cgroups: add croup_set()

This is a unified hierarchy only method which doesn't need to initialize a full
cgroup driver. Instead, it relies on the command socket to retrieve a cgroup2
file descriptor to the container's cgroup.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 2e3a0a235cce435ea84e7a5e49fe19953af401a5..5e9343f635a9cebb4d98ad66b01a945a6d5c96fd 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -2675,6 +2675,35 @@ static int device_cgroup_rule_parse(struct device_item *device, const char *key,
        return device_cgroup_parse_access(device, ++val);
 }
 
+int cgroup_set(struct lxc_conf *conf, const char *name, const char *lxcpath,
+              const char *filename, const char *value)
+{
+       __do_close int unified_fd = -EBADF;
+       ssize_t ret;
+
+       if (!conf || is_empty_string(filename) || is_empty_string(value) ||
+           is_empty_string(name) || is_empty_string(lxcpath))
+               return ret_errno(EINVAL);
+
+       unified_fd = lxc_cmd_get_cgroup2_fd(name, lxcpath);
+       if (unified_fd < 0)
+               return ret_errno(ENOCGROUP2);
+
+       if (strncmp(filename, "devices.", STRLITERALLEN("devices.")) == 0) {
+               struct device_item device = {};
+
+               ret = device_cgroup_rule_parse(&device, filename, value);
+               if (ret < 0)
+                       return log_error_errno(-1, EINVAL, "Failed to parse device string %s=%s", filename, value);
+
+               ret = lxc_cmd_add_bpf_device_cgroup(name, lxcpath, &device);
+       } else {
+               ret = lxc_writeat(unified_fd, filename, value, strlen(value));
+       }
+
+       return ret;
+}
+
 /* Called externally (i.e. from 'lxc-cgroup') to set new cgroup limits.  Here we
  * don't have a cgroup_data set up, so we ask the running container through the
  * commands API for the cgroup path.

diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
index 151a610b405d3b3d3a846c04a67ae6aa59c7b713..969842703e5e7eaff7523c9f994035df93e0d5c1 100644 (file)
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -194,6 +194,9 @@ __hidden extern int cgroup_attach(const struct lxc_conf *conf, const char *name,
 __hidden extern int cgroup_get(struct lxc_conf *conf, const char *name,
                                const char *lxcpath, const char *filename,
                                char *buf, size_t len);
+__hidden extern int cgroup_set(struct lxc_conf *conf, const char *name,
+                               const char *lxcpath, const char *filename,
+                               const char *value);
 
 static inline bool pure_unified_layout(const struct cgroup_ops *ops)
 {