_cgroup_empty(sd_event_source *s, const struct inotify_event *event, void *userdata) {
+        Machine *m = ASSERT_PTR(userdata);
+        int r;
+
+        assert(m->cgroup);
+
+        r = cg_is_empty(SYSTEMD_CGROUP_CONTROLLER, m->cgroup);
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine if cgroup '%s' is empty: %m", m->cgroup);
+
+        if (r > 0)
+                machine_add_to_gc_queue(m);
+
+        return 0;
+}
+
+static int machine_watch_cgroup(Machine *m) {
+        int r;
+
+        assert(m);
+        assert(!m->cgroup_empty_event_source);
+
+        if (!m->cgroup)
+                return 0;
+
+        _cleanup_free_ char *p = NULL;
+        r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, m->cgroup, "cgroup.events", &p);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get cgroup path for cgroup '%s': %m", m->cgroup);
+
+        r = sd_event_add_inotify(m->manager->event, &m->cgroup_empty_event_source, p, IN_MODIFY, machine_dispatch_cgroup_empty, m);
+        if (r < 0)
+                return log_error_errno(r, "Failed to watch %s events: %m", p);
+
+        return 0;
+}
+
  int machine_start(Machine *m, sd_bus_message *properties, sd_bus_error *error) {
          int r;
  
@@ -607,6 +647,10 @@ int machine_start(Machine *m, sd_bus_message *properties, sd_bus_error *error) {
          if (r < 0)
                  return r;
  
+        r = machine_watch_cgroup(m);
+        if (r < 0)
+                return r;
+
          /* Create cgroup */
          r = machine_ensure_scope(m, properties, error);
          if (r < 0)
@@ -728,6 +772,14 @@ bool machine_may_gc(Machine *m, bool drop_not_started) {
                          return false;
          }
  
+        if (m->cgroup) {
+                r = cg_is_empty(SYSTEMD_CGROUP_CONTROLLER, m->cgroup);
+                if (IN_SET(r, 0, -ENOENT))
+                        return true;
+                if (r < 0)
+                        log_debug_errno(r, "Failed to determine if cgroup '%s' is empty, ignoring: %m", m->cgroup);
+        }
+
          return true;
  }
  
diff --git a/src/machine/machine.h b/src/machine/machine.h

index dda1612916c7841dc0855daf9912f5148465c62e..8f1a044f7a09fca583b87f8a163bc66b282b65ae 100644 (file)
--- a/src/machine/machine.h
+++ b/src/machine/machine.h
@@ -50,6 +50,7 @@ typedef struct Machine {
          char *unit;
          char *subgroup;
          char *scope_job;
+        char *cgroup;
  
          /* Leader: the top-level process that encapsulates the machine itself. For containers that's PID 1,
           * for VMs that's qemu or whatever process wraps the actual VM code. This process defines the runtime
@@ -64,6 +65,8 @@ typedef struct Machine {
  
          dual_timestamp timestamp;
  
+        sd_event_source *cgroup_empty_event_source;
+
          bool in_gc_queue:1;
          bool started:1;
          bool stopping:1;
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c

index 72141b8116dbe9d88940988225417e12ee27f88a..883c8c1338c04c5d2d6f955c8f8fcc5c849b7680 100644 (file)
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -442,6 +442,19 @@ static int method_register_machine_internal(sd_bus_message *message, bool read_n
                  goto fail;
          }
  
+        if (!empty_or_root(m->subgroup)) {
+                /* If this is not a top-level cgroup, then we need the cgroup path to be able to watch when
+                 * it empties */
+
+                r = cg_pidref_get_path(SYSTEMD_CGROUP_CONTROLLER, &m->leader, &m->cgroup);
+                if (r < 0) {
+                        r = sd_bus_error_set_errnof(error, r,
+                                                    "Failed to determine cgroup of process "PID_FMT" : %m",
+                                                    m->leader.pid);
+                        goto fail;
+                }
+        }
+
          r = machine_start(m, NULL, error);
          if (r < 0)
                  goto fail;
author	Lennart Poettering <lennart@poettering.net>
	Wed, 9 Jul 2025 07:35:12 +0000 (09:35 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 11 Jul 2025 16:15:12 +0000 (18:15 +0200)
src/machine/machine.c		patch \| blob \| blame \| history
src/machine/machine.h		patch \| blob \| blame \| history
src/machine/machined-dbus.c		patch \| blob \| blame \| history