Tom Hromatka [Thu, 10 Oct 2019 15:52:03 +0000 (09:52 -0600)]
README: Add README.md
This commit adds README.md. It contains graphics that show the
status of the continuous integration and code coverage results.
It also contains a link to the original README. Note that github
doesn't allow the inlining of files in markdown due to security
concerns, so a link is the best we can do.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Mon, 23 Sep 2019 22:14:50 +0000 (22:14 +0000)]
tests: Gather code coverage data after a successful CI run
Upon successful completion of a continuous integration (CI) build
through Travis CI, this commit enables coveralls.io to generate
code coverage results by utilizing the gcov data generated
during both the unit and functional test runs.
Note that the m4/ax_code_coverage.m4 file is provided by the
autoconf team, and it has been used verbatim. The original
file is available here:
https://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=blob_plain;f=m4/ax_code_coverage.m4
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Mon, 23 Sep 2019 22:09:48 +0000 (22:09 +0000)]
tests: Switch to using LXD for functional tests
Prior to this commit, the functional tests used LXC. LXD is
better for configuring a shared device between the host and
container that can be written to by the container. This
feature is critical for tracking code coverage in the
functional tests.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 19 Sep 2019 20:55:12 +0000 (14:55 -0600)]
tests: Disable the legacy tests
The legacy tests do not successfully run in Travis CI. This
commit disables them from running but does leave the test
code in place. The future of these tests and whether they will
be removed from the repo or not will be revisited at a later
date.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 19 Sep 2019 20:51:55 +0000 (14:51 -0600)]
tests: Use python3 in the functional tests
Python 2.7 will not be maintained beyond January 1, 2020. To
avoid potential problems when python 2 is retired, this commit
explicitly instructs the functional tests to use python3.
Suggested-by: Michal Koutný <mkoutny@suse.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Mon, 7 Oct 2019 20:44:46 +0000 (14:44 -0600)]
tests: Fix inconsistent return value in functional test's Container() class
This commit fixes the Container() class' inconsistent usage
of decode(). In the rootfs() method, it returned a binary
array in one case and a string in another. Now the rootfs()
method will always return a string.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Mon, 7 Oct 2019 20:42:21 +0000 (14:42 -0600)]
tests: Fix errors in functional test error path handling
The RunError() exception class had two bugs that prevented
it from properly formatting a run exception:
1) It wasn't being created properly due to a misplaced
parenthesis
2) It had a syntax error in its __str__() method where
it was using self.message rather than self.command
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 19 Sep 2019 20:40:37 +0000 (14:40 -0600)]
tests: Improve the unit test framework integration with automake
Prior to this commit, the unit test framework behaved slightly
differently depending upon how the libcgroup git repo was
cloned. This commit standardizes the unit test framework's
behavior by initializing the googletest submodule when
bootstrap.sh is invoked.
This commit also cleans up a potential issue on some versions
of automake that don't properly expand $(top_builddir) early
in the automake process.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 27 Jun 2019 17:34:00 +0000 (11:34 -0600)]
tests: Add functional test for basic cgget operations
This commit adds a functional test for a basic cgget call. The
test utilizes the new functional text framework and lxc
containers to establish a non-destructive cgroup test
environment.
Tests added:
001-cgget-basic_cgget.py - Test simple cgget functionality
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 27 Jun 2019 17:28:53 +0000 (11:28 -0600)]
tests: Add functional test suite
This commit adds a functional test suite that utilizes lxc
containers to guarantee a non-destructive test environment.
The tests can be invoked individually, as a group of related
tests, or from automake via the standard 'make check'
command.
No tests are included as part of this commit.
Example test invocations:
Run a single test (first cd to tests/ftests):
./001-cgget-basic_cgget.py
or
./ftests.py -N 15 # Run test #015
Run a suite of tests (first cd to tests/ftests):
./ftests.py -s cgget # Run all cgget tests
Run all the tests by hand
./ftests.py
# This may be advantageous over running make check
# because it will try to re-use the same lxc
# container for all of the tests. This should
# provide a significant performance increase
Run the tests from automake
make check
# Then examine the *.trs and *.log files for
# specifics regarding each test result
Example output from a test run:
Test Results:
Run Date: Jun 03 13:41:35
Passed: 1 test
Skipped: 0 tests
Failed: 0 tests
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
---------------------------------------------------------
setup 6.95
001-cgget-basic_cgget.py 0.07
teardown 0.00
---------------------------------------------------------
Total Run Time 7.02
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Fri, 21 Jun 2019 15:40:23 +0000 (09:40 -0600)]
tests: Add functional test LXC container class
This commit adds a Container() class for managing LXC containers.
This class provides methods to abstract the management of LXC
containers and simplify their usage in the functional test suite.
Example usages:
# instantiate the class
mycontainer = Container('TheNameOfMyContainer')
# create and start the container
mycontainer.create()
mycontainer.start()
Container() can raise ValueError on invalid parameters,
ContainerError when a container operation unexpectedly failes,
or RunError when running a command fails.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Fri, 21 Jun 2019 15:37:20 +0000 (09:37 -0600)]
tests: Add functional test cgroup class
This commit adds a Cgroup() class for managing cgroups. This
class provides static methods for interacting with libcgroup's
interfaces including cgset, cgget, cgcreate, etc.
Example usages:
# create a cgroup in the cpuset controller named foo
Cgroup.create(config, 'cpuset', 'foo')
# set cpu.shares for foobar to 500
Cgroup.set(config, 'foobar', 'cpu.shares', '500')
# get the limit_in_bytes for AnotherCgroup. Have libcgroup
# strip off all of the decorations so that only the value is
# returned
limit_in_bytes = Cgroup.get(config, controller=None,
cgname='AnotherCgroup', setting='memory.limit_in_bytes',
print_headers=False, values_only=True)
Providing invalid parameters to a Cgroup method will result in
a ValueError while a failure to execute a command will result
in a RunError.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Fri, 21 Jun 2019 15:32:44 +0000 (09:32 -0600)]
tests: Add functional test run class
This commit adds a Run() class that can invoke Python's Popen
command. This class provides a static method, run(), that will
execute the command via Python's subprocess module.
Example usages:
# delete foo.conf
Run.run(['rm', '-f', '/tmp/foo.conf'])
# Use cgset to set SomeCgroup's cpu.shares to 500
cmd = ['cgset', '-r', 'cpu.shares=500', 'SomeCgroup']
Run.run(cmd)
# get info on current user
Run.run('id')
# write to a file. Note that this must be run in a shell
Run.run(['echo', 'some data', '>>', 'some_file'], shell_bool=True)
Tom Hromatka [Fri, 21 Jun 2019 15:34:28 +0000 (09:34 -0600)]
tests: Add functional test logging class
This commit adds a Log() class for the functional test
suite. This class provides several static methods for
logging information during a test run. The data logged
is often useful for debugging failed tests.
Example usages:
Log.log_debug('Running test %s' % test name)
except Exception as e:
Log.log_error(e)
Both the log level and log file are configurable. By
default, the functional tests will log all messages of
criticality LOG_WARNING or higher to libcgroup-ftests.log.
These settings can be overridden by the following command
line options:
-l LOGLEVEL, --loglevel LOGLEVEL
-L LOGFILE, --logfile LOGFILE
Michal Koutný [Tue, 11 Jun 2019 07:05:59 +0000 (09:05 +0200)]
cgrulesengd: Do not ignore changes of short-lived processes
When a double-forking daemon spawns the shortlived forking process and
we fail to classify it in time, the child does not inherit (the
intended) cgroup membership.
We could process all children after receiving PROC_EVENT_FORK to remedy
this. But since we already have the timestamp logic introduced in
8953fc07c049 ("Changelog v2: * Use clock_gettime(2) for getting
timestamp since a system boot. * Change parent_info's memory to
dynamic allocation.")
and it may be too much work for all fork(2) calls, we extend the usage
of parent_info by assuming the parent would have changed its cgroup
membership by our actions even if it terminated quickly.
v2: Handle non-existent /proc/$PID/tasks as short-lived process too
Use cgroup_get_last_errno() helper
Signed-off-by: Michal Koutný <mkoutny@suse.com> Signed-off-by: Dhaval Giani <dhaval.giani@gmail.com>
Tom Hromatka [Thu, 30 May 2019 15:22:28 +0000 (09:22 -0600)]
tests: Add unit tests for cg_build_path()
This commit adds unit tests for the internal function
cg_build_path(). While code coverage is not (yet) enabled,
I believe these tests provide full code coverage for the
aforementioned function and its sister function
cg_build_path_locked().
The following tests are in this commit:
BuildPathV1_ControllerMismatch() - Calls cg_build_path() with a
controller that isn't in cg_mount_table[]. Expects a return
value of NULL
BuildPathV1_ControllerMatch() - Calls cg_build_path() with a valid
controller in cg_mount_table[]
BuildPathV1_ControllerMatchWithName() - Calls cg_build_path() with
a valid controller and a cgroup name
BuildPathV1_ControllerMatchWithNs() - Calls cg_build_path() with a
valid controller that has a namespace
BuildPathV1_ControllerMatchWithNameAndNs() - Calls cg_build_path()
with a valid controller, a cgroup name, and the controller has
a namespace
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 30 May 2019 15:22:27 +0000 (09:22 -0600)]
tests: Add googletest unit test framework
This commit adds support for the googletest unit test
framework. To enable the testing of non-exported
functions, a more permissive map file was added.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Tue, 15 Jan 2019 23:33:22 +0000 (16:33 -0700)]
cgset: fix misleading error message
When cgset fails to modify a cgroup, it output a
hardcoded error message which can cause user confusion.
This commit updates the error message to behave like
other error messages throughout libcgroup and produce
a more user-friendly output.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Acked-by: Nikola Forró <nforro@redhat.com>
Nikola Forró [Mon, 23 Jul 2018 15:38:26 +0000 (17:38 +0200)]
api.c: always move all tasks of a process to a cgroup
Move the thread enumeration introduced in commit 2186c97
from cgroup_change_all_cgroups() to cgroup_change_cgroup_path()
to ensure it works in every case.
Balbir Singh [Fri, 12 Oct 2018 08:57:24 +0000 (10:57 +0200)]
Add support for nosuid, noexec and nodev
Inspired by the contents of https://lwn.net/Articles/647757/, there
is no easy way of passing these mount options with cgroups. For existing
users, it makes sense to support these
Signed-off-by: Balbir Singh <bsingharora@gmail.com> Acked-by: Nikola Forró <nforro@redhat.com>
Michal Hocko [Wed, 18 Jul 2018 09:24:29 +0000 (11:24 +0200)]
cgrulesengd: remove umask(0)
One of our partners has noticed that cgred daemon is creating a log file
(/var/log/cgred) with too wide permissions (0666) and that is seen as
a security bug because an untrusted user can write to otherwise
restricted area. CVE-2018-14348 has been assigned to this issue.
Signed-off-by: Michal Hocko <mhocko@suse.com> Acked-by: Balbir Singh <bsingharora@gmail.com>
Nikola Forró [Tue, 8 Dec 2015 16:09:08 +0000 (17:09 +0100)]
api.c: change cgroup of every thread of a process
When changing cgroup of multi-threaded process, only the main threads
cgroup actually changed. Now all threads of a process are enumerated
and cgroup is changed for each of them.
Nikola Forró [Tue, 8 Dec 2015 15:53:41 +0000 (16:53 +0100)]
api.c: fix infinite loop
If getgrnam or getpwuid functions failed, the program entered
an infinite loop, because the rule pointer was never advanced.
This is now fixed by updating the pointer before continuing
to the next iteration.
Thus, setting of more network interfaces can not be done from configuration file. Or
devices.allow="a *:* w
c 8:* r";
thus setting list of allow devices can not be set as well. The only way is to set it from userspace, e.g.:
# echo "lo 7" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
# echo "eth 0" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
# echo "eth 1" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
# echo "eth 2" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
# echo "eth 3" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
This patch allows setting of multiline variables.
How this support works:
Multiline value is broken in lines and each line is set by write (man 2 write) syscall (without bufferring).
This implies change of fopen with open, fclose with close.
There is no control on multiline value, thus "eth0\n \t\n" can be set. However, setting
of " \t" will fail as write command returns -1. Thus administrator has to set correct
multiline values.
Tested on virtual machine with fedora and rhel with network interface lo, eth0-eth3. Configuration file:
net_prio has to be created before:
# modprobe netprio_cgroup
# mkdir /sys/fs/cgroup/net_prio
# mount -t cgroup -onet_prio none /sys/fs/cgroup/net_prio
Changelog:
test of success of strdup call
free str_val before return (str_val is changing in while cycle,
thus str_start_val points to the start of str_val before while)
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com>
Jan Chaloupka [Mon, 8 Sep 2014 11:28:18 +0000 (13:28 +0200)]
parse.y: extending cgroup names with "default"
default is used as a keyword for defining default group permissions. Having "default" as a group name (with double quotes "), parsing is successfull. Howerver, using default without double quotes, parsing fails. This patch modifies parsing rule and lex for default group name without double quotes.
cgroup_add_all_controllers function attach all mounted controllers to a given cgroup. This function just modifies internal libcgroup structure, not the kernel control group.
input parameter: cgroup
output parameter: zero or error number
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Reviewed-by: Jan Chaloupka <jchaloup@redhat.com>
Jan Chaloupka [Thu, 31 Jul 2014 09:23:08 +0000 (11:23 +0200)]
cgrules.d: new man page
This patch contains new man page for cgrules.d directory and corresponding
update of existing man pages. It describes the way additional configuration
files should be created and potential conflicts resulting from an arbitrary
order or reading files in the directory.
Changelog:
* line wrapping (max to 80 characters)
* hiearchy typo corrected
* diffrent typo corrected
* succesfully typo corrected
* /etc/cgconfig.conf added into FILES section
* formulation of advice for creating rules updated. Is it enough or
still confusing? If so, can you be more specific?
* reformulation of the first and the second paragraph
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Jan Chaloupka [Thu, 31 Jul 2014 09:21:19 +0000 (11:21 +0200)]
api.c: Adding support for loading configuration files from cgrules.d directory
Implementation of loading rules from /etc/cgrules.d/. Explanation is in the
cover letter. New function cgroup_parse_rules_file created,
calling cgroup_parse_rules. cgroup_parse_rules is invoked only in
cgroup_change_cgroup_flags, cgroup_init_rules_cache and
cgroup_reload_cached_rules functions. For them the change in cgroup_parse_rules
implementation is transpart.
Tested with two configuration files in /etc/cgrules.d/ and all rules
in /etc/cgrules.conf commented out:
$ cat /etc/cgrules.conf
#*:ls cpu strom/%u
#*:sleep memory les/%g
$ cat /etc/cgrules.d/cgrules1.conf
*:ls cpu strom/%u
Tested to cache reload as well by sending SIGUSR2 signal to running
cgrulesengd process. After first reload I commented out all rules => no
rules match after invoking ls command. After second reload I uncommented
out ls rule => rule match after invoking ls command. After third reload
I uncommented out ls and sleep rule => debug output of cgrulesengd shows
both rules loaded in the cache
Changelog:
* CGROUP_PARSE_STATE_UNLOCK removed
* reformulation of comment to "Cannot read directory. However,
CGRULES_CONF_FILE is succesfully parsed. Thus return as a success for
back compatibility."
* errno = 0 removed, once it is not zero, function returns, so need to set
it to 0 in every iteration
* fprintf replaced by cgroup_err
* added missing unlocks + new label unlock_list for all returns
This
- * finds a rule matching the given UID or GID. It will store this rule in rl,
+ * finds a rule matching the given UID or GID. It will store this rule in trl,
is valid correction. "It will store this rule in rl" talks about cache being
disabled. In this case, it is stored into trl.
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
When multi subsystems mounted on one place like this:
$ lssubsys -m
cpu,cpuacct /cgroup/cpu
$ lscgroup
cpu,cpuacct:/
cpu,cpuacct:/test
if we delete the cgroup with the cgdelete -g, and specifying multi
controllers like this:
$ cgdelete -g cpu,cpuacct:test
or
$ cgdelete -g cpu:test -g cpuacct:test
it will report error:
cgdelete: cannot remove group 'test': No such file or directory
this patch fix the problem.
v1 -> v2
- make cgdelete -g cpu:/test -g cpu:test failed.
v2 -> v3
- make cgdelete -g cpu:test -g cpu:test1 ok.
v3 -> v4
- make cgdelete -g cpuacct:test -g cpu:test -g cpuacct:test failed.
- add some comments
- fix the uninitialized warning
v4 -> v5 (created by Ivana Hutarova Varekova, acked by Weng Meiling)
- make cgdelete -g cpuacct:test -g cpu:test -g cpu:test failed
- join extended cgroup list variables to one record, do the list dynamic (static version can exceed the given limit and the safe static limit is quite high)
Signed-off-by: Weng Meiling <wengmeiling.weng@huawei.com> Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Weng Meiling <wengmeiling.weng@huawei.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Jan Chaloupka [Thu, 19 Jun 2014 09:42:14 +0000 (11:42 +0200)]
manpages: update of manpages for loading configuration
Manual pages for new functionality. Because loading files from directory is already implemented in cgconfig tool, there is nothing new. cgrulesengd reads only templates from given files. Rules for writing templates are already specified.
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Jan Chaloupka [Thu, 19 Jun 2014 09:39:37 +0000 (11:39 +0200)]
Makefile: update for cgruleseng.d Makefiles
Modification of makefiles. cgrulesengd.c uses new functions for loading files from /etc/cgconfig.d/. Thus there is a dependency on tools-common.[c|h] files. Unfortunatelly they are in ../tools directory, adding dependency on files in a diffrent directory but on the same level. Makefile.in is regenerated from Makefile.am using autoreconf -ivf.
Tested on my local machine, all files are loaded properly, cgrulesengd properly creates groups based on templates from files from /etc/cgconfig.d/.
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Jan Chaloupka [Thu, 19 Jun 2014 09:04:26 +0000 (11:04 +0200)]
cgrulesengd.c: loading of multiples files during init/reload
This patch use new implementation. In cgrulesengd.c, static variable template_files is used to save all config files, i.e. /etc/cgconfig.conf and /etc/cgconfig.d/*. This list of files is then passed to cgroup_templates_cache_set_source_files, which saves files to template_files in config.c module. This list is accessed through invocation of cgroup_init_templates_cache_from_files and cgroup_reload_templates_cache_from_files, which can access variables only from config.c, thus presenting cgroup_templates_cache_set_source_files function. At the end, this list is set free.
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Jan Chaloupka [Thu, 19 Jun 2014 08:34:32 +0000 (10:34 +0200)]
config.c: loading templates from multiple files into one template table
This patch implements loading files from /etc/cgconfig.d/. It uses already implemented functions. To hold list of files to be read for template reloading, new static variable for this list (list of template files) has been added to config.c. It is the same list as file list read with cgconfigparser (cgconfig.c file), i.e. the same functions are called. Because parser reads only one file, it is called for each file in template file list. Thus initialization, resp. template duplication has to be called before, resp. after each file parsing. Thus new functions has been presented, thus modifying config.[h|c] api and libcgroup.map. Again parsing more files for templates is analogy to parsing files for groups in cgconfig.c.
cgroup_load_cached_templates_from_file is a modification of cgroup_reload_cached_templates and cgroup_init_templates_cache. Only for loop and auxiliary variables added.
Changelog:
Description of config.h updated. [init|reload] replaced by load
TEMPLATE_ACTION_[INIT|RELOAD] removed
Instead of returning error on uninitialized list of template files, CGCONFIG_CONF_FILE with old cgroup_[init|reload]_templates_cache functions is called.
cgroup_config_create_template_group reports which template file caused unsuccesfull loading of template files
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
There is a situation when moving a task from child cgroup
to parent cgroup, the task exited. This will lead to service
cgconfig start failed. So ignore the error ESRCH.
Signed-off-by: Weng Meiling <wengmeiling.weng@huawei.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Jan Chaloupka [Mon, 10 Mar 2014 17:50:57 +0000 (18:50 +0100)]
lex: add \ character into regexp for ID token
Having virtual machine up, group name contains \ character after
cgsnapshot output. lex.l does not consider this case. For example:
group machine.slice/machine-qemu\x2drhel6.4.scope {...}
Adding \ character into regexp for ID token resolves this problem.
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com>
List of all patches:
Ivana Hutarova Varekova (37):
fix permissions of logger.sh
cgroup_get_cgroup: remove bogus comment
fix template function to copy template groups properly
documentation: fix cgroup_copy cgroup description
config.c: better detect whether template group already is created
parse: fix template parsing
lex: suppress useless warning message during compilation
create_cgroup_from_name_value_pairs can't deal n/v pairs from the same controller
cgsnapshot: don't display mountpoints which are not wanted
cgclassify: polish usage function
cgclassify: unify help output
cgclear: polish usage function
cgconfig: polish usage function
cgclear: unify help output
cgconfig: unify the help output
cgcreate: polish usage function
cgdelete: polish usage function
cgdelete: unification of usage function output
cgexec: polish usage function
cgexec: unify the help output
cgget: polish usage function
cgset: polish usage function
cgsnapshot: polish usage function
cgsnapshot: unify help output
lscgroup: polish usage function
lscgroup: unify help output
lssubsys: polish usage function
lssubsys: unify help output
cgroup_init: stop mntopt parsing if there is a bug in named hierarchy
cgroup_copy_with_slash: two typos
cgroup_get_current_controller_path: test whether strtok_r returns NULL
cgroup_config_create_template_group: fix strncpy limits
cgroup_config_create_template_group: test the right variable
cgroup_{reload|init}_cached_templates:memory leaks
cgroup_create_cgroup: write error on fail
cgconfig.conf: enable sign "@" in cgroup name
bindings: remove -nostdinc compiler option
Libo Chen (8):
log.h: add head file <stdarg.h>
cgcreate: add err check
cgconfig: add err check
cgconfig: fix the excursive processing
cgconfig: add parameter check
cgconfig: correct freeing default_cgroup
cgconfig: add check and nonzero
cgconfig: change function usage behavior
Peter Schiffer (8):
Use cache when reading /etc/passwd file
Cgred service won't start if /etc/cgrules.conf is missing
Typo in debug message in cgexec.c file
Incorrect cast
Invalid reallocation of config_table in config_insert_cgroup()
Templates letter case is switched
Use cache when calling cgroup_change_cgroup_flags()
Variable procname leaks
Weng Meiling (6):
cgsnapshot: fix the print message when use cgsnapshot with -f
when we use cgsnapshot with the given controller, the result always displays the last mounted controller which is not specified, so fix it.
It's more readable and friendly to use the enum value instead of number.
cgclassify: use the error message instead of error number
cgred:cgred should start when cgroup is mounted
cgcreate: fix the wrong uid/gid set.
stdarg.h header file is now (libstdc++-devel-4.6.3) in libctdc++ package, thus compilation of bindings failed:
../../include/libcgroup/log.h:12:20: fatal error: stdarg.h: No such file or directory
Thus -nostdinc compiler option have to be removed.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Jan Safranek <jsafrane@redhat.com>
This patch enables to have "@" sign in cgroup name in cgconfig.conf as
well.
It is because of systemd, which uses sign "@" to separate the template name
from the instance identifier in its cgroup names.
For example: systemd-fsck@.service.
Without this patch, it's not possible to use these names in cgconfig.conf file.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Peter Schiffer <pschiffe@redhat.com>
In the current version cgroup_create_cgroup returns warning if it fails and
can't set some variable. Thus on default configuration there is no
information about the problem. This situation happens if the cgconfigparser
reads cgconfig.conf. The error message where is the problem is very useful
in this case. The patch do the message visible in standard configuration.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Peter Schiffer <pschiffe@redhat.com>
Peter Schiffer [Mon, 14 Oct 2013 06:49:34 +0000 (08:49 +0200)]
Use cache when calling cgroup_change_cgroup_flags()
When system contains cgrules.conf file with few thousand rules,
cgroup_change_cgroup_flags() function without CGFLAG_USECACHE flag is very
slow.
As Ivana pointed out, cgexec and cgclassify tools might have problems with
cache
reloading, so I've removed them from the patch for now.
Currently, the patch affects only cgrulesengd daemon. Testing was done with
approximately 4000 users, rules in cgrules.conf file and same amount of
entries
in cgconfig.conf. Without the CGFLAG_USECACHE the cgrulesengd is starting
for
about 15 - 20 minutes (this is because of cgroup_change_all_cgroups()
function,
which scans all running processes on cgrulesengd start).
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Peter Schiffer [Mon, 14 Oct 2013 06:43:24 +0000 (08:43 +0200)]
Templates letter case is switched
Man page cgrules.conf(5) says:
%u username, uid if name resolving fails
%U uid
%g group name, gid if name resolving fails
%G gid
%p process name, pid if name not available
%P pid
However, in cgroup_change_cgroup_flags() function, the letter case is switched.
This patch fixes the problem.
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Fix a typo when the '/' character is tested on the last but one position instead of the last.
There have to be more allocated more memory in the same function.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Peter Schiffer <pschiffe@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com>
lscgroup: unify help output
* use tabulators instead of spaces
* at first describe the functionality and then describe options
* use printf instead fprintf(stdout,..)
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com> Acked-by: Jan Safranek <jsafrane@redhat.com>
This change is suggested by Dhaval Giani <dhaval.giani@gmail.com>.
Polish "usage" function of cgset tool. Remove a level of indentation.
Use tabulators instead of spaces.
Based on Jan's comment change typo display->set in -g description
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com> Acked-by: Jan Safranek <jsafrane@redhat.com>
This change is suggested by Dhaval Giani <dhaval.giani@gmail.com>.
Polish "usage" function of cgget tool. Remove a level of indentation.
Use printf instead of fprintf(stdout,...)
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com> Acked-by: Jan Safranek <jsafrane@redhat.com>
This change is suggested by Dhaval Giani <dhaval.giani@gmail.com>.
Polish "usage" function of cgcreate tool. Remove a level of indentation.
use printf instead of fprintf(stderr,...)
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com> Acked-by: Jan Safranek <jsafrane@redhat.com>
Remove cgconfig input free row and change the output program name to standardize
the output with the other libcgroup tools.
sort options based on alphabetical order
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com> Acked-by: Jan Safranek <jsafrane@redhat.com>
remove exit from function usage and add a structure like usage function
in the other tools.
This is suggested by Ivana Hutarova Varekova <varekova@redhat.com>
now usage willn't exit, so we should help it in err case.
v4:
- fix some code style reported by checkpatch.pl
Signed-off-by: Libo Chen <clbchenlibo.chen@huawei.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
cgroup still can be created even if giving invalid -d,-f,-s parameter.
e.g.
cgconfigparser -d 888 -l /etc/cgconfig.conf
"888" is invalid, but cgroup will be created.
So we should exit when -d,-f or -s is invalid.
v3:
- add nonzero return value
- use error instead of ret
Signed-off-by: Libo Chen <clbchenlibo.chen@huawei.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
cgsnapshot: don't display mountpoints which are not wanted
the first version of this patch was created by Libo Chen <clbchenlibo.chen@...>
see http://sourceforge.net/p/libcg/mailman/libcg-devel/thread/51FB6459.9000307%40huawei.com/#msg31243958
before patch:
#lscgroup
cpu:/
cpuset:/
#cgsnapshot -s cpu
mount {
cpuset = /cgroup/cpuacct;
cpu = /cgroup/cpu;
}
We just wanted to save cpu controller, so cpuset was unexpected
Changelog:
* parse controller list only if the list is set, if there is no restriction display all hierarchies
* parse named list as well, thus they are not output if they are not wanted
* remove TODO comment
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Reported-by: Libo Chen <clbchenlibo.chen@...> Acked-by: Jan Safranek <jsafrane@redhat.com>
create_cgroup_from_name_value_pairs can't deal n/v pairs from the same controller
create_cgroup_from_name_value_pairs can't deal name/value pairs from the
same controller
E.G.
cgset -r cpu.cfs_quota_us=400000 -r cpu.cfs_period_us=400000 cgroup
This patch fix the problem.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Jan Safranek <jsafrane@redhat.com>
fix cgroup_copy_cgroup description. There should be obvious this function only copy the controller stuff. It does not copy permissions, name and ownership.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Jan Safranek <jsafrane@redhat.com>
projects / thirdparty / libcgroup.git / log
