fix cgroup_copy_cgroup description. There should be obvious this function only copy the controller stuff. It does not copy permissions, name and ownership.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Jan Safranek <jsafrane@redhat.com>
fix template function to copy template groups properly
This patch fixes cgroup_init_templates_cache and cgroup_reload_cached_templates functions. Their have to copy not only
controllers and their structures but all variables (controller name, permissions and ownership) for templates.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Jan Safranek <jsafrane@redhat.com>
Peter Schiffer [Tue, 25 Jun 2013 04:47:47 +0000 (06:47 +0200)]
Cgred service won't start if /etc/cgrules.conf is missing
By default, the /etc/cgrules.conf file contains only comments. If this is the case, the cgred service starts without problem. But if /etc/cgrules.conf file is empty or missing, the cgred service won't start, even this case is equivalent with the first one.
This patch allows the cgred service start even when the /etc/cgrules.conf files is empty, or missing.
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Acked-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Peter Schiffer [Tue, 25 Jun 2013 04:37:41 +0000 (06:37 +0200)]
Use cache when reading /etc/passwd file
Currently, libcgroup code reads /etc/passwd file once for every line in the cgrules.conf file, what can have performance impact on the login times if system contains thousands of users and cgrules.conf contains thousands of lines.
This patch adds CGFLAG_USECACHE flag to the cgroup_change_cgroup_uid_gid() function call which enables cache usage, and thus speeds up login times on those systems.
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Acked-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
The major changes are template stuff and new logging.
List of all patches:
Ivana Hutarova Varekova (12):
cgrules.conf: no documentation inside config file
cgroup_change_cgroup_flags: create template control group on the fly
cgconfigparser: add template tag to cgconfigparser
cgconfig.conf: parse template tag and fill relevant structures
config.h: create function for init/reload cgconfig template cache
api: add function for creating template control groups
cgrulesengd: cache templates
cgroup_change_cgroup_flags: use templates if they are in rules
update documentation to reflect the changes regarding templates
api.c: cgroup_create_template_group templates crashing
templates have to be coppied in proper way to template_table structure
remove useless include from log.h
John Fastabend (1):
libcg: scan running tasks at start time to classify existing pids
Peter Schiffer (15):
Removed cgroup_dbg from cgrulesengd
Reworked libcgroup logging
Enabled default logging
Reworked logging configuration
Added parsing of CGROUP_LOGLEVEL
Recognize DEBUG level of CGROUP_LOGLEVEL variable in daemon
Fixed cgrulesengd to log libcgroup log messages to syslog
Changed log level of various messages
Added new errors/warnings
Enabled logging in cgconfigparser
Added new logging to the tools
Added a test for the new logging
Added CGROUP_LOGLEVEL to man pages + fixed the style of 'FILES' section where appropriate.
Update default logging for cgrulesengd
Make cg_mkdir_p() function compatible with read-only fs
Robert Milasan (1):
fix defaultcgroup detection (better description)
Roberto Polli (1):
support indented comments in cgconfigparser
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com>
Peter Schiffer [Thu, 16 May 2013 15:10:32 +0000 (17:10 +0200)]
Make cg_mkdir_p() function compatible with read-only fs
mkdir(2) function returns EROFS error even when the path already exists on
the read only file system, so it is impossible to determine whether the path
already exists on this kind of fs only be return code from the mkdir(2). To make
cg_mkdir_p() compatible with the ro fs, the function checks whether the
path exists with stat(2) before trying to create it.
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Acked-By: Jan Safranek <jsafrane@redhat.com>
templates have to be coppied in proper way to template_table structure
cgroup_reload_cached_templates and cgroup_init_templates_cache functions fill structure template_table in old version the data are coppied
(memcpy function) from config_template_table.
This causes problem if both template_table and config_template_table are reloaded or if config_template_table is updated. Patch fix this problem and copy data properly (cgroup_copy_cgroup function)
The reproducer of this bug is described in http://sourceforge.net/mailarchive/forum.php?thread_name=khtfkj%24c8l%241%40ger.gmane.org&forum_name=libcg-devel
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-By: Jan Safranek <jsafrane@redhat.com>
cgroup_create_template_group procedure writes to the first place of string of characters even if the varible points to NULL. As the result templates crashes.
See http://sourceforge.net/mailarchive/forum.php?thread_name=khtfkj%24c8l%241%40ger.gmane.org&forum_name=libcg-devel
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-By: Jan Safranek <jsafrane@redhat.com>
Peter Schiffer [Tue, 2 Apr 2013 08:57:07 +0000 (10:57 +0200)]
Update default logging for cgrulesengd
Cgrulesengd is using different default logging level than the library.
Currently
it's set to WARNING, which is not consistend with the rest of the library.
This
patch sets the default logging level to ERROR.
This patch also unifies logging levels with default logging system used in
libcg, be removing LOG_NOTICE and replacing it with LOG_INFO.
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Peter Schiffer [Tue, 2 Apr 2013 08:56:51 +0000 (10:56 +0200)]
Enabled logging in cgconfigparser
cgconfigparser calls cgroup_init too late, it's necessary to initialize
libcgroup logging earlier in the process, so various messages get visible
to user.
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Peter Schiffer [Tue, 2 Apr 2013 08:56:45 +0000 (10:56 +0200)]
Added new errors/warnings
I've put few errors and warnings where I find them appropriate - usually
when a function returns error and the user might be interested exactly what
file/directory is bad.
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Peter Schiffer [Tue, 2 Apr 2013 08:55:40 +0000 (10:55 +0200)]
Changed log level of various messages
I went through cgroup_dbg messages and increased they log level where I
found it appropriate. I am pretty sure I missed other important ones, this
is just a first attempt. Feel free to suggest additional messages.
Changelog:
- fixed capital letters in few log messages
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Peter Schiffer [Tue, 2 Apr 2013 08:52:59 +0000 (10:52 +0200)]
Reworked libcgroup logging
Whole new logging with following goals is here:
- more log levels.
- allow applications to log somewhere else than stdout using their custom
callback.
- provide simple stdout logger for 'lazy' applications.
The logging is off by default, i.e. no message appears on stdout unless
application initializes the logging explicitly. But see following patches!
Internally, nothing changes, cgroup_dbg is still working. In addition,
cgroup_err, cgroup_warn and cgroup_info appeared. Description what message
should use which log level is in doxygen info, together with new public API
incl. simple example, I won't copy it here
Also the cgroup_log function is made public. I am not sure if it is the
right thing to do, but that's currently the simplest way how to use the
logging from our tools (which link only the public libcgroup API).
Changelog:
- fixed typo in cgroup_log doxygen comment
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
John Fastabend [Wed, 20 Feb 2013 17:08:19 +0000 (09:08 -0800)]
libcg: scan running tasks at start time to classify existing pids
Add routine to scan rules.conf file and move matching running tasks
in /proc/pid/* into configured control groups. Then at init time
we can move running tasks into the correct control group.
Expose this routine via libcg so other applications can use it
to classify existing applications after creating control groups.
CC: Jan Safranek <jsafrane@redhat.com> Signed-off-by: John Fastabend <john.r.fastabend@intel.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
update documentation to reflect the changes regarding templates
cgrules.conf(5): add information about templates setting in rules
cgconfig.conf(5): add information about templates setting + example
cgrulesengd(8): add information about SIGUSR1 signal which call reloads
the templates configuration
README_daemon: the same change as in cgrulesengd(8)
cgroup_change_cgroup_flags: use templates if they are in rules
cgroup_change_cgroup_flags:
use cgroup_config_create_template_group instead of cgroup_create_cgroup
-> this function reads configure file, if it is not already cached and
use template setting from if the template is used in rule and the group
does not exist yet.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Jan Safranek<jsafrane@redhat.com>
api: add function for creating template control groups
add a function: int cgroup_config_create_template_group(const char *pathname,
struct cgroup *cgroup, char *template_name,
int ignore_ownership);
Physically create a new control group in kernel, based on given control
group template and configuration file. If given template is not set in
configuration file, then the procedure works create the control group
using cgroup_create_cgroup function
input parameters are:
pathname .. name of template configuration file (/etc/cgconfig.conf by default)
cgroup .. control group name and subsystems to which it should belong to
template_name .. name of the template we want to use
flags .. Bit flags to change the behavior
return 0 on success
CHANGELOG:
reload template rules if it is necessary, don't init them
create a control group in all controllers which have no relevant template
return the template name when it is changed - Jan's feedback
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Jan Safranek<jsafrane@redhat.com>
config.h: create function for init/reload cgconfig template cache
Two new functions maintain the templates cache:
int cgroup_init_templates_cache(char *pathname);
int cgroup_reload_cached_templates(char *pathname);
their are analogous to cgroup_init_rules_cache and cgroup_reload_cached_rules
the only difference is there can be set configuration file as a parameter
Changelog: remove useless comments
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-By: Jan Safranek <jsafrane@redhat.com>
cgconfig.conf: parse template tag and fill relevant structures
cgconfig.conf: this patch add structures : MAX_TEMPLATES, config_template_table, config_template_table_index and the body of functions: template_config_insert_cgroup, template_config_parse_controller_options
The structures stored the content of "template" tag from configuration file "cgconfig.conf". The structure have the same meaning as have structures for control groups tag.
CHANGELOG:
create enum instead of constants
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-By: Jan Safranek <jsafrane@redhat.com>
cgconfigparser: add template tag to cgconfigparser
Template cgroups mean control groups which are set in cgrules.conf file and the name contains % variable like %U (see cgrules.conf manual page for the whole list of variables).
This patch tunes cgconfigparser to accept template tag. With this patch the tag is accepted and ignored. The next patch will parse it and do relevant work.
cgroup_change_cgroup_flags: create template control group on the fly
Template cgroups mean control groups which are set in cgrules.conf file and the name contains % variable like %U (see cgrules.conf manual page for the whole list of variables).
This patch change cgroup_change_cgroup_flags function. Now if the wanted group is template group and the group does not exist then cgroup_change_cgroup_flags create the control group on the fly .
For now the created group can't be set - there is always used function cgroup_create_cgroup. This will be changed in other patch in this patchset.
EXAMPLE:
e.g.
@students devices people/students/%U
cgroup_change_cgroup_flags will create a cgroup /people/students/john if user john from group students run a command and the people does not exist yet.
if /people/students group does not exist it will be created as well
CHANGELOG:
backslash -> slash
cgroup_copy_with_backslash: fix the index of final '/' character
add last_errno setting
fix comments
CHANGELOGv2:
incorporate dhaval's feedback:
in cgroup_exist_in_subsystem add ret variable and handle it properly
make cgroup_create_template_group static
free template name if group_name can't be set
return '/' sign if there is a problem in cgroup_create_template_group while cycle
add new procedure not to have cgroup_create_template_group too large
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Jan Safranek<jsafrane@redhat.com>
Robert Milasan [Thu, 22 Nov 2012 16:47:47 +0000 (17:47 +0100)]
fix defaultcgroup detection (better description)
b55ce704 (scripts: cgconfig, cleanup) introduced a regression because
read is now executed in a subshell so the variables are not visible
in the outer context and so defaultcgtoup is never non-empty.
Fix the issue by using here text which doesn't involve subshell.
Signed-off-by: Robert Milasan <rmilasan@suse.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
cgrules.conf: don't put incomplete documentation inside the config
file. (There is missing the description of expandable strings in destination
column.) The link to manual page is better.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-By: Jan Safranek <jsafrane@redhat.com>
Dhaval Giani [Fri, 29 Jun 2012 09:37:39 +0000 (15:07 +0530)]
libcgroup: Add a cgroup element to point to the owner in the controller
Since the only way to create a controller is from the wrapper API, it is
always linked to one cgroup. Since it would help knowing which cgroup a
controller belongs to, let's just add that information in there.
Signed-off-by: Dhaval Giani <dhaval.giani@gmail.com> Cc: Glauber Costa <glommer@parallels.com>
Glauber Costa [Fri, 27 Jul 2012 10:55:55 +0000 (12:55 +0200)]
Fix cgroup_modify_cgroup gratuitous failure
Around one year ago, the following was reported:
http://comments.gmane.org/gmane.comp.lib.libcg.devel/3116 (Error when
calling cgroup_modify_cgroup())
I ran into the very same error. Inspecting the code in libcg, it seemed
to me that the best thing to avoid that is to never attempt to write
something the user never wrote to.
That is because if the user actually tries to write to a read-only file,
we should yield an error, making skipping read-only a bad solution.
My solution is to add a field to the value structure indicating whether
or not it is dirty. That value will indicate whether or not an error in
the write-to-filesystem routine is considered fatal or not. Non-dirty
values will still be written, but their failures are not considered
fatal. cgroup_modify_cgroup then becomes a simple flusher, and the
problem goes away.
[ v2: Also mark dirty value writes using cgroup_set_value_* ]
[ v3: fail if write fails only for dirty values ]
Signed-off-by: Glauber Costa <glommer@parallels.com>
The present version of lscgroup trimmed "/" signs from the end of output
path.
The functionality was necessary because of cg_build_path function add
useless "/" characters to the patch. This is fixed by the previous api
patch.
Moreover other unix commands (du, grep) leave the format of path as it
was added in input (with all typed "/" characters). Thus lscgroup should
not remove "/" which were added in command line.
Example
old version:
$ lscgroup memory://abc///
memory:/abc///
memory:/abc///gh
memory:/abc///def
$ lscgroup
cpuset:/
cpuset:/3
cg_build_path adds needless "/" character in cases when the input path
ends/starts with character "/" itself. This character is added now only
in cases it is wanted and it was not set.
Changelog
- incorporate Jan's feedback - fix typo in patch description, use snprintf instead of sprintf
- deal with the situation if directory name is empty as well
- move the path concatenation functionality to a separate function
In present version of testsuite OPAQUE_HIERARCHY variable is ignored,
thus testsuite is broken in systems where OPAQUE_HIERARCHY is nonempty. The patch fix this problem.
CHANGELOG v1:
* use ^cgroup instead of cgroup in grep (otherwise it counts also tmpfs /sys/fs/cgroup)
* remove obsolete IS_OPAQUE variable
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-By: Jan Safranek <jsafrane@redhat.com>
From: Ivana Hutarova Varekova <varekova@redhat.com>
lscgroup: fix path name trimming
lscgroup tool in display_controller_data procedure trimmed relative path
name too strictly, thus if the path have no leading "/" sign then the first
character was trimmed too.
More precisely the relative path is taken from the full path - path to the
controller root and relative path given on command line (with all
characters "/") + character "/" at the end of path. The length of suffix
which describe relative path is count from trimmed relative path given on
command line (without characters "/" at the beginning and at the end).
There have to be used the same relative path in both cases and -1 to the
length.
CHANGELOG v1:
* more detailed description
* fix the problem with "/" sign at the end of path too
EXAMPLE
without the patch:
$ lscgroup freezer:libvirt
freezer:/ibvirt/
freezer:/ibvirt/lxc
freezer:/ibvirt/qemu
with the patch:
$ lscgroup freezer:libvirt
freezer:/libvirt/
freezer:/libvirt/lxc
freezer:/libvirt/qemu
this patch fixes the problem.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-By: Jan Safranek<jsafrane@redhat.com>
Jan Safranek [Thu, 15 Dec 2011 13:55:51 +0000 (14:55 +0100)]
Libcgroup: added cgconfig.service unit for systemd.
The cgconfig.service unit file should create all groups in
/etc/cgconfig.conf and (if not overriden in the config file) with sticky
bit on their tasks file. On service stop, only control groups specified in the
config file are cleared and only if they are empty (i.e. no subgroups and no
processes inside).
Please review carefully, especially the ordering. I want the service to
start as early as possible, but not before local filesystem is ready.
Jan Safranek [Thu, 15 Dec 2011 13:55:43 +0000 (14:55 +0100)]
libcgroup: Added README_systemd file.
New documentation file is added. It should describe how systemd and
libcgroup should work together and how to configure a system to have
control groups created by libcgroup's cgconfig service.
I'm going to install this README into /usr/share/doc/libcgroup-*/.
I know I am not Shakespeare and also English is not my mother language, feel
free to comment also the style and grammar. Missing/wrong articles is my
speciality :).
Changelog:
- updated with review remarks from Martin Prpic and Kevin Constantine
Jan Safranek [Fri, 9 Dec 2011 14:04:33 +0000 (15:04 +0100)]
cgcreate, cgconfigparser: Added new parameter for tasks file permissions.
So far cgcreate and cgconfigparser have -f option, which sets permissions
of all files in a group, incl. tasks file. Since we need to put sticky bit
on the tasks file for systemd, this patch adds -s option for this purpose.
Jan Safranek [Fri, 9 Dec 2011 14:04:24 +0000 (15:04 +0100)]
cgcreate, cgconfigparser: Fixed permissions when only one of '-f' and '-d' is set.
When only one of '-f' and '-d' is set, the other is set automatically to
zero and nobody then has the rights to read/modify a group or group's
parameters.
Jan Safranek [Tue, 6 Dec 2011 15:06:58 +0000 (16:06 +0100)]
cgclear: fixed exit code with -e option
cgclear -e is supposed to clear only empty groups. This works fine, but
when a non-empty group is being cleared, cgclear displays an error and
returns nozero exit code.
It should be silent and return zero exit code, because stumbling upon a
nonempty group is perfectly fine and not an error.
With cgroup_config_set_default() can an application set default permissions
of groups and files created by cgroup_config_load_config(). See the
documentation of the function.
Jan Safranek [Wed, 30 Nov 2011 14:42:29 +0000 (15:42 +0100)]
tools: Added parse_mode() and parse_uid_gid() to tools_common.c.
The parse_mode() function will be used by cgconfigparser, so move it there.
In addition, the cgconfigparser will need uid:gid parsing routines from
cgcreate.c, so move it to common code as well.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com>
Jan Safranek [Wed, 30 Nov 2011 14:42:08 +0000 (15:42 +0100)]
cgconfigparser: Allow SUID and SGID permissions in 'fperm' and 'dperm' options.
libcgroup should allow SUID, SGID or sticky bit to be set either in
cgconfig.conf file or in API calls. Especially the sticky bit can be useful for
cooperation with systemd.
Jan Safranek [Wed, 30 Nov 2011 14:42:01 +0000 (15:42 +0100)]
cgconfigparser: Add 'default' section.
'default' section in cgconfig.conf file describes default owner and
permissions of group's control and task files. Using the 'default' section,
the common permissions can be specified only once per config file instead
of defining it separately for each group.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com>
Jan Safranek [Wed, 30 Nov 2011 14:41:53 +0000 (15:41 +0100)]
libcgroup: Define NO_UID_GID.
Group control or task file owner should have UID/GID set to NO_UID_GID to
distinguish permissions which were set in config file from undefined
values. In the end, NO_UID_GID is transtated to UID/GID 0, so users
won't see any difference.
This will allow subsequent patches to set default owners of files/directories if
the group definition itself did not contain perm {} section.
Jan Safranek [Thu, 3 Nov 2011 09:50:11 +0000 (10:50 +0100)]
tests: Added cgconfig tests
There are two tests:
- cgclear_config_one - tests cgclear with one config file, incl. several error
cases
- cgclear_config_multi - tests cgclear with multiple config files, not so
many error cases here
projects / thirdparty / libcgroup.git / log
