]> git.ipfire.org Git - thirdparty/libcgroup.git/log
thirdparty/libcgroup.git
2 years agowrapper: fix segfault in cgroup_add_controller()
Kamalesh Babulal [Fri, 24 Feb 2023 05:35:02 +0000 (11:05 +0530)] 
wrapper: fix segfault in cgroup_add_controller()

The second argument passed to cgroup_add_controller() is of type
char * and the user might pass NULL in place of the arguments, causing
a segfault.  segfault is trigger when the NULL, argument values is used
without checks, fix it by checking for NULL before proceeding.

Reproducer:
-----------

int main(void)
{
struct cgroup_controller *cgc;
struct cgroup *cgrp;
int ret;

cgroup_init();
if (ret)
exit(1);

cgrp = cgroup_new_cgroup("fuzzer");
if (!cgrp)
exit(1);

cgc = cgroup_add_controller(cgrp, "cpu");
if (!cgc)
exit(1);

cgroup_add_controller(cgrp, NULL);

// should not reach here
return 0;
}

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoapi: allocate correct value size to copy value provided to cgroup_set_value_string
Justin Israel [Thu, 23 Feb 2023 22:53:17 +0000 (11:53 +1300)] 
api: allocate correct value size to copy value provided to cgroup_set_value_string

Signed-off-by: Justin Israel <justinisrael@gmail.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotests/ftest: use string filter() to concatenation cause
Kamalesh Babulal [Thu, 23 Feb 2023 13:45:54 +0000 (13:45 +0000)] 
tests/ftest: use string filter() to concatenation cause

if, then, else construction is used to concatenate the 'cause' string,
that appends the reason for the test failures.  The reason to use the
checks to TypeError that occurs while concatenating None and str type.
Replace them with a one-liner string.filter(), across the test sources.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotests/gunit: Extend the fuzzer to test cgroup_get_value_string()
Kamalesh Babulal [Tue, 21 Feb 2023 13:10:05 +0000 (13:10 +0000)] 
tests/gunit: Extend the fuzzer to test cgroup_get_value_string()

Add fuzzing to the cgroup_get_value_string() API, by passing combination
of valid/NULL as arguments to the API.

s
[----------] 4 tests from APIArgsTest
[ RUN      ] APIArgsTest.API_cgroup_set_permissions
[       OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN      ] APIArgsTest.API_cgroup_new_cgroup
[       OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN      ] APIArgsTest.API_cgroup_set_value_string
[       OK ] APIArgsTest.API_cgroup_set_value_string (0 ms)
[ RUN      ] APIArgsTest.API_cgroup_get_value_string

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agowrapper: fix segfault in cgroup_get_value_string()
Kamalesh Babulal [Tue, 21 Feb 2023 10:49:06 +0000 (10:49 +0000)] 
wrapper: fix segfault in cgroup_get_value_string()

The second and third arguments passed to cgroup_get_value_string() are
of type char * and the user might pass NULL in place of one or both of
the arguments, causing a segfault.  segfault is trigger when the NULL,
argument values are used without checks, fix it by checking for NULL
before proceeding.

Reproducer:
-----------

int main(void)
{
        struct cgroup_controller *cgc;
        struct cgroup *cgrp;
        int ret;

        cgroup_init();
        if (ret)
                exit(1);

        cgrp = cgroup_new_cgroup("fuzzer");
        if (!cgrp)
                exit(1);

        cgc = cgroup_add_controller(cgrp, "cpu");
        if (!cgc)
                exit(1);

        ret = cgroup_add_value_string(cgc, "cpu.shares", "1024");
        if (!cgc)
                exit(1);

        ret = cgroup_create_cgroup(cgrp, 1);
        if (ret)
                exit(1);

        cgc = cgroup_get_controller(cgrp, "cpu");
        if (!cgc)
                exit(1);

        cgroup_get_value_string(cgc, NULL, NULL);

        return 0;
}

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotests/gunit: Extend the fuzzer to test cgroup_set_value_string()
Kamalesh Babulal [Tue, 21 Feb 2023 13:13:25 +0000 (13:13 +0000)] 
tests/gunit: Extend the fuzzer to test cgroup_set_value_string()

Add fuzzing to the cgroup_set_value_string() API, by passing combination
of valid/NULL as arguments to the API.

[----------] 3 tests from APIArgsTest
[ RUN      ] APIArgsTest.API_cgroup_set_permissions
[       OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN      ] APIArgsTest.API_cgroup_new_cgroup
[       OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN      ] APIArgsTest.API_cgroup_set_value_string
[       OK ] APIArgsTest.API_cgroup_set_value_string (19 ms)
[----------] 3 tests from APIArgsTest (19 ms total)

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agowrapper: fix segfault in cgroup_set_value_string()
Kamalesh Babulal [Mon, 20 Feb 2023 15:09:07 +0000 (15:09 +0000)] 
wrapper: fix segfault in cgroup_set_value_string()

The second and third arguments passed to cgroup_set_value_string() are
of type char * and the user might pass NULL in place of one or both of
the arguments, causing a segfault.  segfault is trigger when the NULL,
argument values are used without checks, fix it by checking for NULL
before proceeding.

Reproducer:
-----------

int main(void)
{
        struct cgroup_controller *cgc;
        struct cgroup *cgrp;

        cgroup_init();
        if (ret)
exit(1);

        cgrp = cgroup_new_cgroup("fuzzer");
        if (!cgrp)
                exit(1);

        cgc = cgroup_add_controller(cgrp, "cpu");
        if (!cgc)
exit(1);

        ret = cgroup_create_cgroup(cgrp, 1);
        if (ret)
exit(1);

        cgroup_set_value_string(cgc, NULL, NULL);

// should not reach here.
return 0;
}

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add cgroup_get_cgroup() pybindings test
Tom Hromatka [Wed, 15 Feb 2023 21:50:14 +0000 (14:50 -0700)] 
ftests: Add cgroup_get_cgroup() pybindings test

Add a test to exercise cgroup_get_cgroup() and its python bindings.

-----------------------------------------------------------------
Test Results:
Run Date:                          Feb 15 14:50:00
Passed:                                  1 test(s)
Skipped:                                 0 test(s)
Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
Test                                    Time (sec)
--------------------------------------------------
setup                                         0.00
072-pybindings-cgroup_get_cgroup.py           2.66
teardown                                      0.00
--------------------------------------------------
Total Run Time                                2.66

Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoapi: Don't return an error when no cgroups are enabled
Tom Hromatka [Tue, 21 Feb 2023 21:17:58 +0000 (14:17 -0700)] 
api: Don't return an error when no cgroups are enabled

Don't return an error, ECGROUPNOTEXIST (50002), from cgroup_get_cgroup()
when no controllers are enabled in a cgroup v2 cgroup.

Simple reproducer:
sudo mkdir -p /sys/fs/cgroup/foo/bar

#!/usr/bin/env python3
from libcgroup import Cgroup, Version

cg = Cgroup('foo/bar', Version.CGROUP_V2)
cg.get()
print(cg)

Prior to this change, the above python code returned ECGROUPNOTEXIST in
the cg.get() line.  Now it successfully completes, but no controllers
are populated.

Reported-by: Justin Israel <justinisrael@gmail.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoapi: Add support for "cgroup" controller in cgroup v2
Tom Hromatka [Tue, 14 Feb 2023 19:58:59 +0000 (12:58 -0700)] 
api: Add support for "cgroup" controller in cgroup v2

The "cgroup" controller has settings that the user may want to
read/write, e.g. cgroup.controllers, cgroup.subtree_control,
cgroup.procs, etc.

Add support for this controller when the cgroup v2 mount table is
parsed by creating a custom controller for the "cgroup" settings.
Note that this feature has not been added to cgroup v1 and cgroup v1
will continue to have limited access to the cgroup.* files.

Reported-by: Justin Israel <justinisrael@gmail.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoapi: Support specifying controllers in cgroup_get_cgroup()
Tom Hromatka [Tue, 14 Feb 2023 19:53:03 +0000 (12:53 -0700)] 
api: Support specifying controllers in cgroup_get_cgroup()

Add support for the user to explicitly specify controllers of interest
when calling cgroup_get_cgroup().  Controllers not specified will not
be added to the struct cgroup.  Also, this allows users to view cgroup
v2 controllers that aren't enabled.  This may be useful for seeing
settings like cpuset.cpus.effective even when the cpuset controller
isn't enabled.

If no controllers are specified, then the previous behavior should be
utilized.  All controllers that are enabled for that cgroup will be
added to the struct cgroup.

Here is a simple example python program that exercises these changes:
#!/usr/bin/env python3
from libcgroup import Cgroup, Version

cg = Cgroup('user.slice', Version.CGROUP_V2)
cg.add_controller('cpuset')
cg.get()

print(cg)

Reported-by: Justin Israel <justinisrael@gmail.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotools/cgset: fix Uninitialized pointer read
Kamalesh Babulal [Fri, 17 Feb 2023 09:59:30 +0000 (09:59 +0000)] 
tools/cgset: fix Uninitialized pointer read

Fix Uninitialized pointer read, reported by Coverity Tool:

CID 307779 (#2 of 2): Uninitialized pointer read (UNINIT)22.
uninit_use_in_call: Using uninitialized value src_cgroup when calling
cgroup_free.

In main(), src_cgrp points to a valid struct cgroup only when the
user calls cgxset using --copy-from flag, Coverity warns about the
freeing src_cgrp, which is uninitialized in the error path.  This patch
initializes converted_src_cgroup, src_cgroup and cgroup uninitialized
pointers and checks is src_cgrp is valid pointer before passing it to
cgroup_free()

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotools/cgset: fix Uninitialized pointers read
Kamalesh Babulal [Fri, 17 Feb 2023 09:54:50 +0000 (09:54 +0000)] 
tools/cgset: fix Uninitialized pointers read

Fix Uninitialized pointer read, reported by Coverity Tool:

CID 307778 (#2 of 2): Uninitialized pointer read (UNINIT)22.
uninit_use_in_call: Using uninitialized value src_cgroup when calling
cgroup_free.

In main(), src_cgrp points to a valid struct cgroup only when the user
calls cgset using --copy-from flag, Coverity warns about the freeing
src_cgrp, which is uninitialized in the error path.  This patch
initializes src_cgrp and cgroup uninitialized pointers and checks
is src_cgrp is valid pointer before passing it to cgroup_free()

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotests: Add a test for the python bindings to cgroup_set_default_systemd_cgroup
Kamalesh Babulal [Thu, 16 Feb 2023 13:36:48 +0000 (13:36 +0000)] 
tests: Add a test for the python bindings to cgroup_set_default_systemd_cgroup

Add a test for the python bindings to cgroup_set_default_systemd_cgroup()

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 16 13:36:28
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                                       Time (sec)
        -----------------------------------------------------
        setup                                            0.00
        071-sudo-set_default_systemd_cgroup.py           0.02
        teardown                                         0.00
        -----------------------------------------------------
        Total Run Time                                   0.02

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Remove unnecessary int() typecast and add the test to Makefile.am

2 years agopython: binding to read and set systemd_default_cgroup
Kamalesh Babulal [Mon, 13 Feb 2023 06:49:59 +0000 (06:49 +0000)] 
python: binding to read and set systemd_default_cgroup

Add an python binding that reads /run/libcgroup/systemd and if the file
exists, sets the systemd_default_cgroup. Then on all the paths
constructed, has the systemd_default_cgroup appended to it.  This is
used when cgroup sub-tree is constructed for systemd delegation.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoREADME: Fix CodeQL Badge
Tom Hromatka [Thu, 16 Feb 2023 16:45:08 +0000 (09:45 -0700)] 
README: Fix CodeQL Badge

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoman: document cgexec's -b (systemd) option
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)] 
man: document cgexec's -b (systemd) option

Add documentation about the -b option in the cgexec's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoman: document cgclassify's -b (systemd) option
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)] 
man: document cgclassify's -b (systemd) option

Add documentation about the -b option in the cgclassify's man page.
This option ignores the default systemd delegated hierarchy path
and constructs the path of the control groups relative to the cgroup
root hierarchy.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoman: document cgcreate's -b (systemd) option
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)] 
man: document cgcreate's -b (systemd) option

Add documentation about the -b option in the cgcreate's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoman: document cgxset's -b (systemd) option
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)] 
man: document cgxset's -b (systemd) option

Add documentation about the -b option in the cgxset's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoman: document cgxget's -b (systemd) option
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)] 
man: document cgxget's -b (systemd) option

Add documentation about the -b option in the cgxget's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoman: document cgdelete's -b (systemd) option
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)] 
man: document cgdelete's -b (systemd) option

Add documentation about the -b option in the cgdelete's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoman: document cgset's -b (systemd) option
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)] 
man: document cgset's -b (systemd) option

Add documentation about the -b option in the cgset's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoman: document cgget's -b (systemd) option
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)] 
man: document cgget's -b (systemd) option

Add documentation about the -b option in the cgget's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoman: document cgget's -m option
Kamalesh Babulal [Thu, 16 Feb 2023 12:05:02 +0000 (17:35 +0530)] 
man: document cgget's -m option

Add documentation about the -m option in the cgget's man page. This
option prints the current cgroup setup mode.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agopybindings: Fix a build warning on Fedora
Kamalesh Babulal [Wed, 15 Feb 2023 19:05:06 +0000 (12:05 -0700)] 
pybindings: Fix a build warning on Fedora

While building python bindings on Fedora 34, gcc 11.3.1 triggers a
build warning:
[1/1] Cythonizing libcgroup.pyx
In file included from /usr/include/bits/libc-header-start.h:33,
                 from /usr/include/limits.h:26,
                 from /usr/lib/gcc/x86_64-redhat-linux/11/include/limits.h:203,
                 from /usr/lib/gcc/x86_64-redhat-linux/11/include/syslimits.h:7,
                 from /usr/lib/gcc/x86_64-redhat-linux/11/include/limits.h:34,
                 from /usr/include/python3.9/Python.h:11,
                 from libcgroup.c:25:
/usr/include/features.h:397:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]
  397 | #  warning _FORTIFY_SOURCE requires compiling with optimization (-O)
      |    ^~~~~~~

the reason being the default compiler flags for c/c++ includes
'-Wp,-D_FORTIFY_SOURCE=2' and '-D_FORTIFY_SOURCE=2'. Whereas Ubuntu
compilers include '-D_FORTIFY_SOURCE=2' option only.  This can be
fixed by adding '-O2' to the CPP Flags in the pybinding Makefile and
there is no side effect in both Fedora and Ubuntu because by default
'-D_FORTIFY_SOURCE=2' is included. The Ubuntu automatically auto
includes '-D_FORTIFY_SOURCE=2' when '-O2' is passed but here it's been
already explicitly passed.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoRFE: Bump redhat-plumbers-in-action/differential-shellcheck from 3 to 4
dependabot[bot] [Fri, 10 Feb 2023 22:10:47 +0000 (15:10 -0700)] 
RFE: Bump redhat-plumbers-in-action/differential-shellcheck from 3 to 4

Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 3 to 4.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/redhat-plumbers-in-action/differential-shellcheck/compare/v3...v4)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add a test to validate cgx{get,set} systemd options (cgroup v2)
Kamalesh Babulal [Fri, 10 Feb 2023 07:52:13 +0000 (07:52 +0000)] 
ftests: Add a test to validate cgx{get,set} systemd options (cgroup v2)

Add a test case to validate cgx{get, set} tool's systemd options on
cgroup unified setup mode.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 05 08:15:40
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                                           Time (sec)
        ---------------------------------------------------------
        setup                                                0.00
        070-sudo-systemd_cgxget-cpu-settings-v2.py           3.00
        teardown                                             0.00
        ---------------------------------------------------------
        Total Run Time

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add a test to validate cgx{get,set} systemd options (cgroup v1)
Kamalesh Babulal [Fri, 10 Feb 2023 07:40:25 +0000 (07:40 +0000)] 
ftests: Add a test to validate cgx{get,set} systemd options (cgroup v1)

Add a test case to validate cgx(get, set} tool's systemd options on
cgroup legacy/hybrid setup modes.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 05 08:09:43
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                                           Time (sec)
        ---------------------------------------------------------
        setup                                                0.00
        069-sudo-systemd_cgxget-cpu-settings-v1.py           2.74
        teardown                                             0.00
        ---------------------------------------------------------
        Total Run Time                                       2.74

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add a test to validate cgexec's systemd options (cgroup v2)
Kamalesh Babulal [Fri, 10 Feb 2023 07:38:08 +0000 (07:38 +0000)] 
ftests: Add a test to validate cgexec's systemd options (cgroup v2)

Add a test case to validate cgexec tool's systemd options on cgroup
unified setup mode.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 05 07:57:18
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                              Time (sec)
        --------------------------------------------
        setup                                   0.00
        068-sudo-systemd_cgexec-v2.py           5.53
        teardown                                0.00
        --------------------------------------------
        Total Run Time                          5.53

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add a test to validate cgexec's systemd options (cgroup v1)
Kamalesh Babulal [Fri, 10 Feb 2023 07:29:03 +0000 (07:29 +0000)] 
ftests: Add a test to validate cgexec's systemd options (cgroup v1)

Add a test case to validate cgexec tool's systemd options on cgroup
legacy/hybrid setup modes.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 05 07:48:48
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                              Time (sec)
        --------------------------------------------
        setup                                   0.00
        067-sudo-systemd_cgexec-v1.py           5.32
        teardown                                0.00
        --------------------------------------------
        Total Run Time                          5.32

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add a test to validate cgclassify's systemd options (cgroup v2)
Kamalesh Babulal [Fri, 10 Feb 2023 09:00:12 +0000 (14:30 +0530)] 
ftests: Add a test to validate cgclassify's systemd options (cgroup v2)

Add a test case to validate cgclassify tool's systemd options on cgroup
unified mode.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 05 07:43:23
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                                  Time (sec)
        ------------------------------------------------
        setup                                       0.00
        066-sudo-systemd_cgclassify-v2.py           7.57
        teardown                                    0.00
        ------------------------------------------------
        Total Run Time                              7.57

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add a test to validate cgclassify's systemd options (cgroup v1)
Kamalesh Babulal [Fri, 10 Feb 2023 07:49:16 +0000 (07:49 +0000)] 
ftests: Add a test to validate cgclassify's systemd options (cgroup v1)

Add a test case to validate cgclassify tool's systemd options on cgroup
legacy/hybrid setup modes.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 05 06:51:38
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                                  Time (sec)
        ------------------------------------------------
        setup                                       0.00
        065-sudo-systemd_cgclassify-v1.py           7.38
        teardown                                    0.00
        ------------------------------------------------
        Total Run Time                              7.38

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add to test to validate cgset's systemd options (cgroup v2)
Kamalesh Babulal [Fri, 10 Feb 2023 06:45:43 +0000 (06:45 +0000)] 
ftests: Add to test to validate cgset's systemd options (cgroup v2)

Add a test case to validate cgset tool's systemd options on cgroup
unified setup mode.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 05 14:38:30
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                             Time (sec)
        -------------------------------------------
        setup                                  0.00
        064-sudo-systemd_cgset-v2.py           2.33
        teardown                               0.00
        -------------------------------------------
        Total Run Time                         2.33

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add to test to validate cgset's systemd options (cgroup v1)
Tom Hromatka [Fri, 10 Feb 2023 06:41:50 +0000 (06:41 +0000)] 
ftests: Add to test to validate cgset's systemd options (cgroup v1)

Add a test case to validate cgset tool's systemd options on cgroup
legacy and hybrid setup modes.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 05 12:53:35
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                             Time (sec)
        -------------------------------------------
        setup                                  0.00
        063-sudo-systemd_cgset-v1.py           2.20
        teardown                               0.00
        -------------------------------------------
        Total Run Time                         2.20

[Kamalesh improvised on the original test case]
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add a test to validate cgget's systemd options (cgroup v2)
Kamalesh Babulal [Fri, 10 Feb 2023 06:37:07 +0000 (06:37 +0000)] 
ftests: Add a test to validate cgget's systemd options (cgroup v2)

Add a test case to validate cgget tool's systemd options on cgroup
unified setup mode.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 05 12:00:26
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                                              Time (sec)
        ------------------------------------------------------------
        setup                                                   0.00
        062-sudo-g_flag_controller_only_systemd-v2.py           2.25
        teardown                                                0.00
        ------------------------------------------------------------
        Total Run Time                                          2.25

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add a test to validate cgget's systemd options (cgroup v1)
Tom Hromatka [Fri, 10 Feb 2023 06:31:16 +0000 (06:31 +0000)] 
ftests: Add a test to validate cgget's systemd options (cgroup v1)

Add a test case to validate cgget tool's systemd options on cgroup
legacy/hybrid setup modes.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 05 08:42:19
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                                              Time (sec)
        ------------------------------------------------------------
        setup                                                   0.00
        061-sudo-g_flag_controller_only_systemd-v1.py           2.16
        teardown                                                0.00
        ------------------------------------------------------------
        Total Run Time                                          2.16

[Kamalesh improvised on the original test case]
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add a test to validate systemd configurations
Kamalesh Babulal [Fri, 10 Feb 2023 06:22:06 +0000 (06:22 +0000)] 
ftests: Add a test to validate systemd configurations

Add a test case to parse test different combination of valid and invalid
systemd configurations.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Feb 05 08:33:41
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                                   Time (sec)
        -------------------------------------------------
        setup                                        0.00
        060-sudo-cgconfigparser-systemd.py           4.31
        teardown                                     0.00
        -------------------------------------------------
        Total Run Time                               4.31

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotests/systemd - Add more helpers for cgroup delegation
Kamalesh Babulal [Fri, 10 Feb 2023 06:39:11 +0000 (06:39 +0000)] 
tests/systemd - Add more helpers for cgroup delegation

Add more helpers to work with systemd cgroup delegation, this patch
adds:
- remove_scope_slice_conf() to remove the cgconfig file created and
  remove the scope cgroup and slice cgroups.
- write_config_with_pid() to write a cgconfig file with the systemd
  configurations.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotests/cgroup - Add more helpers for cgroup delegation
Kamalesh Babulal [Fri, 10 Feb 2023 06:02:42 +0000 (06:02 +0000)] 
tests/cgroup - Add more helpers for cgroup delegation

Add more helpers to work with systemd cgroup delegation, this patch
adds:
- create_and_validate() to create cgroups and validate if they were
  created under the delegate systemd subtree.
- exists() is called by create_and_validate() to perform the
  validation part.

Suggested-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add ignore_systemd support to the CLI tools
Tom Hromatka [Thu, 2 Feb 2023 13:39:42 +0000 (13:39 +0000)] 
ftests: Add ignore_systemd support to the CLI tools

Add ignore_systemd support (-b flag) to the CLI tools in the functional
tests, so that the functions calling the CLI tools are aware of the
delegated systemd subtree support in the tools and switch between cgroup
controllers root and systemd subtree using -b switch.

[Kamalesh extended the -b flags to some of the CLI tools]
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotests/cgroup: Add None as controller get_controller_mount_point()
Kamalesh Babulal [Fri, 10 Feb 2023 05:45:22 +0000 (05:45 +0000)] 
tests/cgroup: Add None as controller get_controller_mount_point()

Cgroup hybrid/unified setup modes support creating cgroups without
attaching them to any controller.  Enhance get_controller_mount_point()
to support 'None' as a valid controller and return a mount point.

Hybrid Setup
------------
>>> from cgroup import Cgroup
>>> Cgroup.get_controller_mount_point(None)
'/sys/fs/cgroup/unified'

Unified Setup
-------------
>>> from cgroup import Cgroup
>>> Cgroup.get_controller_mount_point(None)
'/sys/fs/cgroup'

Suggested-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotools/cgexec: add support for default systemd delegation slice/scope
Kamalesh Babulal [Tue, 31 Jan 2023 06:24:37 +0000 (06:24 +0000)] 
tools/cgexec: add support for default systemd delegation slice/scope

Enhance the cgexec tool to support default systemd delegation
slice/scope, if set in the cgconfig.conf's systemd setting.  Parse  the
configuration file and read the systemd::delegate setting, if any, and
set it as the default systemd slice/scope in
systemd_default_cgroup. Setting it appends the slice/scope
name to the constructed default cgroup mount path.

When the user passes the relative cgroup name, its appends to the
sub-tree (delegated slice/scope) by default and if the user wishes to
create a cgroup in another subtree or cgroup root hierarchy, they need
to use the absolute path. For example:

                          cgroup_root
                         /          \
                        /            \
                 systemd.slice*      cgrp1
                        |
                 systemd.scope
                        |
                    cgrp-d1

* default system delegation slice/scope - read from cgconfig.conf
$ sudo cgexec -g cpu:cgrp-d1 sleep 10

will create the cgroup under the cpu controller hirearchy
cgroup_root:systemd_default_cgroup:cgrp-d1

and for creating a cgroup cgrp1, the user can use:
$ sudo cgexec -g cpu:/cgrp1 sleep 10

or use the newly introduced -b switch to ignore the systemd slice/scope:
$ sudo cgexec -b -g cpu:cgrp1 sleep 10

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotools/cgclassify: add support for default systemd delegation slice/scope
Kamalesh Babulal [Tue, 10 Jan 2023 14:13:43 +0000 (14:13 +0000)] 
tools/cgclassify: add support for default systemd delegation slice/scope

Enhance the cgclassify tool to support default systemd delegation
slice/scope, if set in the cgconfig.conf's systemd setting.  Parse the
configuration file and read the systemd::delegate setting, if
any, and set it as the default systemd slice/scope in
systemd_default_cgroup. Setting it appends the slice/scope
name to the constructed default cgroup mount path.

When the user passes the relative cgroup name, its appends to the
sub-tree (delegated slice/scope) by default and if the user wishes to
create a cgroup in another subtree or cgroup root hierarchy, they need
to use the absolute path. For example:

                      cgroup_root
                     /          \
                    /            \
             systemd.slice*      cgrp1
                    |
             systemd.scope
                    |
                cgrp-d1

* default system delegation slice/scope - read from cgconfig.conf
$ sudo cgclassify -g cpu:cgrp-d1 1379 (pid)

will create the cgroup under the cpu controller hirearchy
cgroup_root:systemd_default_cgroup:cgrp-d1

and for creating a cgroup cgrp1, the user can use:
$ sudo cgclassify -g cpu:/cgrp1 1379 (pid)

or use the newly introduced -b switch to ignore the systemd slice/scope:
$ sudo cgclassify -b -g cpu:cgrp1 1379 (pid)

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotools/lscgroup: add support for default systemd delegation slice/scope
Kamalesh Babulal [Tue, 10 Jan 2023 14:13:38 +0000 (14:13 +0000)] 
tools/lscgroup: add support for default systemd delegation slice/scope

Enhance the lscgroup tool to support default systemd delegation
slice/scope, if set in the cgconfig.conf's systemd setting.  Parse the
configuration file and read the systemd::delegate setting, if
any, and set it as the default systemd slice/scope in
systemd_default_cgroup. Setting it appends the slice/scope
name to the constructed default cgroup mount path.

When the user passes the relative cgroup name, its appends to the
sub-tree (delegated slice/scope) by default and if the user wishes to
create a cgroup in another subtree or cgroup root hierarchy, they need
to use the absolute path. For example:

                  cgroup_root
                 /          \
                /            \
         systemd.slice*      cgrp1
|
 systemd.scope
|
            cgrp-d1

* default system delegation slice - read from cgconfig.conf
$ sudo lscgroup -g cpu:cgrp-d1

will list the cgroups under the cpu controller hirearchy
cgroup_root:systemd_default_cgroup:cgrp-d1

and for listing a cgroups cgrp1, the user can use:
$ sudo lscgroup -g cpu:/cgrp1

or use the newly introduced -b switch to ignore the systemd slice/scope:
$ sudo lscgroup -b -g cpu:cgrp1

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotools/cgcreate: add support for default systemd delegation slice/scope
Kamalesh Babulal [Tue, 10 Jan 2023 14:13:35 +0000 (14:13 +0000)] 
tools/cgcreate: add support for default systemd delegation slice/scope

Enhance the cgcreate tool to support default systemd delegation
slice/scope, if set in the cgconfig.conf's systemd setting.  Parse the
configuration file and read the systemd::delegate setting, if
any, and set it as the default systemd slice/scope in
systemd_default_cgroup. Setting it appends the slice/scope
name to the constructed default cgroup mount path.

When the user passes the relative cgroup name, its appends to the
sub-tree (delegated slice/scope) by default and if the user wishes to
create a cgroup in another subtree or cgroup root hierarchy, they need
to use the absolute path. For example:

  cgroup_root
 /     \
/      \
 systemd.slice*      cgrp1
|
 systemd.scope
|
    cgrp-d1

* default system delegation slice/scope - read from cgconfig.conf
$ sudo cgcreate -g cpu:cgrp-d1

will create the cgroup under the cpu controller hirearchy
cgroup_root:systemd_default_cgroup:cgrp-d1

and for creating a cgroup cgrp1, the user can use:
$ sudo cgcreate -g cpu:/cgrp1

or use the newly introduced -b switch to ignore the systemd slice/scope:
$ sudo cgcreate -b -g cpu:cgrp1

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotools/cgxset add support for default systemd delegation slice/scope
Kamalesh Babulal [Fri, 3 Feb 2023 08:22:15 +0000 (08:22 +0000)] 
tools/cgxset add support for default systemd delegation slice/scope

Enhance the cgxset tool to support default systemd delegation slice/scope,
if set in the cgconfig.conf's systemd setting.  Parse the configuration
file and read the systemd::delegate setting, if any, and set it as
the default systemd slice/scope in systemd_default_cgroup.
Setting it appends the slice/scope name to the constructed default cgroup
mount path.

When the user passes the relative cgroup name, its appends to the
sub-tree (delegated slice/scope) by default and if the user wishes to set
controller::value in a cgroup under another subtree or cgroup root
hierarchy, they need to use the absolute path. For example:
  cgroup_root
 /     \
/      \
 systemd.slice*      cgrp1
|
 systemd.scope
|
    cgrp-d1

* default system delegation slice/scope - read from cgconfig.conf

$ sudo ./src/tools/cgxset 1 -r cpu.weight=99 cgrp-d1

will set the cpu controller:cpu.weight information under the
cgroup_root:systemd_default_cgroup:cgrp-d1

and for setting the cpu controller information of cgrp1, the user can
use:
$ sudo ./src/tools/cgxset -r cpu.weight=99 /cgrp1

or use the newly introduced -b switch to ignore the systemd
slice/scope:
$ sudo ./src/tools/cgxset -b -r cpu.weight=99 cgrp1

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotools/cgxget: add support for default systemd delegation slice/scope
Kamalesh Babulal [Wed, 8 Feb 2023 10:53:00 +0000 (16:23 +0530)] 
tools/cgxget: add support for default systemd delegation slice/scope

Enhance the cgxget tool to support default systemd delegation
slice/scope, if set in the cgconfig.conf's systemd setting.  Parse the
configuration file and read the systemd::delegate setting, if any, and
set it as the default systemd slice/scope in systemd_default_cgroup.
Setting it appends the slice/scope name to the constructed default cgroup
mount path.

When the user passes the relative cgroup name, its appends to the
sub-tree (delegated slice/scope) by default and if the user wishes to get
details about the cgroups in another subtree or cgroup root hierarchy,
they need to use the absolute path. For example:
  cgroup_root
 /     \
/      \
 systemd.slice*      cgrp1
|
 systemd.scope
        |
    cgrp-d1

* default system delegation slice/scope - read from cgconfig.conf
$ sudo cgxget -1 -r cpu.shares cgrp-d1

will display the cpu controller information under the
cgroup_root:systemd_default_cgroup:cgrp-d1

and for viewing the cpu controller information of cgrp1, the user
can use:
$ sudo cgxget -1 -r cpu.shares /cgrp1

or use the newly introduced -b switch to ignore the systemd
slice/scope:
$ sudo cgxget -b -1 -r cpu.shares /cgrp1

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Fix minor typo in a comment where delegate was written instead
     of setdefault

2 years agotools/cgdelete: add support for default systemd delegation slice/scope
Kamalesh Babulal [Tue, 10 Jan 2023 14:13:27 +0000 (14:13 +0000)] 
tools/cgdelete: add support for default systemd delegation slice/scope

Enhance the cgdelete tool to support default systemd delegation
slice/scope, if set in the cgconfig.conf's systemd setting.  Parse the
configuration file and read the systemd::delegate setting, if any,
and set it as the default systemd slice/scope in systemd_default_cgroup.
Setting it appends the slice/scope name to the constructed default cgroup
mount path.

When the user passes the relative cgroup name, its appends to the
sub-tree (delegated slice/scope) by default and if the user wishes to
delete the cgroups in another subtree or cgroup root hierarchy, they
need to use the absolute path. For example:
  cgroup_root
 /     \
/      \
 systemd.slice*      cgrp1
       |
 systemd.scope
       |
    cgrp-d1

* default system delegation slice/scope - read from cgconfig.conf
$ sudo cgdelete -g cpu:cgrp-d1

will delete the cgroup cgrp-d1 under the
cgroup_root:systemd_default_cgroup:cgrp-d1

and for deleting the cgroup cgrp1, the user can use:
$ sudo cgdelete -g cpu:/cgrp1

or use the newly introduced -b switch to ignore the systemd slice/scope:
$ sudo cgdelete -b -g cpu:cgrp1

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotools/cgset: add support for default systemd delegation slice/scope
Kamalesh Babulal [Tue, 10 Jan 2023 14:13:25 +0000 (14:13 +0000)] 
tools/cgset: add support for default systemd delegation slice/scope

Enhance the cgset tool to support default systemd delegation
slice/scope, if set in the cgconfig.conf's systemd setting.  Parse the
configuration file and read the systemd::delegate setting, if any,
and set it as the default systemd slice/scope in systemd_default_cgroup.
Setting it appends the slice/scope name to the constructed default cgroup
mount path.

When the user passes the relative cgroup name, it appends to the
sub-tree (delegated slice/scope) by default and if the user wishes to set
controller::value in a cgroup under another subtree or cgroup root
hierarchy, they need to use the absolute path. For example:
  cgroup_root
 /     \
/      \
 systemd.slice*      cgrp1
       |
 systemd.scope
       |
    cgrp-d1

* default system delegation slice/scope - read from cgconfig.conf

$ sudo ./src/tools/cgset -r cpu.weight=99 cgrp-d1

will set the cpu controller::cpu.weight setting under the
cgroup_root:systemd_default_cgroup:cgrp-d1

and for setting the cpu controller information of cgrp1, the user can
use:
$ sudo ./src/tools/cgset -r cpu.weight=99 /cgrp1

or use the newly introduced -b switch to ignore the systemd slice/scope:
$ sudo ./src/tools/cgset -b -r cpu.weight=99 cgrp1

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agotools/cgget: add support for default systemd delegation slice/scope
Kamalesh Babulal [Tue, 10 Jan 2023 14:13:23 +0000 (14:13 +0000)] 
tools/cgget: add support for default systemd delegation slice/scope

Enhance the cgget tool to support default systemd delegation
slice/scope, if set in the cgconfig.conf's systemd setting.
Parse the configuration file and read the systemd::delegate setting,
if any, and set it as the default systemd slice/scope in
systemd_default_cgroup. Setting it appends the slice/scope name to
the constructed default cgroup mount path.

When the user passes the relative cgroup name, its appends to the
sub-tree (delegated slice/scope) by default and if the user wishes to get
details about the cgroups in another subtree or cgroup root hierarchy,
they need to use the absolute path. For example:
  cgroup_root
 /     \
/      \
 systemd.slice[1]      cgrp1
|
 systemd.scope
|
    cgrp-d1

[1] default systemd delegation slice/scope - read from cgconfig.conf

$ sudo cgget -g cpu:cgrp-d1

will display the CPU controller information under the
cgroup_root:systemd_default_cgroup:cgrp-d1

and for viewing the CPU controller information of cgrp1, the user can
use:
$ sudo cgget -g cpu:/cgrp1

or use the newly introduced -b switch to ignore the systemd slice/scope:
$ sudo cgget -b -g cpu:cgrp

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Fix minor typo in a comment where delegate was written instead
     of setdefault

2 years agotools/Makefile: add WITH_SYSTEMD CFLAGS
Kamalesh Babulal [Tue, 10 Jan 2023 14:13:22 +0000 (14:13 +0000)] 
tools/Makefile: add WITH_SYSTEMD CFLAGS

Introduce EXTRA_CFLAGS, "-DWITH_SYSTEMD" that will get passed to tools
and depending upon the configure options, enable and disable the systemd
support.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoAPI: add cgroup_set_default_systemd_cgroup()
Kamalesh Babulal [Wed, 8 Feb 2023 09:56:17 +0000 (15:26 +0530)] 
API: add cgroup_set_default_systemd_cgroup()

Introduce an API cgroup_set_default_systemd_cgroup(), that reads the
systemd_default_cgroup_file, if exists, and only sets the
systemd_default_cgroup path if both of the following conditions are met:
1. The minimum length of the default slice/scope read is 15
   characters, because at the minimum it should be <n>.slice/<n>.scope.
2. Checks if the /sys/fs/cgroup/<systemd_default_cgroup> cgroup exists
   and if it doesn't, it also deletes the systemd_default_cgroup_file
   (/var/run/libcgroup/systemd) file.

this will be used by the tools and can be used by any applications
to set the default cgroup tree to systemd_default_cgroup after loading
the cgconfig.conf file(s).

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agosamples/config: add a sample systemd delegation configuration
Kamalesh Babulal [Fri, 3 Feb 2023 07:05:09 +0000 (07:05 +0000)] 
samples/config: add a sample systemd delegation configuration

Add a sample cgconfig.conf configuration file, that serves as a template
for systemd delegation and how users can control the resources limit
allocation such as cpu, memory, or any other valid cgroup settings for
the systemd slice/scope cgroup created.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoapi: cg_build_path_locked() - support default systemd delegate scope
Kamalesh Babulal [Wed, 8 Feb 2023 09:40:23 +0000 (15:10 +0530)] 
api: cg_build_path_locked() - support default systemd delegate scope

Add support to build cgroup path to the default systemd slice/scope
cgroup, if setdefault is set in the systemd configuration of the
cgconfig.conf.

$ cat /etc/cgconfig.conf
...
systemd {
    slice = database.slice;
    scope = db.scope;
    setdefault = yes; <--  set cgroup root path to '/sys/fs/cgroup/database.slice/db.scope/'
}

systemd {
    slice = database.slice;
    scope = house_keeping.scope;
    pid = 3241;
}

systemd {
    slice = others.slice;
    scope = server.scope;
}

cg_build_path() constructs the cgroup path to the mount point of the
given cgroup controller. With the support for the default systemd scope,
the default cgroup path for the controller, appends the slice/scope
name, making it the default cgroup root.

Allowing the users to set their default cgroup path from
'/sys/fs/cgroup/' to
'/sys/fs/cgroup/<systemd slice name>/<systemd scope name>/', while
using the libcgroup tools, allowing them to work on the delegated
cgroup hierarchy.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoconfig: Support systemd's slice/scope creation/delegation using configuration
Kamalesh Babulal [Wed, 8 Feb 2023 09:22:29 +0000 (14:52 +0530)] 
config: Support systemd's slice/scope creation/delegation using configuration

Add support for the creation of systemd slices and scopes (transient).
Users can create a systemd slice and scope using the new setting
'systemd' in the cgconfig.conf.

$ cat /etc/cgconfig.conf
...
systemd {
        slice = database.slice;
        scope = db.scope;
        setdefault = yes;
}

systemd {
        slice = database.slice;
        scope = house_keeping.scope;
pid = 3456;
}

systemd {
        slice = others.slice;
        scope = server.scope;
}

systemd configuration requires two mandatory settings, slice and scope,
those represent the systemd slice and scope name and other optional
settings are 'setdefault', that allows the users to append one of the
systemd slice/scope name to as default cgroup root, making the delegated
subtree as the new cgroup root, i.e., the default cgroup path is
changed to '/sys/fs/cgroup/database.slice/db.scope/' from
'/sys/fs/cgroup/', this is useful to the libcgroup tools, where users
can work on new subtree hierarchy, they created and other optional
setting is pid, which can be used as the default task for transient
scope, created by us, by default a task that spins an idle loop is
created and set as default task.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Fix minor typos in a couple comments where delegate was written
     instead of setdefault
TJH: Explicitly initialize the list head and tail to NULL.  May not be
     needed but better safe than sorry

2 years agoapi.c: cg_build_path_locked() - work around snprintf() warnings
Kamalesh Babulal [Wed, 8 Feb 2023 06:55:10 +0000 (12:25 +0530)] 
api.c: cg_build_path_locked() - work around snprintf() warnings

Recent gcc are unhappy when sizeof(dest) <= sizeof(src) with
snprintf()'s. We could need too many strncpy()'s and strcat()'s for
constructing file path, so let's workaround it by allocating long
enough space for keeping snprintf() happy and then use the temporarily
allocated array and use it as src for strncpy() with limit of
FILENAME_MAX.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agogithub: Add dependency checker action
Tom Hromatka [Tue, 7 Feb 2023 23:28:50 +0000 (16:28 -0700)] 
github: Add dependency checker action

Add an action, dependabot, that will periodically check GitHub Actions
dependencies.  It is currently configured to run weekly.  If dependabot
finds an update, it will open a pull request.

See here for more details:
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agogithub: README: Update code quality analysis
Tom Hromatka [Tue, 7 Feb 2023 23:27:11 +0000 (16:27 -0700)] 
github: README: Update code quality analysis

LGTM code quality analysis is deprecated [1] and no longer generates
code quality information.  Remove the LGTM badge and replace it with
a CodeQL badge.  To facilitate this, move the CodeQL workflow into its
own workflow so that its status can be reported separately from the
automated tests.

[1] https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agotests/gunit: Extend the fuzzer to test cgroup_new_cgroup()
Kamalesh Babulal [Tue, 7 Feb 2023 23:23:08 +0000 (16:23 -0700)] 
tests/gunit: Extend the fuzzer to test cgroup_new_cgroup()

Add fuzzing to the cgroup_new_cgroup() API, by passing NULL as cgroup
name.

[----------] 2 tests from APIArgsTest
[ RUN      ] APIArgsTest.API_cgroup_set_permissions
[       OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN      ] APIArgsTest.API_cgroup_new_cgroup

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agowrapper: fix segfault in cgroup_new_cgroup()
Kamalesh Babulal [Tue, 7 Feb 2023 23:22:50 +0000 (16:22 -0700)] 
wrapper: fix segfault in cgroup_new_cgroup()

Passing NULL in the place of the cgroup name as an argument to
cgroup_new_cgroup() API will segfault, fix by adding a check to validate
cgroup name.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agogithub: Update actions to remove warnings
Tom Hromatka [Thu, 2 Feb 2023 15:10:19 +0000 (08:10 -0700)] 
github: Update actions to remove warnings

Update the setup-python action to v4 and the upload-artifact
action to v3.  This should remove the following warnings:

Node.js 12 actions are deprecated. Please update the following
actions to use Node.js 16: actions/setup-python@v2. For more
information see:
https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.

Node.js 12 actions are deprecated. Please update the following
actions to use Node.js 16: actions/upload-artifact@v2,
coverallsapp/github-action@master. For more information see:
https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agogithub: Update to checkout@v3
Tom Hromatka [Thu, 2 Feb 2023 15:09:52 +0000 (08:09 -0700)] 
github: Update to checkout@v3

Update the checkout action to v3.  This is to appease the
following warning:

Node.js 12 actions are deprecated. Please update the
following actions to use Node.js 16: actions/checkout@v2,
actions/setup-python@v2. For more information see:
https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agotests/gunit: Add a simple fuzzer
Kamalesh Babulal [Tue, 31 Jan 2023 18:27:22 +0000 (11:27 -0700)] 
tests/gunit: Add a simple fuzzer

Add a simple fuzzing test case that would exercise API's unlikely code
paths by passing NULL/negative values as arguments.

Output:
--------
[...]

[----------] 1 test from APIArgsTest
[ RUN      ] APIArgsTest.API_cgroup_set_permissions
[       OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[----------] 1 test from APIArgsTest (0 ms total)

to begin with, it exercises cgroup_set_permissions() by passing a NULL
pointer in place of struct cgroup. This test case will be extended to
cover almost all APIs.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoapi: fix segfault in cgroup_set_permissions()
Kamalesh Babulal [Tue, 31 Jan 2023 18:27:06 +0000 (11:27 -0700)] 
api: fix segfault in cgroup_set_permissions()

In cgroup_set_permissions(), we don't validate the cgroup and a NULL may
be passed to it in place of the cgroup, causing a segfault, when the
NULL pointer is dereferenced to set the permissions. This patch
introduces a check to validate the cgroup argument.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agogithub: Roll back distcheck and v1 functests to Ubuntu 20.04
Tom Hromatka [Fri, 27 Jan 2023 20:48:49 +0000 (13:48 -0700)] 
github: Roll back distcheck and v1 functests to Ubuntu 20.04

Ubuntu 22.04 VMs hosted by Github cannot find the LXD package.
Revert back to Ubuntu 20.04 for the Dist Check and the v1
Functional Test jobs until Github gets this sorted out.

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Add a test to exercise invalid systemd parameters
Tom Hromatka [Fri, 27 Jan 2023 20:48:31 +0000 (13:48 -0700)] 
ftests: Add a test to exercise invalid systemd parameters

Add a test that exercises invalid parameters to
cgroup_create_scope2().

-----------------------------------------------------------------
Test Results:
        Run Date:                          Jan 25 09:32:58
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                                          Time (sec)
        --------------------------------------------------------
        setup                                               0.00
        059-sudo-invalid_systemd_create_scope2.py           0.00
        teardown                                            0.00
        --------------------------------------------------------
        Total Run Time                                      0.00

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Add a test for creating a systemd scope
Tom Hromatka [Fri, 27 Jan 2023 20:46:27 +0000 (13:46 -0700)] 
ftests: Add a test for creating a systemd scope

Add a test to exercise cgroup_create_scope2().

-----------------------------------------------------------------
Test Results:
        Run Date:                          Nov 18 16:12:16
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                                  Time (sec)
        ------------------------------------------------
        setup                                       0.00
        058-sudo-systemd_create_scope2.py           2.05
        teardown                                    0.00
        ------------------------------------------------
        Total Run Time                              2.05

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Add method to determine if a controller is enabled in a cgroup
Tom Hromatka [Fri, 27 Jan 2023 20:43:45 +0000 (13:43 -0700)] 
ftests: Add method to determine if a controller is enabled in a cgroup

Add a method, is_controller_enabled(), that will determine if a
controller is enabled in a cgroup v2 cgroup.

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agopython: Add python bindings for cgroup_create_scope2()
Tom Hromatka [Fri, 27 Jan 2023 20:42:45 +0000 (13:42 -0700)] 
python: Add python bindings for cgroup_create_scope2()

Add python bindings to create a systemd scope via
cgroup_create_scope2().

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Add a test for setting permissions
Tom Hromatka [Fri, 27 Jan 2023 20:42:08 +0000 (13:42 -0700)] 
ftests: Add a test for setting permissions

Add a test to exercise the python bindings to set permissions on
a cgroup.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Nov 17 22:00:51
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                               Time (sec)
        ---------------------------------------------
        setup                                    0.00
        057-sudo-set_permissions_v1.py           0.05
        teardown                                 0.00
        ---------------------------------------------
        Total Run Time                           0.05

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Add a test for setting permissions
Tom Hromatka [Fri, 27 Jan 2023 20:40:09 +0000 (13:40 -0700)] 
ftests: Add a test for setting permissions

Add a test to exercise the python bindings to set permissions on
a cgroup.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Nov 17 21:55:52
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                               Time (sec)
        ---------------------------------------------
        setup                                    0.00
        056-sudo-set_permissions_v2.py           0.05
        teardown                                 0.00
        ---------------------------------------------
        Total Run Time                           0.05

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Add a test for set uid/gid
Tom Hromatka [Fri, 27 Jan 2023 20:38:01 +0000 (13:38 -0700)] 
ftests: Add a test for set uid/gid

Add a test to exercise the python bindings to set the uid/gid on
a cgroup.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Nov 17 21:10:08
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                           Time (sec)
        -----------------------------------------
        setup                                0.00
        055-sudo-set_uid_gid_v1.py           0.05
        teardown                             0.00
        -----------------------------------------
        Total Run Time                       0.05

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Add a test for set uid/gid
Tom Hromatka [Fri, 27 Jan 2023 20:34:45 +0000 (13:34 -0700)] 
ftests: Add a test for set uid/gid

Add a test to exercise the python bindings to set the uid/gid on
a cgroup.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Nov 16 23:12:25
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                           Time (sec)
        -----------------------------------------
        setup                                0.00
        054-sudo-set_uid_gid_v2.py           0.02
        teardown                             0.00
        -----------------------------------------
        Total Run Time                       0.02

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Change util get uid/gid functions to return an int
Tom Hromatka [Fri, 27 Jan 2023 20:28:10 +0000 (13:28 -0700)] 
ftests: Change util get uid/gid functions to return an int

get_file_owner_uid() and get_file_owner_gid() previously returned
the owning uid and gid as strings, respectively.  Change them to
return the uid and gid as ints.

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agopython: Add python bindings for setting permissions and ownership
Tom Hromatka [Fri, 27 Jan 2023 20:27:41 +0000 (13:27 -0700)] 
python: Add python bindings for setting permissions and ownership

Add python bindings for setting the ownership, cgroup_set_uid_gid(),
and setting the permissions, cgroup_set_permissions().

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agosystemd: Add cgroup_create_scope2()
Tom Hromatka [Fri, 27 Jan 2023 20:24:31 +0000 (13:24 -0700)] 
systemd: Add cgroup_create_scope2()

Add cgroup_create_scope2() as a wrapper function around
cgroup_create_scope().  cgroup_create_scope2() is more libcgroup-ish
and utilizes struct cgroup rather than systemd-style parameters.

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Rename test 050
Tom Hromatka [Fri, 27 Jan 2023 20:21:22 +0000 (13:21 -0700)] 
ftests: Rename test 050

Rename test 050-sudo-systemd_create_scope2.py to
050-sudo-systemd_create_scope_w_pid.py to avoid a name collision with
systemd_create_scope2().

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Add recursive cgdelete function test on shared mount
Kamalesh Babulal [Tue, 24 Jan 2023 19:39:11 +0000 (12:39 -0700)] 
ftests: Add recursive cgdelete function test on shared mount

Add a test that tries deleting non-existing cgroups on shared mount
mount shared by controllers on cgroup v1.

-----------------------------------------------------------------
Test Results:
        Run Date:                          Jan 23 09:21:48
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                                                  Time (sec)
        ----------------------------------------------------------------
        setup                                                       0.00
        098-cgdelete-non-existing-shared-mnt-cgroup-v1.py           0.03
        teardown                                                    0.00
        ----------------------------------------------------------------
        Total Run Time                                              0.03

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Fix minor variable name typo.  Also, add the new test to the EXTRA
     DIST list in Makefile.am

2 years agotests-047: adopt the change to cgroup_delete_cgroup_ext()
Kamalesh Babulal [Tue, 24 Jan 2023 19:37:02 +0000 (12:37 -0700)] 
tests-047: adopt the change to cgroup_delete_cgroup_ext()

With the bug fix to the cgroup_delete_cgroup_ext(), where calling
cgdelete twice back to back (not using -r option) on the cgroup created
on the mount point shared by the controller will fail. Adopt the
change in the API to testcase too.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agosrc/api: Fix cgroup_delete_cgroup_ext() on shared mount point
Kamalesh Babulal [Tue, 24 Jan 2023 19:35:48 +0000 (12:35 -0700)] 
src/api: Fix cgroup_delete_cgroup_ext() on shared mount point

In cgroup v1, the controllers can share mount points and when the cgroup
is deleted on one of controller mount point (symlink), as the side effect
are deleted for the controllers sharing the mount point. But this might
not true always, the user might try call cgroup_delete_cgroup_ext() with
a cgroup that doesn't exist over the share mount point and still get the
return code to be zero.

Fix this issue by introducing cgrp_del_shared_mnt flag, that gets set
when deleting the cgroup on the first of the controllers sharing the
mount point and check the flag on the second controller mount point
to ensure that cgroup existed.

Reproducer:
-----------
$ sudo cgdelete -g cpu:foo
$ echo $?
$ 0

With the patch:
---------------
$ cgdelete -g cpu:foo
cgdelete: cannot remove group 'foo': Cgroup does not exist
$ echo $?
82

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agodoc: Update the github release process
Tom Hromatka [Fri, 20 Jan 2023 23:21:08 +0000 (16:21 -0700)] 
doc: Update the github release process

Remove the step to update the libcgroup-tests submodule.  The
tests have been reincorporated back into the libcgroup repo
and this step is no longer needed.

Add instructions on running coverity.

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests/cgroup.py: add support to list shared mount point
Tom Hromatka [Fri, 13 Jan 2023 20:41:32 +0000 (13:41 -0700)] 
ftests/cgroup.py: add support to list shared mount point

Cgroup::get_cgroup_mounts(), could create a list of mount points and in
the case of shared mount points such as cpu,cpuacct in the cgroup v1. It
would only add a mount point for the last of the two controllers listed
as the mount point, for example:
cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0

mount list will look over cpu controller.  Add support to recognize and
add both controllers to the list of mount points.

Reported-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoapi: Use GNU strerror_r when available
Khem Raj [Fri, 13 Jan 2023 19:44:07 +0000 (12:44 -0700)] 
api: Use GNU strerror_r when available

GNU strerror_r is only available in glibc, musl impelents the XSI
version which is slightly different, therefore check if GNU version is
available before using it, otherwise use the XSI compliant version.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Minor formatting change so that the line doesn't exceed 100 chars

2 years agotools/cgxset: fix help/usage formatting
Kamalesh Babulal [Wed, 11 Jan 2023 17:39:55 +0000 (10:39 -0700)] 
tools/cgxset: fix help/usage formatting

The help/usage output is misaligned, which is a mix of tabs and spaces.
Fix it by using only spaces for the alignment, so that we have a visual
representation of output in the code too, instead of having unaligned
info()'s needing to calculate the tabs stops always.

Before:
-------
Usage: cgxset [-r <name=value>] <cgroup_path> ...
   or: cgxset --copy-from <source_cgroup_path> <cgroup_path> ...
Set the parameters of given cgroup(s)
  -1, --v1                      Provided parameters are in v1 format
  -2, --v2                      Provided parameters are in v2 format
  -i, --ignore-unmappable       Do not return an error for settings that cannot be converted
  -r, --variable <name>                 Define parameter to set
  --copy-from <source_cgroup_path>      Control group whose parameters will be copied

After:
------
Usage: cgxset [-r <name=value>] <cgroup_path> ...
   or: cgxset --copy-from <source_cgroup_path> <cgroup_path> ...
Set the parameters of given cgroup(s)
  -1, --v1                                Provided parameters are in v1 format
  -2, --v2                                Provided parameters are in v2 format
  -i, --ignore-unmappable                 Do not return an error for settings that cannot be converted
  -r, --variable <name>                   Define parameter to set
  --copy-from <source_cgroup_path>        Control group whose parameters will be copied

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests/ftests.py: fix lint warning
Kamalesh Babulal [Wed, 11 Jan 2023 17:29:59 +0000 (10:29 -0700)] 
ftests/ftests.py: fix lint warning

Fix lint warning 'ftests.py:278:21: E303 too many blank lines (2)'

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests/cgroup.py: fix lint warning
Kamalesh Babulal [Wed, 11 Jan 2023 17:29:29 +0000 (10:29 -0700)] 
ftests/cgroup.py: fix lint warning

Fix the warning 'cgroup.py:998:1: E302 expected 2 blank lines, found 1'

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoftests: Add a test for cgroup_attach_task_pid()
Tom Hromatka [Wed, 4 Jan 2023 21:08:18 +0000 (21:08 +0000)] 
ftests: Add a test for cgroup_attach_task_pid()

Add a functional test for cgroup_attach_task_pid().

-----------------------------------------------------------------
Test Results:
Run Date:                          Jan 04 21:06:16
Passed:                                  1 test(s)
Skipped:                                 0 test(s)
Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
Test                                   Time (sec)
-------------------------------------------------
setup                                        0.00
053-sudo-cgroup_attach_task_pid.py           2.06
teardown                                     0.00
-------------------------------------------------
Total Run Time                               2.06

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Add a test for cgroup_attach_task()
Tom Hromatka [Wed, 4 Jan 2023 21:07:43 +0000 (21:07 +0000)] 
ftests: Add a test for cgroup_attach_task()

Add a functional test for cgroup_attach_task()

-----------------------------------------------------------------
Test Results:
Run Date:                          Jan 04 21:03:14
Passed:                                  1 test(s)
Skipped:                                 0 test(s)
Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
Test                               Time (sec)
---------------------------------------------
setup                                    0.00
052-sudo-cgroup_attach_task.py           0.02
teardown                                 0.00
---------------------------------------------
Total Run Time                           0.02

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agopython: Add python bindings for cgroup_attach_task*()
Tom Hromatka [Wed, 4 Jan 2023 21:06:45 +0000 (21:06 +0000)] 
python: Add python bindings for cgroup_attach_task*()

Add python bindings for cgroup_attach_task() and
cgroup_attach_task_pid().  Add a convenience wrapper around them
in the Cgroup() class.

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoftests: Add a test for cgroup_get_cgroup()
Tom Hromatka [Tue, 20 Dec 2022 22:41:22 +0000 (22:41 +0000)] 
ftests: Add a test for cgroup_get_cgroup()

Add a functional test to exercise cgroup_get_cgroup()

-----------------------------------------------------------------
Test Results:
        Run Date:                          Dec 20 22:41:28
        Passed:                                  1 test(s)
        Skipped:                                 0 test(s)
        Failed:                                  0 test(s)
-----------------------------------------------------------------
Timing Results:
        Test                              Time (sec)
        --------------------------------------------
        setup                                   0.00
        051-sudo-cgroup_get_cgroup.py           0.03
        teardown                                0.00
        --------------------------------------------
        Total Run Time                          0.03

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agopython: Add python bindings for several functions
Tom Hromatka [Tue, 20 Dec 2022 22:38:43 +0000 (22:38 +0000)] 
python: Add python bindings for several functions

Add python bindings for several C functions:
cgroup_get_cgroup()
cgroup_delete_cgroup()
cgroup_get_controller_count()
cgroup_get_controller_by_index()
cgroup_get_controller_name()

Also add two python methods to wrap cgroup_get_cgroup() and cgroup_delete() to
make these interfaces more pythonic.  The other three C functions are used
internally to implement these pythonic methods.

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agoapi: Add functions for iterating through the cgroup struct
Tom Hromatka [Tue, 20 Dec 2022 22:35:54 +0000 (22:35 +0000)] 
api: Add functions for iterating through the cgroup struct

Add functions to iterate through the cgroup structure:
cgroup_get_controller_count() - returns the number of controllers
within the cgroup struct
cgroup_get_controller_by_index() - returns the cgroup_controller
pointer corresponding with the requested index
cgroup_get_controller_name() - given a cgroup_controller pointer,
get the controller's name

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agocgsnapshot: Close tags in output file on errors
Tom Hromatka [Wed, 21 Dec 2022 21:00:21 +0000 (14:00 -0700)] 
cgsnapshot: Close tags in output file on errors

Close tags in the output file when cgsnapshot encounters an
error.  For example, if cgsnapshot cannot translate a uid to a
username, the "perm {" tag still needs a closing "}".

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agotools/cgsnapshot: limit the controller to search to user lists
Kamalesh Babulal [Wed, 21 Dec 2022 15:46:26 +0000 (21:16 +0530)] 
tools/cgsnapshot: limit the controller to search to user lists

is_ctlr_on_list(), returns on the first match of the list of controllers
the user has passed on the command line, this might serve as an
optimization but as a side effect we search through the whole list of
controllers, those the user has not asked for. Let's reset the list of
controllers to controllers available on wanted_consts array (list of
controllers required by the user) and controllers array (list of
available controllers).

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoapi: cgroup_get_cgroup() populate the controller list based on the subtree_control...
Tom Hromatka [Tue, 20 Dec 2022 22:33:23 +0000 (22:33 +0000)] 
api: cgroup_get_cgroup() populate the controller list based on the subtree_control file

In cgroup_get_cgroup(), populate the controller list in the cgroup
only with controllers that are enabled in cgroup.subtree_control.

As part of this change update the error codes from
cgroupv2_get_subtree_control() to better reflect memory allocation
errors

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
2 years agogunit/test-015: Populate subtree_control for leaf cgroup
Kamalesh Babulal [Tue, 20 Dec 2022 16:09:19 +0000 (21:39 +0530)] 
gunit/test-015: Populate subtree_control for leaf cgroup

We no more rely on the cgroup's parent subtree_control file to verify
if a controller is enabled for a cgroup. So, populate the leaf/child
cgroups with subtree_control file similar to the parent cgroup.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agogunit/test-012: Create subtree_control for leaf cgroup
Kamalesh Babulal [Tue, 20 Dec 2022 16:09:13 +0000 (21:39 +0530)] 
gunit/test-012: Create subtree_control for leaf cgroup

The test case relies on the parent cgroup's subtree_control file, while
creating a cgroup to verify the controllers enabled in created cgroup v2
and the current code cleverly emulates it.  With the change to enable
the controller at the leaf cgroup this emulation gets difficult, so
introduce a dummy cgroup v2 mount that will help in the construction of
the path when the cgroup v2 is created with the empty controller because
the brilliance lies in emulating it by manually creating the
subtree_control file to give the impression of enabling the controller
in the cgroup v2 cgroup.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoapi: cgroup v2 – read subtree_control of the leaf node
Kamalesh Babulal [Tue, 20 Dec 2022 16:09:08 +0000 (21:39 +0530)] 
api: cgroup v2 – read subtree_control of the leaf node

With cgroup v2, while checking if a controller is enabled for cgroup,
the tree is walked and checked up to the parent cgroup of the leaf node,
this guarantees that the controller available for the leaf cgroups in
the cgroup.controllers file, but this is incomplete because of the
controller can be both either enabled or disabled in the
cgroups.subtree_control file of the leaf cgroup.

Fix this ambiguity by reading until the leaf node's
cgroup.subtree_control file, instead.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
2 years agoapi: cgroup v2 – enable controller at the leaf node
Kamalesh Babulal [Tue, 20 Dec 2022 16:09:02 +0000 (21:39 +0530)] 
api: cgroup v2 – enable controller at the leaf node

With cgroup v2, while creating a cgroup with a controller, the whole
hierarchy tree is walked, and the controller is enabled up to the parent
cgroup of the leaf node, this guarantees that the attached controller is
available in the leaf cgroups cgroup.controllers file, but this is
incomplete because the controller is not enabled in the leaf cgroup.

We do not have a separate API that is called to enable the controllers
but as a workaround, one can always call the
cgroup_set_values_recursive() to enable the controller in the leaf node.
To maintain the idea/compatibility with the cgroup v1, where creating a
cgroup on the controller mount point/hierarchy is equivalent to enabling
the controller in the cgroup v2, let's enable the controller in the leaf
node too.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>