From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Tue, 2 Feb 2021 16:40:30 +0000 (+0100)
Subject: cgroups: add croup_set()
X-Git-Tag: lxc-5.0.0~305^2~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=983b1db09dd09be107ef1c9fa0968c01acbc2c3f;p=thirdparty%2Flxc.git

cgroups: add croup_set()

This is a unified hierarchy only method which doesn't need to initialize a full
cgroup driver. Instead, it relies on the command socket to retrieve a cgroup2
file descriptor to the container's cgroup.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 2e3a0a235..5e9343f63 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -2675,6 +2675,35 @@ static int device_cgroup_rule_parse(struct device_item *device, const char *key,
 	return device_cgroup_parse_access(device, ++val);
 }
 
+int cgroup_set(struct lxc_conf *conf, const char *name, const char *lxcpath,
+	       const char *filename, const char *value)
+{
+	__do_close int unified_fd = -EBADF;
+	ssize_t ret;
+
+	if (!conf || is_empty_string(filename) || is_empty_string(value) ||
+	    is_empty_string(name) || is_empty_string(lxcpath))
+		return ret_errno(EINVAL);
+
+	unified_fd = lxc_cmd_get_cgroup2_fd(name, lxcpath);
+	if (unified_fd < 0)
+		return ret_errno(ENOCGROUP2);
+
+	if (strncmp(filename, "devices.", STRLITERALLEN("devices.")) == 0) {
+		struct device_item device = {};
+
+		ret = device_cgroup_rule_parse(&device, filename, value);
+		if (ret < 0)
+			return log_error_errno(-1, EINVAL, "Failed to parse device string %s=%s", filename, value);
+
+		ret = lxc_cmd_add_bpf_device_cgroup(name, lxcpath, &device);
+	} else {
+		ret = lxc_writeat(unified_fd, filename, value, strlen(value));
+	}
+
+	return ret;
+}
+
 /* Called externally (i.e. from 'lxc-cgroup') to set new cgroup limits.  Here we
  * don't have a cgroup_data set up, so we ask the running container through the
  * commands API for the cgroup path.
diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
index 151a610b4..969842703 100644
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -194,6 +194,9 @@ __hidden extern int cgroup_attach(const struct lxc_conf *conf, const char *name,
 __hidden extern int cgroup_get(struct lxc_conf *conf, const char *name,
                                const char *lxcpath, const char *filename,
                                char *buf, size_t len);
+__hidden extern int cgroup_set(struct lxc_conf *conf, const char *name,
+                               const char *lxcpath, const char *filename,
+                               const char *value);
 
 static inline bool pure_unified_layout(const struct cgroup_ops *ops)
 {