From: Michael Tremer Date: Mon, 8 Aug 2022 15:40:57 +0000 (+0000) Subject: jail: Don't create own cgroups any more X-Git-Tag: 0.9.28~576 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=02fd4f8ba63eb8f76616714291c8cb2bd17e644b;p=pakfire.git jail: Don't create own cgroups any more There is a new interface now which can be used to launch anything into the correct cgroup from the very beginning. Signed-off-by: Michael Tremer --- diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c index 414bb6e18..a6e028507 100644 --- a/src/libpakfire/jail.c +++ b/src/libpakfire/jail.c @@ -120,9 +120,6 @@ struct pakfire_jail_exec { struct pakfire_log_buffer log_ERROR; struct pakfire_log_buffer log_DEBUG; } buffers; - - // cgroup - struct pakfire_cgroup* cgroup; }; static int clone3(struct clone_args* args, size_t size) { @@ -1299,12 +1296,6 @@ static int __pakfire_jail_exec(struct pakfire_jail* jail, const char* argv[]) { goto ERROR; #endif /* ENABLE_DEBUG */ - // Setup a cgroup - r = pakfire_cgroup_open(&ctx.cgroup, jail->pakfire, "jail/test1", - PAKFIRE_CGROUP_ENABLE_ACCOUNTING); - if (r) - goto ERROR; - // Configure child process struct clone_args args = { .flags = @@ -1314,15 +1305,19 @@ static int __pakfire_jail_exec(struct pakfire_jail* jail, const char* argv[]) { CLONE_NEWPID | CLONE_NEWUSER | CLONE_NEWUTS | - CLONE_PIDFD | - CLONE_INTO_CGROUP, + CLONE_PIDFD, .exit_signal = SIGCHLD, .pidfd = (long long unsigned int)&ctx.pidfd, - - // Clone into the new cgroup - .cgroup = pakfire_cgroup_fd(ctx.cgroup), }; + // Launch the process in a cgroup (if requested) + if (jail->cgroup) { + args.flags |= CLONE_INTO_CGROUP; + + // Clone into this cgroup + args.cgroup = pakfire_cgroup_fd(jail->cgroup); + } + // Fork this process ctx.pid = clone3(&args, sizeof(args)); if (ctx.pid < 0) { @@ -1378,12 +1373,6 @@ ERROR: pakfire_jail_close_pipe(jail, ctx.pipes.log_ERROR); pakfire_jail_close_pipe(jail, ctx.pipes.log_DEBUG); - // Destroy cgroup - if (ctx.cgroup) { - pakfire_cgroup_destroy(ctx.cgroup); - pakfire_cgroup_unref(ctx.cgroup); - } - // Umount everything if (!pakfire_on_root(jail->pakfire)) pakfire_umount_all(jail->pakfire);