Tom Hromatka [Fri, 16 Oct 2020 14:58:12 +0000 (14:58 +0000)]
ftests: Add recursive cgdelete functional test
Add a test that creates a cgroup hierarchy and then invokes
cgdelete on the parent cgroup with the recursive flag set.
-----------------------------------------------------------------
Test Results:
Run Date: Oct 16 14:54:20
Passed: 2 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
---------------------------------------------------------
setup 15.11
001-cgget-basic_cgget.py 0.53
002-cgdelete-recursive_delete.py 0.26
teardown 0.00
---------------------------------------------------------
Total Run Time 15.90
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Wed, 23 Sep 2020 16:49:12 +0000 (10:49 -0600)]
gunit: Add unit tests for cgroupv2_controller_enabled()
This commit adds unit tests for cgroupv2_controller_enabled()
[----------] 4 tests from CgroupV2ControllerEnabled
[ RUN ] CgroupV2ControllerEnabled.CgroupV1Controller
[ OK ] CgroupV2ControllerEnabled.CgroupV1Controller (0 ms)
[ RUN ] CgroupV2ControllerEnabled.RootCgroup
[ OK ] CgroupV2ControllerEnabled.RootCgroup (1 ms)
[ RUN ] CgroupV2ControllerEnabled.ControllerEnabled
[ OK ] CgroupV2ControllerEnabled.ControllerEnabled (0 ms)
[ RUN ] CgroupV2ControllerEnabled.ControllerDisabled
[ OK ] CgroupV2ControllerEnabled.ControllerDisabled (0 ms)
[----------] 4 tests from CgroupV2ControllerEnabled (1 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Wed, 23 Sep 2020 16:48:34 +0000 (10:48 -0600)]
gunit: Add unit tests for cgroupv2_get_subtree_control()
This commit adds unit tests for cgroupv2_get_subtree_control()
[----------] 6 tests from GetSubtreeControlTest
[ RUN ] GetSubtreeControlTest.SingleControllerEnabled
[ OK ] GetSubtreeControlTest.SingleControllerEnabled (0 ms)
[ RUN ] GetSubtreeControlTest.SingleControllerNoMatch
[ OK ] GetSubtreeControlTest.SingleControllerNoMatch (0 ms)
[ RUN ] GetSubtreeControlTest.SingleControllerNoMatch2
[ OK ] GetSubtreeControlTest.SingleControllerNoMatch2 (0 ms)
[ RUN ] GetSubtreeControlTest.MultipleControllersEnabled
[ OK ] GetSubtreeControlTest.MultipleControllersEnabled (0 ms)
[ RUN ] GetSubtreeControlTest.MultipleControllersEnabled2
[ OK ] GetSubtreeControlTest.MultipleControllersEnabled2 (0 ms)
[ RUN ] GetSubtreeControlTest.MultipleControllersNoMatch
[ OK ] GetSubtreeControlTest.MultipleControllersNoMatch (0 ms)
[----------] 6 tests from GetSubtreeControlTest (0 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Wed, 23 Sep 2020 16:47:32 +0000 (10:47 -0600)]
gunit: Add unit tests for cgroup_build_tasks_procs_path()
This commit adds unit tests for cgroup_build_tasks_procs_path()
[----------] 6 tests from BuildTasksProcPathTest
[ RUN ] BuildTasksProcPathTest.BuildTasksProcPathTest_ControllerNotFound
[ OK ] BuildTasksProcPathTest.BuildTasksProcPathTest_ControllerNotFound (0 ms)
[ RUN ] BuildTasksProcPathTest.BuildTasksProcPathTest_UnknownCgVersion
[ OK ] BuildTasksProcPathTest.BuildTasksProcPathTest_UnknownCgVersion (0 ms)
[ RUN ] BuildTasksProcPathTest.BuildTasksProcPathTest_CgV1
[ OK ] BuildTasksProcPathTest.BuildTasksProcPathTest_CgV1 (0 ms)
[ RUN ] BuildTasksProcPathTest.BuildTasksProcPathTest_CgV2
[ OK ] BuildTasksProcPathTest.BuildTasksProcPathTest_CgV2 (1 ms)
[ RUN ] BuildTasksProcPathTest.BuildTasksProcPathTest_CgV1WithNs
[ OK ] BuildTasksProcPathTest.BuildTasksProcPathTest_CgV1WithNs (0 ms)
[ RUN ] BuildTasksProcPathTest.BuildTasksProcPathTest_CgV2WithNs
[ OK ] BuildTasksProcPathTest.BuildTasksProcPathTest_CgV2WithNs (0 ms)
[----------] 6 tests from BuildTasksProcPathTest (1 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Thu, 16 Jul 2020 20:55:33 +0000 (14:55 -0600)]
gunit: Add unit tests for cgroup_create_cgroup()
This commit adds unit tests for cgroup_create_cgroup().
[----------] 3 tests from CgroupCreateCgroupTest
[ RUN ] CgroupCreateCgroupTest.CgroupCreateCgroupV1
[ OK ] CgroupCreateCgroupTest.CgroupCreateCgroupV1 (1 ms)
[ RUN ] CgroupCreateCgroupTest.CgroupCreateCgroupV2
[ OK ] CgroupCreateCgroupTest.CgroupCreateCgroupV2 (0 ms)
[ RUN ] CgroupCreateCgroupTest.CgroupCreateCgroupV1AndV2
[ OK ] CgroupCreateCgroupTest.CgroupCreateCgroupV1AndV2 (1 ms)
[----------] 3 tests from CgroupCreateCgroupTest (2 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Thu, 16 Jul 2020 20:34:55 +0000 (14:34 -0600)]
gunit: Add unit tests for cgroupv2_subtree_control()
This commit adds unit tests for cgroupv2_subtree_control().
[----------] 2 tests from SubtreeControlTest
[ RUN ] SubtreeControlTest.AddController
[ OK ] SubtreeControlTest.AddController (0 ms)
[ RUN ] SubtreeControlTest.RemoveController
[ OK ] SubtreeControlTest.RemoveController (0 ms)
[----------] 2 tests from SubtreeControlTest (0 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Thu, 16 Jul 2020 19:57:49 +0000 (13:57 -0600)]
tests: Set cgroup version in test 006
This commit explicitly sets the cgroup version in the
fictitious mount table in test 006. With the introduction
of the CGROUP_UNK enumeration value, this test fails without
explicitly setting the version to CGROUP_V1.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Wed, 15 Jul 2020 18:36:07 +0000 (12:36 -0600)]
gunit: Add unit tests for cgroup_chown_chmod_tasks()
This commit adds unit tests for cgroup_chown_chmod_tasks().
[----------] 1 test from ChownChmodTasksTest
[ RUN ] ChownChmodTasksTest.SuccessfulChownChmod
[ OK ] ChownChmodTasksTest.SuccessfulChownChmod (0 ms)
[----------] 1 test from ChownChmodTasksTest (0 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Wed, 15 Jul 2020 18:15:14 +0000 (12:15 -0600)]
gunit: Add unit tests for cgroup_set_values_recursive()
This commit adds unit tests for cgroup_set_values_recursive().
[----------] 1 test from SetValuesRecursiveTest
[ RUN ] SetValuesRecursiveTest.SuccessfulSetValues
[ OK ] SetValuesRecursiveTest.SuccessfulSetValues (1 ms)
[----------] 1 test from SetValuesRecursiveTest (1 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Thu, 7 May 2020 20:19:01 +0000 (20:19 +0000)]
gunit: Add unit tests for cgroup_process_v2_mnt()
This commit adds unit tests for cgroup_process_v2_mnt().
[----------] 3 tests from CgroupProcessV2MntTest
[ RUN ] CgroupProcessV2MntTest.AddV2Mount
[ OK ] CgroupProcessV2MntTest.AddV2Mount (1 ms)
[ RUN ] CgroupProcessV2MntTest.AddV2Mount_Duplicate
[ OK ] CgroupProcessV2MntTest.AddV2Mount_Duplicate (0 ms)
[ RUN ] CgroupProcessV2MntTest.EmptyControllersFile
[ OK ] CgroupProcessV2MntTest.EmptyControllersFile (1 ms)
[----------] 3 tests from CgroupProcessV2MntTest (2 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Thu, 7 May 2020 20:15:24 +0000 (20:15 +0000)]
gunit: Add unit tests for cgroup_process_v1_mnt()
This commit adds unit tests for cgroup_process_v1_mnt(). Note
that the compiler flag -Wno-write-strings was also added because
C++ throws a warning due to how the controllers[] array is
utilized.
[----------] 4 tests from CgroupProcessV1MntTest
[ RUN ] CgroupProcessV1MntTest.AddV1Mount
[ OK ] CgroupProcessV1MntTest.AddV1Mount (0 ms)
[ RUN ] CgroupProcessV1MntTest.AddV1Mount_Duplicate
[ OK ] CgroupProcessV1MntTest.AddV1Mount_Duplicate (0 ms)
[ RUN ] CgroupProcessV1MntTest.AddV1NamedMount
[ OK ] CgroupProcessV1MntTest.AddV1NamedMount (0 ms)
[ RUN ] CgroupProcessV1MntTest.AddV1NamedMount_Duplicate
[ OK ] CgroupProcessV1MntTest.AddV1NamedMount_Duplicate (0 ms)
[----------] 4 tests from CgroupProcessV1MntTest (0 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 20 Apr 2020 17:37:52 +0000 (11:37 -0600)]
tests: Add unit tests for cgroup_get_cgroup()
This commit adds a unit test for cgroup_get_cgroup(). To
facilitate this, it creates a pseudo-cgroup sysfs in the
working directory and updates the test's cg_mount_table[]
to point at this temporary directory.
[----------] 2 tests from CgroupGetCgroupTest
[ RUN ] CgroupGetCgroupTest.CgroupGetCgroup1
[ OK ] CgroupGetCgroupTest.CgroupGetCgroup1 (3 ms)
[ RUN ] CgroupGetCgroupTest.CgroupGetCgroup_NoTasksFile
[ OK ] CgroupGetCgroupTest.CgroupGetCgroup_NoTasksFile (2 ms)
[----------] 2 tests from CgroupGetCgroupTest (6 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Nikola Forró [Thu, 16 Jan 2020 17:43:54 +0000 (18:43 +0100)]
Increase maximal size of controller values
Maximal length of a controller value is determined by CG_VALUE_MAX,
which is equal to 100. That is not sufficient in some cases.
Add new constant CG_CONTROL_VALUE_MAX (to prevent breaking current API)
and set it to 4096, which is usually equal to the amount of bytes that
can be written to a sysctl file directly.
Add warning message about exceeding the limit while parsing
configuration file.
Signed-off-by: Nikola Forró <nforro@redhat.com> Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Nikola Forró [Thu, 16 Jan 2020 17:43:51 +0000 (18:43 +0100)]
api.c: Preserve dirty flag when copying controller values
When setting cgroup parameters with cgset fails, no error is reported.
This is caused by the fact that cgroup_copy_controller_values is not
preserving dirty flags of the values, so it's making all errors
considered non-fatal.
Signed-off-by: Nikola Forró <nforro@redhat.com> Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Nikola Forró [Thu, 16 Jan 2020 17:43:50 +0000 (18:43 +0100)]
api.c: Fix potential buffer overflow
It is assumed that arguments read from /proc/<pid>/cmdline don't exceed
buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's
not always the case.
Add check to prevent buffer overflow and discard the excessive part of
an argument.
Signed-off-by: Nikola Forró <nforro@redhat.com> Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Nikola Forró [Thu, 16 Jan 2020 17:43:49 +0000 (18:43 +0100)]
api.c: Fix order of memory subsystem parameters generated by cgsnapshot
Order of parameters usually doesn't matter, but that's not the case with
memory.limit_in_bytes and memory.memsw.limit_in_bytes. When the latter
is first in the list of parameters, the resulting configuration is not
loadable with cgconfigparser.
This happens because when a cgroup is created, both memory.limit_in_bytes
and memory.memsw.limit_in_bytes parameters are initialized to highest
value possible (RESOURCE_MAX). And because memory.memsw.limit_in_bytes
must be always higher or equal to memory.limit_in_bytes, it's impossible
to change its value first.
Make sure that after constructing parameter list of memory subsystem,
the mentioned parameters are in correct order.
Signed-off-by: Nikola Forró <nforro@redhat.com> Reviewed-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 13 Jan 2020 23:34:56 +0000 (23:34 +0000)]
tests: Fix test failure on Fedora 30
Unit test 004-cgroup_compare_ignore_rule.cpp segfaults on
test CgroupCompareIgnoreRuleTest.CombinedControllers(). This
is due to rule.procname being uninitialized. This commit
initializes the entire rule structure to zero.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 13 Jan 2020 23:31:20 +0000 (23:31 +0000)]
autotools: gtest: Distribute the googletest *.so files
googletest strongly recommends that their library is
rebuilt on each platform, but this runs counter to a
tagged release of code that utilizes gtest. This commit
enables `make dist` to bundle the googletest *.so files
into the resultant zip file.
Note that these googletest *.so files are dependent upon
a certain version of glibc (and other libraries) and may
not work on distros with very old versions of those
tools.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Fri, 10 Jan 2020 22:46:26 +0000 (22:46 +0000)]
gtest: Cleanup gtest make targets
Prior to this commit the unit test map file was being
included in the source directory. It has now been moved
to the tests/gunit directory. This commit also properly
connects the tests/gunit Makefile to the googletest *.la
so that a recompile of googletest is not required.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Fri, 10 Jan 2020 22:44:04 +0000 (22:44 +0000)]
bootstrap: Actually build gtest
googletest should be entirely compiled into an *.la
prior to ./configure. The *.la should be added as
an extra distribution item to the dist tarball. This
will make it so that the distribution vendors do not
need to rebuild googletest.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Tue, 7 Jan 2020 19:31:45 +0000 (12:31 -0700)]
wrapper.c: Fix potentially unterminated strings
This commit fixes two adjacent strncpys that could result
in unterminated strings:
CID 1412144 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)13. buffer_size_warning: Calling strncpy with a
maximum size argument of 100 bytes on destination array
cntl_value->value of size 100 bytes might leave the destination string
unterminated.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Tue, 7 Jan 2020 18:53:23 +0000 (11:53 -0700)]
wrapper.c: Fix buffer not null terminated Coverity warning
This patch fixes the following Coverity warning:
CID 1412155 (#1 of 1): Buffer not null terminated
(BUFFER_SIZE_WARNING)4. buffer_size_warning: Calling strncpy with a
maximum size argument of 100 bytes on destination array val->value of
size 100 bytes might leave the destination string unterminated.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Tue, 7 Jan 2020 15:03:49 +0000 (08:03 -0700)]
config.c: Silence Coverity warning about unterminated string
This commit silences the following Coverity warning:
CID 1412118 (#1 of 1): Buffer not null terminated
(BUFFER_SIZE_WARNING)6. buffer_size_warning: Calling strncpy with a
maximum size argument of 4096 bytes on destination array mount->name of
size 4096 bytes might leave the destination string unterminated.
Note that there are several areas (including this piece of code)
in libcgroup that do not gracefully handle string truncation. That
will be addressed in future patches.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Tue, 7 Jan 2020 14:22:14 +0000 (07:22 -0700)]
config.c: Fix Coverity warning about uninitialized pointer read
This commit resolves the following warning from Coverity:
CID 1412139 (#1 of 1): Uninitialized pointer read (UNINIT)5.
uninit_use_in_call: Using uninitialized value ctrl_handle when calling
cgroup_get_controller_end.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Sun, 5 Jan 2020 22:26:47 +0000 (15:26 -0700)]
api.c: Fix string truncation warning
This commit fixes this warning in api.c:
api.c: In function ‘cgroup_delete_cgroup_ext’:
api.c:2285:51: warning: ‘snprintf’ output may be truncated before the
last format character [-Wformat-truncation=]
2285 | snprintf(child_name, sizeof(child_name), "%s/%s",
| ^
api.c:2285:4: note: ‘snprintf’ output 2 or more bytes (assuming 4097)
into a destination of size 4096
2285 | snprintf(child_name, sizeof(child_name), "%s/%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2286 | cgroup_name,
| ~~~~~~~~~~~~
2287 | info.full_path + group_len);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Sun, 5 Jan 2020 22:17:09 +0000 (15:17 -0700)]
api.c: Fix string truncation warning
This commit fixes this warning in api.c:
api.c: In function ‘cgroup_read_value_begin’:
api.c:4114:47: warning: ‘snprintf’ output may be truncated before the
last format character [-Wformat-truncation=]
4114 | snprintf(stat_file, sizeof(stat_file), "%s/%s", stat_path,
| ^
api.c:4114:2: note: ‘snprintf’ output 2 or more bytes (assuming 4097)
into a destination of size 4096
4114 | snprintf(stat_file, sizeof(stat_file), "%s/%s", stat_path,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4115 | name);
| ~~~~~
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Sun, 5 Jan 2020 22:13:51 +0000 (15:13 -0700)]
api.c: Fix string truncation warning
This commit fixes this warning in api.c:
api.c: In function ‘cgroup_read_stats_begin’:
api.c:4189:47: warning: ‘.stat’ directive output may be truncated
writing 5 bytes into a region of size between 0 and 4095
[-Wformat-truncation=]
4189 | snprintf(stat_file, sizeof(stat_file), "%s/%s.stat", stat_path,
| ^~~~~
api.c:4189:2: note: ‘snprintf’ output 7 or more bytes (assuming 4102)
into a destination of size 4096
4189 | snprintf(stat_file, sizeof(stat_file), "%s/%s.stat", stat_path,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4190 | controller);
| ~~~~~~~~~~~
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Sun, 5 Jan 2020 22:46:02 +0000 (15:46 -0700)]
cgrulesengd: Fix improper indentation warning
This commit fixes the following warning:
cgrulesengd.c: In function ‘cgre_parse_syslog_facility’:
cgrulesengd.c:1015:5: warning: this ‘if’ clause does not guard...
[-Wmisleading-indentation]
1015 | if (strlen(arg) > 1)
| ^~
cgrulesengd.c:1018:2: note: ...this statement, but the latter is
misleadingly indented as if it were guarded by the ‘if’
1018 | switch (arg[0]) {
| ^~~~~~
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Nikola Forró [Mon, 6 Jan 2020 16:09:30 +0000 (09:09 -0700)]
parse.y: Fix type declaration for group_name
The group_name grammar rule was incorrectly defined as
returning a type<val> which is an int. It actually returns
a type<name> which is a char *.
Having group_name declared as val (int) and assigning a char * value
to it can lead to crashes on platforms where pointer size exceeds
size of int.
On newer versions of Bison, this bug led to the following
warnings during compilation:
parse.y: In function ‘yyparse’:
parse.y:106:56: warning: passing argument 1 of
‘cgroup_config_insert_cgroup’ makes pointer from integer
without a cast [-Wint-conversion]
106 | $$ = cgroup_config_insert_cgroup($2);
| ^
| |
| int
In file included from parse.y:21:
./libcgroup-internal.h:231:39: note: expected ‘char *’ but argument is
of type ‘int’
231 | int cgroup_config_insert_cgroup(char *cg_name);
| ~~~~~~^~~~~~~
parse.y:125:15: warning: assignment to ‘int’ from ‘char *’ makes integer
from pointer without a cast [-Wint-conversion]
125 | $$ = $1;
| ^
parse.y:129:15: warning: assignment to ‘int’ from ‘char *’ makes integer
from pointer without a cast [-Wint-conversion]
129 | $$ = $1;
| ^
parse.y: In function ‘yyparse’:
parse.y:106:56: warning: passing argument 1 of
‘cgroup_config_insert_cgroup’ makes pointer from integer without a cast
[-Wint-conversion]
106 | $$ = cgroup_config_insert_cgroup($2);
| ^
| |
| int
In file included from parse.y:21:
./libcgroup-internal.h:231:39: note: expected ‘char *’ but argument is
of type ‘int’
231 | int cgroup_config_insert_cgroup(char *cg_name);
| ~~~~~~^~~~~~~
parse.y:125:15: warning: assignment to ‘int’ from ‘char *’ makes integer
from pointer without a cast [-Wint-conversion]
125 | $$ = $1;
| ^
parse.y:129:15: warning: assignment to ‘int’ from ‘char *’ makes integer
from pointer without a cast [-Wint-conversion]
129 | $$ = $1;
| ^
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Nikola Forró <nforro@redhat.com> Acked-by: Michal Koutný <mkoutny@suse.com>
Tom Hromatka [Wed, 20 Nov 2019 17:09:33 +0000 (17:09 +0000)]
tests: Add unit tests for cgroup_compare_wildcard_procname()
This commit adds unit tests for cgroup_compare_wildcard_procname().
The following tests are included in this commit:
WildcardProcnameSimpleMatch - Compares an ignore rule with a
wildcarded procname with a matching procname. Expects true.
WildcardProcnameNoMatch - Compares an ignore rule with a wildcarded
procname with a process that has a non-matching name. Expects
false.
ProcnameWildcard_AsteriskNoMatch - Compares a wildcard rule with
a process name that doesn't match. Expects false.
ProcnameWildcard_AsteriskMatch - Compares a wildcard rule with
a process name that does match the rule. Expects true.
ProcnameWildcard_AsteriskNoMatch2 - Compares a wildcard rule
with a process name that is shorter than the rule and thus
does not match. Expects false.
ProcnameWildcard_AsteriskMatchExactly - Compares a wildcard
rule with a process name that matches the rule exactly.
Expects true.
ProcnameWildcard_NoAsteriskMatchExactly - Compares a rule
with no wildcards with a process name that exactly matches
the rule. Expects false as the function exits early due
to no asterisk in the rule.
The results from googletest are reported below:
[----------] 13 tests from CgroupCompareIgnoreRuleTest
<snip>
[ RUN ] CgroupCompareIgnoreRuleTest.WildcardProcnameSimpleMatch
[ OK ] CgroupCompareIgnoreRuleTest.WildcardProcnameSimpleMatch (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.WildcardProcnameNoMatch
[ OK ] CgroupCompareIgnoreRuleTest.WildcardProcnameNoMatch (0 ms)
[----------] 13 tests from CgroupCompareIgnoreRuleTest (1 ms total)
[----------] 7 tests from ProcnameWildcardTest
[ RUN ] ProcnameWildcardTest.ProcnameWildcard_NoAsterisk
[ OK ] ProcnameWildcardTest.ProcnameWildcard_NoAsterisk (0 ms)
[ RUN ] ProcnameWildcardTest.ProcnameWildcard_AsteriskNoMatch
[ OK ] ProcnameWildcardTest.ProcnameWildcard_AsteriskNoMatch (0 ms)
[ RUN ] ProcnameWildcardTest.ProcnameWildcard_AsteriskMatch
[ OK ] ProcnameWildcardTest.ProcnameWildcard_AsteriskMatch (0 ms)
[ RUN ] ProcnameWildcardTest.ProcnameWildcard_AsteriskNoMatch2
[ OK ] ProcnameWildcardTest.ProcnameWildcard_AsteriskNoMatch2 (0 ms)
[ RUN ] ProcnameWildcardTest.ProcnameWildcard_AsteriskMatchExactly
[ OK ] ProcnameWildcardTest.ProcnameWildcard_AsteriskMatchExactly (0 ms)
[ RUN ] ProcnameWildcardTest.ProcnameWildcard_NoAsteriskMatchExactly
[ OK ] ProcnameWildcardTest.ProcnameWildcard_NoAsteriskMatchExactly (0 ms)
[ RUN ] ProcnameWildcardTest.ProcnameWildcard_AsteriskFirstChar
[ OK ] ProcnameWildcardTest.ProcnameWildcard_AsteriskFirstChar (0 ms)
[----------] 7 tests from ProcnameWildcardTest (0 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 4 Nov 2019 23:20:01 +0000 (23:20 +0000)]
tests: Add unit tests for cgroup_compare_ignore_rule()
The following tests are in this commit:
NotAnIgnore() - Test that non-ignore rules are not processed
SimpleMatch() - Test that an ignore rule with a matching cgroup
and controller match
CgroupsDontMatch() - Test that cgroups with similar but not matching
names do not match
ControllersDontMatch() - Test that controllers with non-matching
names do not match
CombinedControllers() - Test that controllers that have been mounted
on the same path, e.g. cpu,cpuacct, can be matched by a rule
MatchChildFolder() - Compares a rule with a single-level hierarchy
with a rule that matches that hierarchy
MatchGrandchildFolder() - Compares a rule with a multi-level hierarchy
with a process that matches that hierachy
MatchSimilarChildFolder() - Compares a child folder that is similar
to the rule. This mimics a misconfiguration that a user could
make
RealWorldMatch() - Test that a realistic cgroup proc file matches
a new process
RealWorldNoMatch() - Test that a realistic cgroup proc file will
not match a new process
SimilarFolderNoMatch() - Compares a rule with a folder name that
is similar to the process' cgroup, but not a match
RootDestinationMatch() - Compares a rule with the root as the
destination and a process also running in the root cgroup
RootDestinationNoMatch() - Compares a rule with the root as the
destination and a process in another cgroup folder
The results from googletest are reported below:
[----------] 13 tests from CgroupCompareIgnoreRuleTest
[ RUN ] CgroupCompareIgnoreRuleTest.NotAnIgnore
[ OK ] CgroupCompareIgnoreRuleTest.NotAnIgnore (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.SimpleMatch
[ OK ] CgroupCompareIgnoreRuleTest.SimpleMatch (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.CgroupsDontMatch
[ OK ] CgroupCompareIgnoreRuleTest.CgroupsDontMatch (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.ControllersDontMatch
[ OK ] CgroupCompareIgnoreRuleTest.ControllersDontMatch (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.CombinedControllers
[ OK ] CgroupCompareIgnoreRuleTest.CombinedControllers (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.MatchChildFolder
[ OK ] CgroupCompareIgnoreRuleTest.MatchChildFolder (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.MatchGrandchildFolder
[ OK ] CgroupCompareIgnoreRuleTest.MatchGrandchildFolder (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.MatchSimilarChildFolder
[ OK ] CgroupCompareIgnoreRuleTest.MatchSimilarChildFolder (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.RealWorldMatch
[ OK ] CgroupCompareIgnoreRuleTest.RealWorldMatch (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.RealWorldNoMatch
[ OK ] CgroupCompareIgnoreRuleTest.RealWorldNoMatch (1 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.SimilarFolderNoMatch
[ OK ] CgroupCompareIgnoreRuleTest.SimilarFolderNoMatch (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.RootDestinationMatch
[ OK ] CgroupCompareIgnoreRuleTest.RootDestinationMatch (0 ms)
[ RUN ] CgroupCompareIgnoreRuleTest.RootDestinationNoMatch
[ OK ] CgroupCompareIgnoreRuleTest.RootDestinationNoMatch (0 ms)
[----------] 13 tests from CgroupCompareIgnoreRuleTest (3 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 4 Nov 2019 23:18:48 +0000 (23:18 +0000)]
api.c: Add logic to process ignore rules
This commit updates the cgrulesengd logic that matches the new pid
to its corresponding rule by adding support for ignore rules. If
a user has created an ignore rule and the pid matches that rule
completely, then cgrulesengd will perform no further processing
(e.g. moving the pid to a different cgroup) on that pid. It is
assumed that a separate process - outside of libcgroup - will
manage that process and its cgroups.
For the above example:
* A new process named "foo" spawned in the IgnoreCgroup will be
ignored by cgrulesengd and will not be moved to DefaultCgroup
* A new process named "bar" spawned in the root cgroup will not
match the ignore rule and will be moved to the DefaultCgroup
by the second rule
* Any processes not in IgnoreCgroup will be automatically moved
to the default cgroup
For the above example:
* A new process named "bar" spawned in IgnoreCgroup2/childcg
will match the first rule and thus be ignored by cgrulesengd
and will not be moved
* In fact, any process in IgnoreCgroup2 or its children cgroup(s)
will be ignored by cgrulesengd
* cgrulesengd will attempt to move all other processes that don't
match the ignore rule to the default cgroup
<user> <controller> <destination> <options>
jdoe:foo cpu IgnoreCgroup ignore
* cpu DefaultCgroup
For the above example:
* If a process named "foo" is spawned by user jdoe and is in the
IgnoreCgroup cgroup, then cgrulesengd will ignore it and it
will not be moved
* If a process named "bar" is spawned in IgnoreCgroup, it will
not match the first rule and will fall into the default
rule. Thus it will be moved to the DefaultCgroup
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 4 Nov 2019 23:16:15 +0000 (23:16 +0000)]
tests: Add unit tests for cg_get_cgroups_from_proc_cgroups()
The following tests are in this commit:
ReadSingleLine() - Read a single valid line with a non-root controller
ReadSingleLine2() - Read a single valid line with a root controller
ReadEmptyController() - Some systems list a controller with no name.
This test simulates that scenario
ReadExampleFile() - Read several lines that are similar to a typical
/proc/{pid}/cgroups file
The results from googletest are reported below:
[----------] 4 tests from GetCgroupsFromProcCgroupsTest
[ RUN ] GetCgroupsFromProcCgroupsTest.ReadSingleLine
[ OK ] GetCgroupsFromProcCgroupsTest.ReadSingleLine (0 ms)
[ RUN ] GetCgroupsFromProcCgroupsTest.ReadSingleLine2
[ OK ] GetCgroupsFromProcCgroupsTest.ReadSingleLine2 (1 ms)
[ RUN ] GetCgroupsFromProcCgroupsTest.ReadEmptyController
[ OK ] GetCgroupsFromProcCgroupsTest.ReadEmptyController (0 ms)
[ RUN ] GetCgroupsFromProcCgroupsTest.ReadExampleFile
[ OK ] GetCgroupsFromProcCgroupsTest.ReadExampleFile (0 ms)
[----------] 4 tests from GetCgroupsFromProcCgroupsTest (1 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 4 Nov 2019 23:16:00 +0000 (23:16 +0000)]
api.c: Add function to read /proc/{pid}/cgroup
This commit adds a function that, given a pid, can read in
the controllers and cgroups listed in /proc/{pid}/cgroup.
The caller is expected to allocate the controller_list[]
and cgroup_list[] arrays as well as null each entry in the
arrays. cg_get_cgroups_from_proc_cgroups() will allocate
the necessary memory for each string within the arrays.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 4 Nov 2019 23:15:32 +0000 (23:15 +0000)]
tests: Add unit tests for cgroup_parse_rules_options()
The following tests are in this commit:
RulesOptions_Ignore() - The valid option "ignore" is tested
RulesOptions_IgnoreWithComma() - The valid (but syntactically
strange) option "ignore," is tested
RulesOptions_InvalidOption() - An invalid option is tested
RulesOptions_InvalidOption2() - An invalid option along with
a valid option is tested
RulesOptions_EmptyOptions() - An empty string is tested
RulesOptions_NullOptions() - A null-pointer option string is
tested
The results from googletest are reported below:
[----------] 6 tests from ParseRulesOptionsTest
[ RUN ] ParseRulesOptionsTest.RulesOptions_Ignore
[ OK ] ParseRulesOptionsTest.RulesOptions_Ignore (0 ms)
[ RUN ] ParseRulesOptionsTest.RulesOptions_IgnoreWithComma
[ OK ] ParseRulesOptionsTest.RulesOptions_IgnoreWithComma (0 ms)
[ RUN ] ParseRulesOptionsTest.RulesOptions_InvalidOption
[ OK ] ParseRulesOptionsTest.RulesOptions_InvalidOption (0 ms)
[ RUN ] ParseRulesOptionsTest.RulesOptions_InvalidOption2
[ OK ] ParseRulesOptionsTest.RulesOptions_InvalidOption2 (0 ms)
[ RUN ] ParseRulesOptionsTest.RulesOptions_EmptyOptions
[ OK ] ParseRulesOptionsTest.RulesOptions_EmptyOptions (0 ms)
[ RUN ] ParseRulesOptionsTest.RulesOptions_NullOptions
[ OK ] ParseRulesOptionsTest.RulesOptions_NullOptions (0 ms)
[----------] 6 tests from ParseRulesOptionsTest (0 ms total)
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 4 Nov 2019 23:15:11 +0000 (23:15 +0000)]
api.c: Add options field for rules defined in cgrules conf file
This commit adds a fourth field called options to the rules
entry in cgrules configuration files. Note that the field is
optional and existing rules will be parsed exactly as before.
Also, this commit only adds the parsing of the options field.
It doesn't change the rule behavior logic; that will come in
a subsequent commit.
An example cgrules.conf using this feature:
<user> <controller> <destination> <options>
* cpu MyCgroup ignore
* cpu DefaultCgroup
In the above example (and once the subsequent processing is
added), any process currently in the cpu controller and
MyCgroup will be ignored by cgrulesengd. In other words,
cgrules will not try to move these processes to another cgroup
or manage them in any fashion. It is anticipated that a
separate user process (outside of the scope of libcgroup) will
manage pids in this scenario.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 18 Nov 2019 16:32:08 +0000 (16:32 +0000)]
api: Increase MAX_MNT_ELEMENTS to 16
Newer kernels now support many cgroup controllers; thus we
need to increase the number of elements we can safely read
from /proc/{pid}/cgroup. This commit increases the number
of elements from 8 to 16.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 4 Nov 2019 23:14:16 +0000 (23:14 +0000)]
tests: Add STATIC and UNIT_TEST definitions to automake files
This commit adds two new definitions to the automake Makefile.am
files. This change has no effect on the deliverable binaries.
STATIC - For a standard libcgroup library build, STATIC is equal
to the "static" keyword and behaves exactly the same.
For a unit test build, STATIC is mapped to an empty
string. This allows the unit tests to invoke static
functions that would otherwise be unavailable to the
test suite.
UNIT_TEST - This define is used in libcgroup-internal.h to
wrap the function prototypes of STATIC functions.
In a standard libcgroup library build, UNIT_TEST
is _not_ defined, and thus the prototypes are not
available. In a unit test build, UNIT_TEST is
defined and the function prototypes are available
for the unit tests to use.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Thu, 10 Oct 2019 15:52:03 +0000 (09:52 -0600)]
README: Add README.md
This commit adds README.md. It contains graphics that show the
status of the continuous integration and code coverage results.
It also contains a link to the original README. Note that github
doesn't allow the inlining of files in markdown due to security
concerns, so a link is the best we can do.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Mon, 23 Sep 2019 22:14:50 +0000 (22:14 +0000)]
tests: Gather code coverage data after a successful CI run
Upon successful completion of a continuous integration (CI) build
through Travis CI, this commit enables coveralls.io to generate
code coverage results by utilizing the gcov data generated
during both the unit and functional test runs.
Note that the m4/ax_code_coverage.m4 file is provided by the
autoconf team, and it has been used verbatim. The original
file is available here:
https://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=blob_plain;f=m4/ax_code_coverage.m4
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Mon, 23 Sep 2019 22:09:48 +0000 (22:09 +0000)]
tests: Switch to using LXD for functional tests
Prior to this commit, the functional tests used LXC. LXD is
better for configuring a shared device between the host and
container that can be written to by the container. This
feature is critical for tracking code coverage in the
functional tests.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 19 Sep 2019 20:55:12 +0000 (14:55 -0600)]
tests: Disable the legacy tests
The legacy tests do not successfully run in Travis CI. This
commit disables them from running but does leave the test
code in place. The future of these tests and whether they will
be removed from the repo or not will be revisited at a later
date.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 19 Sep 2019 20:51:55 +0000 (14:51 -0600)]
tests: Use python3 in the functional tests
Python 2.7 will not be maintained beyond January 1, 2020. To
avoid potential problems when python 2 is retired, this commit
explicitly instructs the functional tests to use python3.
Suggested-by: Michal Koutný <mkoutny@suse.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Mon, 7 Oct 2019 20:44:46 +0000 (14:44 -0600)]
tests: Fix inconsistent return value in functional test's Container() class
This commit fixes the Container() class' inconsistent usage
of decode(). In the rootfs() method, it returned a binary
array in one case and a string in another. Now the rootfs()
method will always return a string.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Mon, 7 Oct 2019 20:42:21 +0000 (14:42 -0600)]
tests: Fix errors in functional test error path handling
The RunError() exception class had two bugs that prevented
it from properly formatting a run exception:
1) It wasn't being created properly due to a misplaced
parenthesis
2) It had a syntax error in its __str__() method where
it was using self.message rather than self.command
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 19 Sep 2019 20:40:37 +0000 (14:40 -0600)]
tests: Improve the unit test framework integration with automake
Prior to this commit, the unit test framework behaved slightly
differently depending upon how the libcgroup git repo was
cloned. This commit standardizes the unit test framework's
behavior by initializing the googletest submodule when
bootstrap.sh is invoked.
This commit also cleans up a potential issue on some versions
of automake that don't properly expand $(top_builddir) early
in the automake process.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 27 Jun 2019 17:34:00 +0000 (11:34 -0600)]
tests: Add functional test for basic cgget operations
This commit adds a functional test for a basic cgget call. The
test utilizes the new functional text framework and lxc
containers to establish a non-destructive cgroup test
environment.
Tests added:
001-cgget-basic_cgget.py - Test simple cgget functionality
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 27 Jun 2019 17:28:53 +0000 (11:28 -0600)]
tests: Add functional test suite
This commit adds a functional test suite that utilizes lxc
containers to guarantee a non-destructive test environment.
The tests can be invoked individually, as a group of related
tests, or from automake via the standard 'make check'
command.
No tests are included as part of this commit.
Example test invocations:
Run a single test (first cd to tests/ftests):
./001-cgget-basic_cgget.py
or
./ftests.py -N 15 # Run test #015
Run a suite of tests (first cd to tests/ftests):
./ftests.py -s cgget # Run all cgget tests
Run all the tests by hand
./ftests.py
# This may be advantageous over running make check
# because it will try to re-use the same lxc
# container for all of the tests. This should
# provide a significant performance increase
Run the tests from automake
make check
# Then examine the *.trs and *.log files for
# specifics regarding each test result
Example output from a test run:
Test Results:
Run Date: Jun 03 13:41:35
Passed: 1 test
Skipped: 0 tests
Failed: 0 tests
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
---------------------------------------------------------
setup 6.95
001-cgget-basic_cgget.py 0.07
teardown 0.00
---------------------------------------------------------
Total Run Time 7.02
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Fri, 21 Jun 2019 15:40:23 +0000 (09:40 -0600)]
tests: Add functional test LXC container class
This commit adds a Container() class for managing LXC containers.
This class provides methods to abstract the management of LXC
containers and simplify their usage in the functional test suite.
Example usages:
# instantiate the class
mycontainer = Container('TheNameOfMyContainer')
# create and start the container
mycontainer.create()
mycontainer.start()
Container() can raise ValueError on invalid parameters,
ContainerError when a container operation unexpectedly failes,
or RunError when running a command fails.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Fri, 21 Jun 2019 15:37:20 +0000 (09:37 -0600)]
tests: Add functional test cgroup class
This commit adds a Cgroup() class for managing cgroups. This
class provides static methods for interacting with libcgroup's
interfaces including cgset, cgget, cgcreate, etc.
Example usages:
# create a cgroup in the cpuset controller named foo
Cgroup.create(config, 'cpuset', 'foo')
# set cpu.shares for foobar to 500
Cgroup.set(config, 'foobar', 'cpu.shares', '500')
# get the limit_in_bytes for AnotherCgroup. Have libcgroup
# strip off all of the decorations so that only the value is
# returned
limit_in_bytes = Cgroup.get(config, controller=None,
cgname='AnotherCgroup', setting='memory.limit_in_bytes',
print_headers=False, values_only=True)
Providing invalid parameters to a Cgroup method will result in
a ValueError while a failure to execute a command will result
in a RunError.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Fri, 21 Jun 2019 15:32:44 +0000 (09:32 -0600)]
tests: Add functional test run class
This commit adds a Run() class that can invoke Python's Popen
command. This class provides a static method, run(), that will
execute the command via Python's subprocess module.
Example usages:
# delete foo.conf
Run.run(['rm', '-f', '/tmp/foo.conf'])
# Use cgset to set SomeCgroup's cpu.shares to 500
cmd = ['cgset', '-r', 'cpu.shares=500', 'SomeCgroup']
Run.run(cmd)
# get info on current user
Run.run('id')
# write to a file. Note that this must be run in a shell
Run.run(['echo', 'some data', '>>', 'some_file'], shell_bool=True)
Tom Hromatka [Fri, 21 Jun 2019 15:34:28 +0000 (09:34 -0600)]
tests: Add functional test logging class
This commit adds a Log() class for the functional test
suite. This class provides several static methods for
logging information during a test run. The data logged
is often useful for debugging failed tests.
Example usages:
Log.log_debug('Running test %s' % test name)
except Exception as e:
Log.log_error(e)
Both the log level and log file are configurable. By
default, the functional tests will log all messages of
criticality LOG_WARNING or higher to libcgroup-ftests.log.
These settings can be overridden by the following command
line options:
-l LOGLEVEL, --loglevel LOGLEVEL
-L LOGFILE, --logfile LOGFILE
Michal Koutný [Tue, 11 Jun 2019 07:05:59 +0000 (09:05 +0200)]
cgrulesengd: Do not ignore changes of short-lived processes
When a double-forking daemon spawns the shortlived forking process and
we fail to classify it in time, the child does not inherit (the
intended) cgroup membership.
We could process all children after receiving PROC_EVENT_FORK to remedy
this. But since we already have the timestamp logic introduced in
8953fc07c049 ("Changelog v2: * Use clock_gettime(2) for getting
timestamp since a system boot. * Change parent_info's memory to
dynamic allocation.")
and it may be too much work for all fork(2) calls, we extend the usage
of parent_info by assuming the parent would have changed its cgroup
membership by our actions even if it terminated quickly.
v2: Handle non-existent /proc/$PID/tasks as short-lived process too
Use cgroup_get_last_errno() helper
Signed-off-by: Michal Koutný <mkoutny@suse.com> Signed-off-by: Dhaval Giani <dhaval.giani@gmail.com>
Tom Hromatka [Thu, 30 May 2019 15:22:28 +0000 (09:22 -0600)]
tests: Add unit tests for cg_build_path()
This commit adds unit tests for the internal function
cg_build_path(). While code coverage is not (yet) enabled,
I believe these tests provide full code coverage for the
aforementioned function and its sister function
cg_build_path_locked().
The following tests are in this commit:
BuildPathV1_ControllerMismatch() - Calls cg_build_path() with a
controller that isn't in cg_mount_table[]. Expects a return
value of NULL
BuildPathV1_ControllerMatch() - Calls cg_build_path() with a valid
controller in cg_mount_table[]
BuildPathV1_ControllerMatchWithName() - Calls cg_build_path() with
a valid controller and a cgroup name
BuildPathV1_ControllerMatchWithNs() - Calls cg_build_path() with a
valid controller that has a namespace
BuildPathV1_ControllerMatchWithNameAndNs() - Calls cg_build_path()
with a valid controller, a cgroup name, and the controller has
a namespace
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Thu, 30 May 2019 15:22:27 +0000 (09:22 -0600)]
tests: Add googletest unit test framework
This commit adds support for the googletest unit test
framework. To enable the testing of non-exported
functions, a more permissive map file was added.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>
Tom Hromatka [Tue, 15 Jan 2019 23:33:22 +0000 (16:33 -0700)]
cgset: fix misleading error message
When cgset fails to modify a cgroup, it output a
hardcoded error message which can cause user confusion.
This commit updates the error message to behave like
other error messages throughout libcgroup and produce
a more user-friendly output.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Acked-by: Nikola Forró <nforro@redhat.com>
Nikola Forró [Mon, 23 Jul 2018 15:38:26 +0000 (17:38 +0200)]
api.c: always move all tasks of a process to a cgroup
Move the thread enumeration introduced in commit 2186c97
from cgroup_change_all_cgroups() to cgroup_change_cgroup_path()
to ensure it works in every case.
Balbir Singh [Fri, 12 Oct 2018 08:57:24 +0000 (10:57 +0200)]
Add support for nosuid, noexec and nodev
Inspired by the contents of https://lwn.net/Articles/647757/, there
is no easy way of passing these mount options with cgroups. For existing
users, it makes sense to support these
Signed-off-by: Balbir Singh <bsingharora@gmail.com> Acked-by: Nikola Forró <nforro@redhat.com>
Michal Hocko [Wed, 18 Jul 2018 09:24:29 +0000 (11:24 +0200)]
cgrulesengd: remove umask(0)
One of our partners has noticed that cgred daemon is creating a log file
(/var/log/cgred) with too wide permissions (0666) and that is seen as
a security bug because an untrusted user can write to otherwise
restricted area. CVE-2018-14348 has been assigned to this issue.
Signed-off-by: Michal Hocko <mhocko@suse.com> Acked-by: Balbir Singh <bsingharora@gmail.com>
Nikola Forró [Tue, 8 Dec 2015 16:09:08 +0000 (17:09 +0100)]
api.c: change cgroup of every thread of a process
When changing cgroup of multi-threaded process, only the main threads
cgroup actually changed. Now all threads of a process are enumerated
and cgroup is changed for each of them.
Nikola Forró [Tue, 8 Dec 2015 15:53:41 +0000 (16:53 +0100)]
api.c: fix infinite loop
If getgrnam or getpwuid functions failed, the program entered
an infinite loop, because the rule pointer was never advanced.
This is now fixed by updating the pointer before continuing
to the next iteration.
Thus, setting of more network interfaces can not be done from configuration file. Or
devices.allow="a *:* w
c 8:* r";
thus setting list of allow devices can not be set as well. The only way is to set it from userspace, e.g.:
# echo "lo 7" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
# echo "eth 0" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
# echo "eth 1" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
# echo "eth 2" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
# echo "eth 3" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
This patch allows setting of multiline variables.
How this support works:
Multiline value is broken in lines and each line is set by write (man 2 write) syscall (without bufferring).
This implies change of fopen with open, fclose with close.
There is no control on multiline value, thus "eth0\n \t\n" can be set. However, setting
of " \t" will fail as write command returns -1. Thus administrator has to set correct
multiline values.
Tested on virtual machine with fedora and rhel with network interface lo, eth0-eth3. Configuration file:
net_prio has to be created before:
# modprobe netprio_cgroup
# mkdir /sys/fs/cgroup/net_prio
# mount -t cgroup -onet_prio none /sys/fs/cgroup/net_prio
Changelog:
test of success of strdup call
free str_val before return (str_val is changing in while cycle,
thus str_start_val points to the start of str_val before while)
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com>
Jan Chaloupka [Mon, 8 Sep 2014 11:28:18 +0000 (13:28 +0200)]
parse.y: extending cgroup names with "default"
default is used as a keyword for defining default group permissions. Having "default" as a group name (with double quotes "), parsing is successfull. Howerver, using default without double quotes, parsing fails. This patch modifies parsing rule and lex for default group name without double quotes.
cgroup_add_all_controllers function attach all mounted controllers to a given cgroup. This function just modifies internal libcgroup structure, not the kernel control group.
input parameter: cgroup
output parameter: zero or error number
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Reviewed-by: Jan Chaloupka <jchaloup@redhat.com>
Jan Chaloupka [Thu, 31 Jul 2014 09:23:08 +0000 (11:23 +0200)]
cgrules.d: new man page
This patch contains new man page for cgrules.d directory and corresponding
update of existing man pages. It describes the way additional configuration
files should be created and potential conflicts resulting from an arbitrary
order or reading files in the directory.
Changelog:
* line wrapping (max to 80 characters)
* hiearchy typo corrected
* diffrent typo corrected
* succesfully typo corrected
* /etc/cgconfig.conf added into FILES section
* formulation of advice for creating rules updated. Is it enough or
still confusing? If so, can you be more specific?
* reformulation of the first and the second paragraph
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Jan Chaloupka [Thu, 31 Jul 2014 09:21:19 +0000 (11:21 +0200)]
api.c: Adding support for loading configuration files from cgrules.d directory
Implementation of loading rules from /etc/cgrules.d/. Explanation is in the
cover letter. New function cgroup_parse_rules_file created,
calling cgroup_parse_rules. cgroup_parse_rules is invoked only in
cgroup_change_cgroup_flags, cgroup_init_rules_cache and
cgroup_reload_cached_rules functions. For them the change in cgroup_parse_rules
implementation is transpart.
Tested with two configuration files in /etc/cgrules.d/ and all rules
in /etc/cgrules.conf commented out:
$ cat /etc/cgrules.conf
#*:ls cpu strom/%u
#*:sleep memory les/%g
$ cat /etc/cgrules.d/cgrules1.conf
*:ls cpu strom/%u
Tested to cache reload as well by sending SIGUSR2 signal to running
cgrulesengd process. After first reload I commented out all rules => no
rules match after invoking ls command. After second reload I uncommented
out ls rule => rule match after invoking ls command. After third reload
I uncommented out ls and sleep rule => debug output of cgrulesengd shows
both rules loaded in the cache
Changelog:
* CGROUP_PARSE_STATE_UNLOCK removed
* reformulation of comment to "Cannot read directory. However,
CGRULES_CONF_FILE is succesfully parsed. Thus return as a success for
back compatibility."
* errno = 0 removed, once it is not zero, function returns, so need to set
it to 0 in every iteration
* fprintf replaced by cgroup_err
* added missing unlocks + new label unlock_list for all returns
This
- * finds a rule matching the given UID or GID. It will store this rule in rl,
+ * finds a rule matching the given UID or GID. It will store this rule in trl,
is valid correction. "It will store this rule in rl" talks about cache being
disabled. In this case, it is stored into trl.
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
When multi subsystems mounted on one place like this:
$ lssubsys -m
cpu,cpuacct /cgroup/cpu
$ lscgroup
cpu,cpuacct:/
cpu,cpuacct:/test
if we delete the cgroup with the cgdelete -g, and specifying multi
controllers like this:
$ cgdelete -g cpu,cpuacct:test
or
$ cgdelete -g cpu:test -g cpuacct:test
it will report error:
cgdelete: cannot remove group 'test': No such file or directory
this patch fix the problem.
v1 -> v2
- make cgdelete -g cpu:/test -g cpu:test failed.
v2 -> v3
- make cgdelete -g cpu:test -g cpu:test1 ok.
v3 -> v4
- make cgdelete -g cpuacct:test -g cpu:test -g cpuacct:test failed.
- add some comments
- fix the uninitialized warning
v4 -> v5 (created by Ivana Hutarova Varekova, acked by Weng Meiling)
- make cgdelete -g cpuacct:test -g cpu:test -g cpu:test failed
- join extended cgroup list variables to one record, do the list dynamic (static version can exceed the given limit and the safe static limit is quite high)
Signed-off-by: Weng Meiling <wengmeiling.weng@huawei.com> Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-by: Weng Meiling <wengmeiling.weng@huawei.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Jan Chaloupka [Thu, 19 Jun 2014 09:42:14 +0000 (11:42 +0200)]
manpages: update of manpages for loading configuration
Manual pages for new functionality. Because loading files from directory is already implemented in cgconfig tool, there is nothing new. cgrulesengd reads only templates from given files. Rules for writing templates are already specified.
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
Jan Chaloupka [Thu, 19 Jun 2014 09:39:37 +0000 (11:39 +0200)]
Makefile: update for cgruleseng.d Makefiles
Modification of makefiles. cgrulesengd.c uses new functions for loading files from /etc/cgconfig.d/. Thus there is a dependency on tools-common.[c|h] files. Unfortunatelly they are in ../tools directory, adding dependency on files in a diffrent directory but on the same level. Makefile.in is regenerated from Makefile.am using autoreconf -ivf.
Tested on my local machine, all files are loaded properly, cgrulesengd properly creates groups based on templates from files from /etc/cgconfig.d/.
Signed-off-by: Jan Chaloupka <jchaloup@redhat.com> Acked-by: Ivana Hutarova Varekova <varekova@redhat.com>
projects / thirdparty / libcgroup.git / log
