From de83ab721fd944bbd493908cad98f4e422056a80 Mon Sep 17 00:00:00 2001 From: drakenclimber Date: Wed, 17 May 2023 22:03:49 +0000 Subject: [PATCH] deploy: bdbcd2ceae0c367f6ea6d05dbad13ba7058adcf2 --- classBuildPathV1Test.html | 2 +- classBuildTasksProcPathTest.html | 2 +- config_8h_source.html | 16 +- dir_a9876c7102db9acca678b90c36d1e873.html | 85 +++++++ error_8h_source.html | 4 +- group__group__groups.html | 4 +- groups_8h_source.html | 22 +- iterators_8h_source.html | 44 ++-- md_SECURITY.html | 6 +- ...les_cmdline_systemd_with_idle_process.html | 230 ++++++++++++++++++ md_tests_ftests_README.html | 4 +- pages.html | 9 +- search/all_14.js | 3 +- search/pages_4.js | 4 +- search/pages_5.js | 6 + search/searchdata.js | 2 +- tasks_8h_source.html | 20 +- 17 files changed, 392 insertions(+), 71 deletions(-) create mode 100644 dir_a9876c7102db9acca678b90c36d1e873.html create mode 100644 md_samples_cmdline_systemd_with_idle_process.html create mode 100644 search/pages_5.js diff --git a/classBuildPathV1Test.html b/classBuildPathV1Test.html index 8c9c45bd..42bf6551 100644 --- a/classBuildPathV1Test.html +++ b/classBuildPathV1Test.html @@ -115,7 +115,7 @@ Protected Member Functions

Setup this test case

This test case calls cg_build_path() to generate various cgroup paths. The SetUp() routine creates a simple mount table that can be used to verify cg_build_path() behavior.

cg_mount_table for this test is as follows:

-

+

name mount_point index

controller0 /sys/fs/cgroup/controller0 0 controller1 /sys/fs/cgroup/controller1 1 controller2 /sys/fs/cgroup/controller2 2 controller3 /sys/fs/cgroup/controller3 3 controller4 /sys/fs/cgroup/controller4 4 controller5 /sys/fs/cgroup/controller5 5

Note that controllers 1 and 5 are also given namespaces

diff --git a/classBuildTasksProcPathTest.html b/classBuildTasksProcPathTest.html index 661f3bef..259a6849 100644 --- a/classBuildTasksProcPathTest.html +++ b/classBuildTasksProcPathTest.html @@ -115,7 +115,7 @@ Protected Member Functions

Setup this test case

This test case calls cg_build_path() to generate various cgroup paths. The SetUp() routine creates a simple mount table that can be used to verify cg_build_path() behavior.

cg_mount_table for this test is as follows:

-

+

name mount_point index version

controller0 /sys/fs/cgroup/controller0 0 UNK controller1 /sys/fs/cgroup/controller1 1 2 controller2 /sys/fs/cgroup/controller2 2 1 controller3 /sys/fs/cgroup/controller3 3 2 controller4 /sys/fs/cgroup/controller4 4 1 controller5 /sys/fs/cgroup/controller5 5 2

Note that controllers 1 and 4 are also given namespaces

diff --git a/config_8h_source.html b/config_8h_source.html index e2b804c6..9ef1a206 100644 --- a/config_8h_source.html +++ b/config_8h_source.html @@ -119,15 +119,15 @@ $(function() {
136#endif
137
138#endif /*_LIBCGROUP_CONFIG_H*/
-
cgroup_config_set_default
int cgroup_config_set_default(struct cgroup *new_default)
Definition: config.c:1581
-
cgroup_init_templates_cache
int cgroup_init_templates_cache(char *pathname)
Definition: config.c:1659
-
cgroup_config_create_template_group
int cgroup_config_create_template_group(struct cgroup *cgroup, char *template_name, int flags)
Definition: config.c:1853
-
cgroup_unload_cgroups
int cgroup_unload_cgroups(void)
Definition: config.c:1494
-
cgroup_reload_cached_templates
int cgroup_reload_cached_templates(char *pathname)
Definition: config.c:1604
+
cgroup_config_set_default
int cgroup_config_set_default(struct cgroup *new_default)
Definition: config.c:1589
+
cgroup_init_templates_cache
int cgroup_init_templates_cache(char *pathname)
Definition: config.c:1667
+
cgroup_config_create_template_group
int cgroup_config_create_template_group(struct cgroup *cgroup, char *template_name, int flags)
Definition: config.c:1861
+
cgroup_unload_cgroups
int cgroup_unload_cgroups(void)
Definition: config.c:1502
+
cgroup_reload_cached_templates
int cgroup_reload_cached_templates(char *pathname)
Definition: config.c:1612
cgroup_config_load_config
int cgroup_config_load_config(const char *pathname)
Definition: config.c:1216
-
cgroup_load_templates_cache_from_files
int cgroup_load_templates_cache_from_files(int *file_index)
Definition: config.c:1777
-
cgroup_templates_cache_set_source_files
void cgroup_templates_cache_set_source_files(struct cgroup_string_list *tmpl_files)
Definition: config.c:1715
-
cgroup_config_unload_config
int cgroup_config_unload_config(const char *pathname, int flags)
Definition: config.c:1373
+
cgroup_load_templates_cache_from_files
int cgroup_load_templates_cache_from_files(int *file_index)
Definition: config.c:1785
+
cgroup_templates_cache_set_source_files
void cgroup_templates_cache_set_source_files(struct cgroup_string_list *tmpl_files)
Definition: config.c:1723
+
cgroup_config_unload_config
int cgroup_config_unload_config(const char *pathname, int flags)
Definition: config.c:1381
cgroup_string_list
Definition: tools-common.h:44
cgroup
Definition: libcgroup-internal.h:115
diff --git a/dir_a9876c7102db9acca678b90c36d1e873.html b/dir_a9876c7102db9acca678b90c36d1e873.html new file mode 100644 index 00000000..e18a3b6f --- /dev/null +++ b/dir_a9876c7102db9acca678b90c36d1e873.html @@ -0,0 +1,85 @@ + + + + + + + +libcgroup: samples/cmdline Directory Reference + + + + + + + + + +
+
+ + + + + + +
+
libcgroup +
+
+
+ + + + + + + + +
+
+ + +
+
+
+
+
+
Loading...
+
Searching...
+
No Matches
+
+
+
+
+ + +
+
+
cmdline Directory Reference
+
+
+
+ +
+Generated by doxygen 1.9.5 +
+ + diff --git a/error_8h_source.html b/error_8h_source.html index 8169a1a6..3ae42828 100644 --- a/error_8h_source.html +++ b/error_8h_source.html @@ -138,8 +138,8 @@ $(function() {
109#endif
110
111#endif /* _LIBCGROUP_INIT_H */
-
cgroup_get_last_errno
int cgroup_get_last_errno(void)
Definition: api.c:4973
-
cgroup_strerror
const char * cgroup_strerror(int code)
Definition: api.c:4952
+
cgroup_get_last_errno
int cgroup_get_last_errno(void)
Definition: api.c:4991
+
cgroup_strerror
const char * cgroup_strerror(int code)
Definition: api.c:4970
ECGROUPMULTIMOUNTED
@ ECGROUPMULTIMOUNTED
Definition: error.h:40
ECGEOF
@ ECGEOF
Definition: error.h:68
ECGNOVERSIONCONVERT
@ ECGNOVERSIONCONVERT
Definition: error.h:79
diff --git a/group__group__groups.html b/group__group__groups.html index 82e113c0..b41261c7 100644 --- a/group__group__groups.html +++ b/group__group__groups.html @@ -733,7 +733,7 @@ int cgroup_convert_cgroup<

Physically create new control group in kernel, with all parameters and values copied from its parent group. The group is created in all hierarchies, where the parent group exists. I.e. following code creates subgroup in all hierarchies, because all of them have root (=parent) group.

struct cgroup *foo = cgroup_new_cgroup("foo");
cgroup_create_cgroup_from_parent(foo, 0);
-
cgroup_create_cgroup_from_parent
int cgroup_create_cgroup_from_parent(struct cgroup *cgroup, int ignore_ownership)
Definition: api.c:3082
+
cgroup_create_cgroup_from_parent
int cgroup_create_cgroup_from_parent(struct cgroup *cgroup, int ignore_ownership)
Definition: api.c:3100
Todo:
what is this good for? Why the list of controllers added by cgroup_add_controller() is not used, like in cgroup_create_cgroup()? I can't crate subgroup of root group in just one hierarchy with this function!
Parameters
@@ -895,7 +895,7 @@ int  - - - - + + + + +
cgroup_convert_cgroup<

Read all information regarding the group from kernel. Based on name of the group, list of controllers and all parameters and their values are read from all hierarchies, where a group with given name exists. All existing controllers are replaced. I.e. following code will fill root with controllers from all hierarchies, because the root group is available in all of them.

struct cgroup *root = cgroup_new_cgroup("/");
cgroup_get_cgroup(root);
-
cgroup_get_cgroup
int cgroup_get_cgroup(struct cgroup *cgroup)
Definition: api.c:3626
+
cgroup_get_cgroup
int cgroup_get_cgroup(struct cgroup *cgroup)
Definition: api.c:3644
Todo:
what is this function good for? Why is not considered only the list of controllers attached by cgroup_add_controller()? What owners will return cgroup_get_uid_gid() if the group is in multiple hierarchies, each with different owner of tasks file?
Parameters
diff --git a/groups_8h_source.html b/groups_8h_source.html index 30af1a58..09206c26 100644 --- a/groups_8h_source.html +++ b/groups_8h_source.html @@ -259,15 +259,15 @@ $(function() {
705
706#endif /* _LIBCGROUP_GROUPS_H */
cgroup_get_uid_gid
int cgroup_get_uid_gid(struct cgroup *cgroup, uid_t *tasks_uid, gid_t *tasks_gid, uid_t *control_uid, gid_t *control_gid)
Definition: wrapper.c:479
-
cgroup_get_procs
int cgroup_get_procs(char *name, char *controller, pid_t **pids, int *size)
Definition: api.c:6012
-
cgroup_list_mount_points
int cgroup_list_mount_points(const enum cg_version_t cgrp_version, char ***mount_paths)
Definition: api.c:6332
+
cgroup_get_procs
int cgroup_get_procs(char *name, char *controller, pid_t **pids, int *size)
Definition: api.c:6030
+
cgroup_list_mount_points
int cgroup_list_mount_points(const enum cg_version_t cgrp_version, char ***mount_paths)
Definition: api.c:6350
cgroup_get_value_int64
int cgroup_get_value_int64(struct cgroup_controller *controller, const char *name, int64_t *value)
Definition: wrapper.c:557
is_cgroup_mode_hybrid
bool is_cgroup_mode_hybrid(void)
Definition: wrapper.c:814
-
cgroup_delete_cgroup
int cgroup_delete_cgroup(struct cgroup *cgroup, int ignore_migration)
Definition: api.c:3317
+
cgroup_delete_cgroup
int cgroup_delete_cgroup(struct cgroup *cgroup, int ignore_migration)
Definition: api.c:3335
cgroup_get_value_name_count
int cgroup_get_value_name_count(struct cgroup_controller *controller)
Definition: wrapper.c:768
cgroup_modify_cgroup
int cgroup_modify_cgroup(struct cgroup *cgroup)
Definition: api.c:2603
cgroup_add_controller
struct cgroup_controller * cgroup_add_controller(struct cgroup *cgroup, const char *name)
Definition: wrapper.c:61
-
cgroup_get_controller_version
int cgroup_get_controller_version(const char *const controller, enum cg_version_t *const version)
Definition: api.c:6264
+
cgroup_get_controller_version
int cgroup_get_controller_version(const char *const controller, enum cg_version_t *const version)
Definition: api.c:6282
cgroup_add_value_string
int cgroup_add_value_string(struct cgroup_controller *controller, const char *name, const char *value)
Definition: wrapper.c:268
cgroup_add_value_bool
int cgroup_add_value_bool(struct cgroup_controller *controller, const char *name, bool value)
Definition: wrapper.c:346
is_cgroup_mode_legacy
bool is_cgroup_mode_legacy(void)
Definition: wrapper.c:802
@@ -275,9 +275,9 @@ $(function() {
cgroup_get_controller
struct cgroup_controller * cgroup_get_controller(struct cgroup *cgroup, const char *name)
Definition: wrapper.c:493
cgroup_add_value_int64
int cgroup_add_value_int64(struct cgroup_controller *controller, const char *name, int64_t value)
Definition: wrapper.c:311
is_cgroup_mode_unified
bool is_cgroup_mode_unified(void)
Definition: wrapper.c:826
-
cgroup_delete_cgroup_ext
int cgroup_delete_cgroup_ext(struct cgroup *cgroup, int flags)
Definition: api.c:3324
+
cgroup_delete_cgroup_ext
int cgroup_delete_cgroup_ext(struct cgroup *cgroup, int flags)
Definition: api.c:3342
cgroup_compare_cgroup
int cgroup_compare_cgroup(struct cgroup *cgroup_a, struct cgroup *cgroup_b)
Definition: wrapper.c:416
-
cgroup_create_cgroup_from_parent
int cgroup_create_cgroup_from_parent(struct cgroup *cgroup, int ignore_ownership)
Definition: api.c:3082
+
cgroup_create_cgroup_from_parent
int cgroup_create_cgroup_from_parent(struct cgroup *cgroup, int ignore_ownership)
Definition: api.c:3100
cgroup_free_controllers
void cgroup_free_controllers(struct cgroup *cgroup)
Definition: wrapper.c:242
cgroup_set_value_string
int cgroup_set_value_string(struct cgroup_controller *controller, const char *name, const char *value)
Definition: wrapper.c:535
cgroup_get_value_uint64
int cgroup_get_value_uint64(struct cgroup_controller *controller, const char *name, u_int64_t *value)
Definition: wrapper.c:602
@@ -289,17 +289,17 @@ $(function() {
cgroup_free
void cgroup_free(struct cgroup **cgroup)
Definition: wrapper.c:255
cgroup_get_cgroup_name
char * cgroup_get_cgroup_name(struct cgroup *cgroup)
Definition: wrapper.c:789
cgroup_get_value_bool
int cgroup_get_value_bool(struct cgroup_controller *controller, const char *name, bool *value)
Definition: wrapper.c:649
-
cgroup_get_controller_count
int cgroup_get_controller_count(struct cgroup *cgroup)
Definition: api.c:6479
-
cgroup_get_controller_name
char * cgroup_get_controller_name(struct cgroup_controller *controller)
Definition: api.c:6498
+
cgroup_get_controller_count
int cgroup_get_controller_count(struct cgroup *cgroup)
Definition: api.c:6497
+
cgroup_get_controller_name
char * cgroup_get_controller_name(struct cgroup_controller *controller)
Definition: api.c:6516
cgroup_new_cgroup
struct cgroup * cgroup_new_cgroup(const char *name)
Definition: wrapper.c:43
-
cgroup_get_cgroup
int cgroup_get_cgroup(struct cgroup *cgroup)
Definition: api.c:3626
+
cgroup_get_cgroup
int cgroup_get_cgroup(struct cgroup *cgroup)
Definition: api.c:3644
cgroup_add_value_uint64
int cgroup_add_value_uint64(struct cgroup_controller *controller, const char *name, u_int64_t value)
Definition: wrapper.c:328
cgroup_create_cgroup
int cgroup_create_cgroup(struct cgroup *cgroup, int ignore_ownership)
Definition: api.c:2892
cgroup_set_value_uint64
int cgroup_set_value_uint64(struct cgroup_controller *controller, const char *name, u_int64_t value)
Definition: wrapper.c:624
cgroup_add_all_controllers
int cgroup_add_all_controllers(struct cgroup *cgroup)
Definition: wrapper.c:111
-
cgroup_setup_mode
enum cg_setup_mode_t cgroup_setup_mode(void)
Definition: api.c:6433
+
cgroup_setup_mode
enum cg_setup_mode_t cgroup_setup_mode(void)
Definition: api.c:6451
cg_chmod_recursive
int cg_chmod_recursive(struct cgroup *cgroup, mode_t dir_mode, int dirm_change, mode_t file_mode, int filem_change)
Definition: api.c:347
-
cgroup_get_controller_by_index
struct cgroup_controller * cgroup_get_controller_by_index(struct cgroup *cgroup, int index)
Definition: api.c:6487
+
cgroup_get_controller_by_index
struct cgroup_controller * cgroup_get_controller_by_index(struct cgroup *cgroup, int index)
Definition: api.c:6505
cgroup_get_value_string
int cgroup_get_value_string(struct cgroup_controller *controller, const char *name, char **value)
Definition: wrapper.c:511
cgroup_set_value_bool
int cgroup_set_value_bool(struct cgroup_controller *controller, const char *name, bool value)
Definition: wrapper.c:677
cgroup_controller
Definition: libcgroup-internal.h:107
diff --git a/iterators_8h_source.html b/iterators_8h_source.html index a83a07a5..e1c7e334 100644 --- a/iterators_8h_source.html +++ b/iterators_8h_source.html @@ -188,31 +188,31 @@ $(function() {
433#endif
434
435#endif /* _LIBCGROUP_ITERATORS_H */
-
cgroup_walk_tree_end
int cgroup_walk_tree_end(void **handle)
Definition: api.c:5048
-
cgroup_get_all_controller_end
int cgroup_get_all_controller_end(void **handle)
Definition: api.c:5921
-
cgroup_read_stats_begin
int cgroup_read_stats_begin(const char *controller, const char *path, void **handle, struct cgroup_stat *stat)
Definition: api.c:5303
-
cgroup_get_subsys_mount_point_begin
int cgroup_get_subsys_mount_point_begin(const char *controller, void **handle, char *path)
Definition: api.c:6199
+
cgroup_walk_tree_end
int cgroup_walk_tree_end(void **handle)
Definition: api.c:5066
+
cgroup_get_all_controller_end
int cgroup_get_all_controller_end(void **handle)
Definition: api.c:5939
+
cgroup_read_stats_begin
int cgroup_read_stats_begin(const char *controller, const char *path, void **handle, struct cgroup_stat *stat)
Definition: api.c:5321
+
cgroup_get_subsys_mount_point_begin
int cgroup_get_subsys_mount_point_begin(const char *controller, void **handle, char *path)
Definition: api.c:6217
cgroup_walk_type
cgroup_walk_type
Definition: iterators.h:74
-
cgroup_get_subsys_mount_point_next
int cgroup_get_subsys_mount_point_next(void **handle, char *path)
Definition: api.c:6229
-
cgroup_get_all_controller_next
int cgroup_get_all_controller_next(void **handle, struct controller_data *info)
Definition: api.c:5934
-
cgroup_walk_tree_next
int cgroup_walk_tree_next(int depth, void **handle, struct cgroup_file_info *info, int base_level)
Definition: api.c:5022
+
cgroup_get_subsys_mount_point_next
int cgroup_get_subsys_mount_point_next(void **handle, char *path)
Definition: api.c:6247
+
cgroup_get_all_controller_next
int cgroup_get_all_controller_next(void **handle, struct controller_data *info)
Definition: api.c:5952
+
cgroup_walk_tree_next
int cgroup_walk_tree_next(int depth, void **handle, struct cgroup_file_info *info, int base_level)
Definition: api.c:5040
CG_VALUE_MAX
#define CG_VALUE_MAX
Definition: iterators.h:233
-
cgroup_get_controller_begin
int cgroup_get_controller_begin(void **handle, struct cgroup_mount_point *info)
Definition: api.c:5465
+
cgroup_get_controller_begin
int cgroup_get_controller_begin(void **handle, struct cgroup_mount_point *info)
Definition: api.c:5483
cgroup_file_type
cgroup_file_type
Definition: iterators.h:106
-
cgroup_walk_tree_set_flags
int cgroup_walk_tree_set_flags(void **handle, int flags)
Definition: api.c:5131
-
cgroup_walk_tree_begin
int cgroup_walk_tree_begin(const char *controller, const char *base_path, int depth, void **handle, struct cgroup_file_info *info, int *base_level)
Definition: api.c:5068
-
cgroup_get_controller_next
int cgroup_get_controller_next(void **handle, struct cgroup_mount_point *info)
Definition: api.c:5417
-
cgroup_read_value_begin
int cgroup_read_value_begin(const char *const controller, const char *path, const char *const name, void **handle, char *buffer, int max)
Definition: api.c:5228
-
cgroup_get_subsys_mount_point_end
int cgroup_get_subsys_mount_point_end(void **handle)
Definition: api.c:6251
-
cgroup_get_controller_end
int cgroup_get_controller_end(void **handle)
Definition: api.c:5401
-
cgroup_read_stats_end
int cgroup_read_stats_end(void **handle)
Definition: api.c:5265
-
cgroup_read_value_next
int cgroup_read_value_next(void **handle, char *buffer, int max)
Definition: api.c:5208
-
cgroup_read_value_end
int cgroup_read_value_end(void **handle)
Definition: api.c:5191
-
cgroup_get_all_controller_begin
int cgroup_get_all_controller_begin(void **handle, struct controller_data *info)
Definition: api.c:5966
-
cgroup_get_task_begin
int cgroup_get_task_begin(const char *cgroup, const char *controller, void **handle, pid_t *pid)
Definition: api.c:5370
-
cgroup_get_task_end
int cgroup_get_task_end(void **handle)
Definition: api.c:5334
-
cgroup_get_task_next
int cgroup_get_task_next(void **handle, pid_t *pid)
Definition: api.c:5348
-
cgroup_read_stats_next
int cgroup_read_stats_next(void **handle, struct cgroup_stat *stat)
Definition: api.c:5284
+
cgroup_walk_tree_set_flags
int cgroup_walk_tree_set_flags(void **handle, int flags)
Definition: api.c:5149
+
cgroup_walk_tree_begin
int cgroup_walk_tree_begin(const char *controller, const char *base_path, int depth, void **handle, struct cgroup_file_info *info, int *base_level)
Definition: api.c:5086
+
cgroup_get_controller_next
int cgroup_get_controller_next(void **handle, struct cgroup_mount_point *info)
Definition: api.c:5435
+
cgroup_read_value_begin
int cgroup_read_value_begin(const char *const controller, const char *path, const char *const name, void **handle, char *buffer, int max)
Definition: api.c:5246
+
cgroup_get_subsys_mount_point_end
int cgroup_get_subsys_mount_point_end(void **handle)
Definition: api.c:6269
+
cgroup_get_controller_end
int cgroup_get_controller_end(void **handle)
Definition: api.c:5419
+
cgroup_read_stats_end
int cgroup_read_stats_end(void **handle)
Definition: api.c:5283
+
cgroup_read_value_next
int cgroup_read_value_next(void **handle, char *buffer, int max)
Definition: api.c:5226
+
cgroup_read_value_end
int cgroup_read_value_end(void **handle)
Definition: api.c:5209
+
cgroup_get_all_controller_begin
int cgroup_get_all_controller_begin(void **handle, struct controller_data *info)
Definition: api.c:5984
+
cgroup_get_task_begin
int cgroup_get_task_begin(const char *cgroup, const char *controller, void **handle, pid_t *pid)
Definition: api.c:5388
+
cgroup_get_task_end
int cgroup_get_task_end(void **handle)
Definition: api.c:5352
+
cgroup_get_task_next
int cgroup_get_task_next(void **handle, pid_t *pid)
Definition: api.c:5366
+
cgroup_read_stats_next
int cgroup_read_stats_next(void **handle, struct cgroup_stat *stat)
Definition: api.c:5302
CGROUP_WALK_TYPE_POST_DIR
@ CGROUP_WALK_TYPE_POST_DIR
Definition: iterators.h:100
CGROUP_WALK_TYPE_PRE_DIR
@ CGROUP_WALK_TYPE_PRE_DIR
Definition: iterators.h:87
CGROUP_FILE_TYPE_OTHER
@ CGROUP_FILE_TYPE_OTHER
Definition: iterators.h:109
diff --git a/md_SECURITY.html b/md_SECURITY.html index bf6adcb9..de68c453 100644 --- a/md_SECURITY.html +++ b/md_SECURITY.html @@ -74,17 +74,17 @@ $(function() {

https://github.com/libcgroup/libcgroup

This document describes the processes through which sensitive security relevant bugs can be responsibly disclosed to the libcgroup project and how the project maintainers should handle these reports. Just like the other libcgroup process documents, this document should be treated as a guiding document and not a hard, unyielding set of regulations; the bug reporters and project maintainers are encouraged to work together to address the issues as best they can, in a manner which works best for all parties involved.

-

+

Reporting Problems

Problems with the libcgroup library that are not suitable for immediate public disclosure should be emailed to the current libcgroup maintainers; see below. We typically request at most a 90 day time period to address the issue before it is made public, but we will make every effort to address the issue as quickly as possible and shorten the disclosure window.

-

+

Resolving Sensitive Security Issues

Upon disclosure of a bug, the maintainers should work together to investigate the problem and decide on a solution. In order to prevent an early disclosure of the problem, those working on the solution should do so privately and outside of the traditional libcgroup development practices. One possible solution to this is to leverage the GitHub "Security" functionality to create a private development fork that can be shared among the maintainers, and optionally the reporter. A placeholder GitHub issue may be created, but details should remain extremely limited until such time as the problem has been fixed and responsibly disclosed. If a CVE, or other tag, has been assigned to the problem, the GitHub issue title should include the vulnerability tag once the problem has been disclosed.

-

+

Public Disclosure

Whenever possible, responsible reporting and patching practices should be followed, including notification to the linux-distros and oss-security mailing lists.

    diff --git a/md_samples_cmdline_systemd_with_idle_process.html b/md_samples_cmdline_systemd_with_idle_process.html new file mode 100644 index 00000000..8ab33fb7 --- /dev/null +++ b/md_samples_cmdline_systemd_with_idle_process.html @@ -0,0 +1,230 @@ + + + + + + + +libcgroup: systemd-with-idle-process + + + + + + + + + +
    +
    +
+ + + + + +
+
libcgroup +
+
+
+ + + + + + + + +
+
+ + +
+
+
+
+
+
Loading...
+
Searching...
+
No Matches
+
+
+
+
+ + +
+
systemd-with-idle-process
+
+
+

SPDX-License-Identifier: LGPL-2.1-only

+

Copyright (c) 2023 Oracle and/or its affiliates.

+

_Author: Tom Hromatka <tom.h.nosp@m.roma.nosp@m.tka@o.nosp@m.racl.nosp@m.e.com>_

+

+Creating a Systemd Scope and Child Hierarchy via Libcgroup Command Line

+

The goal of this document is to outline the steps required to create a systemd scope and a child cgroup hierarchy using the libcgroup command line tools.

+

The following steps are encapsulated in a libcgroup automated test.

+

+Requirements:

+
    +
  1. Create a cgroup hierarchy that obeys the single-writer rule
    2. +
+
    +
  1. The hierarchy should be cgroup v2
    2. +
+
    +
  1. The hierarchy should be of the form
    database.scope
    +
    ├── high-priority
    +
    ├── low-priority
    +
    └── medium-priority
    +
    2. +
+
    +
  1. The memory controller should be enabled for the entire tree
      +
    1. The high-priority cgroup should be guaranteed at least 1GB of RAM
      2. +
    +
      +
    1. The low-priority cgroup should be hard-limited to 2GB of RAM
      2. +
    +
      +
    1. The medium-prioirty cgroup should have a soft memory limit of 3 GB
      2. +
    +
    2. +
+
    +
  1. The cpu controller should be enabled for the entire tree
      +
    1. The high-priority cgroup should be able to consume 60% of CPU cycles
      2. +
    +
      +
    1. The medium-priority cgroup should be able to consume 30% of CPU cycles
      2. +
    +
      +
    1. The low-priority cgroup should be able to consume 10% of CPU cycles
      2. +
    +
    2. +
+

+Steps

+
    +

  1. Create a delegated scope cgroup

    sudo cgcreate -c -S -g cpu,memory:mycompany.slice/database.scope
    +

    This will create a transient, delegated scope. The -c flag instructs libcgroup to create a systemd scope; libcgroup then instructs systemd that this hierarchy is delegated, i.e. it is to be managed by another process and not by systemd. The -S flag notifies libcgroup that we want mycompany.scope/database.slice to be the default base path in libcgroup; this will significantly help in reducing typing in follow-on commands. The -g flag tells libcgroup to create a cgroup named mycompany.slice/database.scope and enable the cpu and memory controllers within it.

    +
    +

    Problems during this step?

    +

    Systemd should automatically remove scopes with no active processes running within them. So, the first step would be to kill any processes in the scope, wait to see if systemd removes the scope, and then try the cgcreate operation again.

      +

    • Remove all processes in the scope ``` $ for PID in $(cgget -nvb -r cgroup.procs mycompany.slice/database.scope); do sudo kill -9 $PID;done ```

      +

      The above command could be simplified as for PID in $(cgget -nv -r cgroup.procs /); do sudo kill -9 $PID;done, but introduces some risk. If there is a typo or the default scope path isn't set, then unconditionally killing processes in / could be catastrophic.

      +
      • +
    +

    Sometimes systemd's internal list of scopes gets out of sync with the filesystem. You can purge the database.scope from its list by running the following commands

      +
    • Remove database.scope from systemd's internal list ``` sudo systemctl kill database.scope sudo systemctl stop database.scope ```
      • +
    +
    +
    2. +
+
    +

  1. Create the child cgroups

    $ sudo cgcreate -g cpu,memory:mycompany.slice/database.scope/high-priority
    +
    cgcreate: can't create cgroup mycompany.slice/database.scope/high-priority: Operation not supported
    +

    But... but... I did everything right. Why can't I create the high-priority child cgroup? This operation failed due to the no-processes-in-inner-nodes rule. Since a process, libcgroup_systemd_idle_thread, resides in database.scope, we are subject to the no-process-in-inner-nodes rule. The kernel will let us create a child cgroup, but it will fail when we try to enable controllers in database.scope's cgroup.subtree_control file. There are a few different ways to solve this failure; the easiest is probably to create a temporary cgroup under database.scope and move the libcgroup_systemd_idle_thread to this temporary cgroup. This allows database.scope to operate as a legal inner node, and we can then create the entire hierarchy.

      +

    1. Temporarily disable the cpu and memory controllers at the scope level

      sudo cgset -r cgroup.subtree_control="-cpu -memory" /
      +

      Since we informed libcgroup that mycompany.slice/database.scope is the default path, we can use /. Otherwise, we would have had to specify the entire path. This pattern continues throughout this example.

      +
      2. +
    +
      +
    1. Create a temporary cgroup and move the idle process ``` sudo cgcreate -g :tmp sudo cgclassify -g :tmp $(cgget -nv -r cgroup.procs /) ```
      2. +
    +
      +
    1. Re-enable the cpu and memory controllers at the scope level ``` sudo cgset -r cgroup.subtree_control="+cpu +memory" / ```
      2. +
    +

    Now we can finally get back to creating our child cgroups

    sudo cgcreate -g cpu,memory:high-priority -g cpu,memory:medium-priority -g cpu,memory:low-priority
    +
    2. +
+
    +
  1. Configure the cgroups per the requirements
      +
    1. The high-priority cgroup should be guaranteed at least 1GB of RAM
      sudo cgset -r memory.low=1G high-priority
      +
      2. +
    +
      +
    1. The low-priority cgroup should be hard-limited to 2GB of RAM ``` sudo cgset -r memory.max=2G low-priority ```
      2. +
    +
      +
    1. The medium-prioirty cgroup should have a soft memory limit of 3 GB ``` sudo cgset -r memory.high=3G medium-priority ```
      2. +
    +
      +

    1. The high-priority cgroup should be able to consume 60% of CPU cycles ``` sudo cgset -r cpu.weight=600 high-priority ```

      +

      Note that I've (somewhat arbitrarily) chosen a total cpu.weight within database.scope to be 1000. Thus, to meet the 60% requirement, we need to allocate 600 shares to the high-priority cgroup.

      +
      2. +
    +
      +
    1. The medium-priority cgroup should be able to consume 30% of CPU cycles ``` sudo cgset -r cpu.weight=300 medium-priority ```
      2. +
    +
      +
    1. The low-priority cgroup should be able to consume 10% of CPU cycles ``` sudo cgset -r cpu.weight=100 low-priority ```
      2. +
    +
    2. +
+
    +
  1. Start up the application
      +
    • If the application is already running, then you can use cgclassify to move the process(es) to the appropriate cgroups
      • +
    • To start a fresh application, it is recommended to use cgexec to place the application in the desired cgroup
      • +
    • Finally, consider using cgrulesengd to automatically move processes to the correct cgroups
      • +
    +
    2. +
+
    +
  1. Clean up
      +
    1. Now that there are other processes running within the scope, we can remove the libcgroup_systemd_idle_thread
      $ for PID in $(cgget -nv -r cgroup.procs tmp); do sudo kill -9 $PID;done
      +
      2. +
    +
      +
    1. Delete the tmp cgroup ``` sudo cgdelete -g :tmp ```
      2. +
    +
    2. +
+
    +
  1. Verify the cgroups were configured per the requirements
    $ cgget -r cpu.weight -r memory.low -r memory.high -r memory.max high-priority medium-priority low-priority
    +
    high-priority:
    +
    cpu.weight: 600
    +
    memory.low: 1073741824
    +
    memory.high: max
    +
    memory.max: max
    +
    +
    medium-priority:
    +
    cpu.weight: 300
    +
    memory.low: 0
    +
    memory.high: 3221225472
    +
    memory.max: max
    +
    +
    low-priority:
    +
    cpu.weight: 100
    +
    memory.low: 0
    +
    memory.high: max
    +
    memory.max: 2147483648
    +
    2. +
+
    +
  1. Summary
    2. +
+

This document outlines the steps for creating a delegated systemd scope and configuring its child cgroups on a cgroup v2 system. Systemd and libcgroup provide powerful tools to simplify these steps.

+
+
+ +
+Generated by doxygen 1.9.5 +
+ + diff --git a/md_tests_ftests_README.html b/md_tests_ftests_README.html index fb0d91b4..7e337b85 100644 --- a/md_tests_ftests_README.html +++ b/md_tests_ftests_README.html @@ -74,7 +74,7 @@ $(function() {

This folder contains the functional test suite for libcgroup. The functional test suite utilizes lxc containers to guarantee a non-destructive test environment.

The tests can be invoked individually, as a group of related tests, or from automake via the standard 'make check' command.

-

+

Invocation

Run a single test (first cd to tests/ftests): 

./001-cgget-basic_cgget.py
 or
@@ -88,7 +88,7 @@ or

Run the tests from automake 

make check
 # Then examine the *.trs and *.log files for
 # specifics regarding each test result
-

+

Results

The test suite will generate test results upon completion of the test run. An example result is below:

Test Results:
diff --git a/pages.html b/pages.html index addccec7..d70b4486 100644 --- a/pages.html +++ b/pages.html @@ -77,10 +77,11 @@ $(function() {
 How to Contribute to the libcgroup Project
 The libcgroup Release Process
 README
 The libcgroup Security Vulnerability Handling Process
 Functional Test Suite for libcgroup
 README
 Todo List
 systemd-with-idle-process
 The libcgroup Security Vulnerability Handling Process
 Functional Test Suite for libcgroup
 README
 Todo List
diff --git a/search/all_14.js b/search/all_14.js index 104f5d3d..7272b5ee 100644 --- a/search/all_14.js +++ b/search/all_14.js @@ -5,5 +5,6 @@ var searchData= ['setup_2',['SetUp',['../classBuildPathV1Test.html#ae2d0708d4c36d3f8d1e24b311afe8fc3',1,'BuildPathV1Test::SetUp()'],['../classBuildTasksProcPathTest.html#aba31e09a4df0a3cdb94d81985f2e86b7',1,'BuildTasksProcPathTest::SetUp()']]], ['setvaluesrecursivetest_3',['SetValuesRecursiveTest',['../classSetValuesRecursiveTest.html',1,'']]], ['subtreecontroltest_4',['SubtreeControlTest',['../classSubtreeControlTest.html',1,'']]], - ['systemd_5',['Systemd',['../classftests_1_1systemd_1_1Systemd.html',1,'ftests::systemd']]] + ['systemd_5',['Systemd',['../classftests_1_1systemd_1_1Systemd.html',1,'ftests::systemd']]], + ['systemd_2dwith_2didle_2dprocess_6',['systemd-with-idle-process',['../md_samples_cmdline_systemd_with_idle_process.html',1,'']]] ]; diff --git a/search/pages_4.js b/search/pages_4.js index 4143b6d9..c1a5ca7a 100644 --- a/search/pages_4.js +++ b/search/pages_4.js @@ -1,6 +1,4 @@ var searchData= [ - ['the_20libcgroup_20release_20process_0',['The libcgroup Release Process',['../md_doc_internal_release_github.html',1,'']]], - ['the_20libcgroup_20security_20vulnerability_20handling_20process_1',['The libcgroup Security Vulnerability Handling Process',['../md_SECURITY.html',1,'']]], - ['todo_20list_2',['Todo List',['../todo.html',1,'']]] + ['systemd_2dwith_2didle_2dprocess_0',['systemd-with-idle-process',['../md_samples_cmdline_systemd_with_idle_process.html',1,'']]] ]; diff --git a/search/pages_5.js b/search/pages_5.js new file mode 100644 index 00000000..4143b6d9 --- /dev/null +++ b/search/pages_5.js @@ -0,0 +1,6 @@ +var searchData= +[ + ['the_20libcgroup_20release_20process_0',['The libcgroup Release Process',['../md_doc_internal_release_github.html',1,'']]], + ['the_20libcgroup_20security_20vulnerability_20handling_20process_1',['The libcgroup Security Vulnerability Handling Process',['../md_SECURITY.html',1,'']]], + ['todo_20list_2',['Todo List',['../todo.html',1,'']]] +]; diff --git a/search/searchdata.js b/search/searchdata.js index 2863cf8b..d02438b9 100644 --- a/search/searchdata.js +++ b/search/searchdata.js @@ -7,7 +7,7 @@ var indexSectionsWithContent = 4: "c", 5: "ce", 6: "234567", - 7: "fhlrt" + 7: "fhlrst" }; var indexSectionNames = diff --git a/tasks_8h_source.html b/tasks_8h_source.html index 8f7155a8..72ad866d 100644 --- a/tasks_8h_source.html +++ b/tasks_8h_source.html @@ -138,18 +138,18 @@ $(function() {
212#endif
213
214#endif /* _LIBCGROUP_TASKS_H */
-
cgroup_change_cgroup_path
int cgroup_change_cgroup_path(const char *path, pid_t pid, const char *const controllers[])
Definition: api.c:4589
-
cgroup_change_cgroup_flags
int cgroup_change_cgroup_flags(uid_t uid, gid_t gid, const char *procname, pid_t pid, int flags)
Definition: api.c:4364
+
cgroup_change_cgroup_path
int cgroup_change_cgroup_path(const char *path, pid_t pid, const char *const controllers[])
Definition: api.c:4607
+
cgroup_change_cgroup_flags
int cgroup_change_cgroup_flags(uid_t uid, gid_t gid, const char *procname, pid_t pid, int flags)
Definition: api.c:4382
cgroup_attach_task
int cgroup_attach_task(struct cgroup *cgroup)
Definition: api.c:2095
-
cgroup_change_cgroup_uid_gid
int cgroup_change_cgroup_uid_gid(uid_t uid, gid_t gid, pid_t pid)
Definition: api.c:4577
-
cgroup_register_unchanged_process
int cgroup_register_unchanged_process(pid_t pid, int flags)
Definition: api.c:5846
-
cgroup_get_current_controller_path
int cgroup_get_current_controller_path(pid_t pid, const char *controller, char **current_path)
Definition: api.c:4805
+
cgroup_change_cgroup_uid_gid
int cgroup_change_cgroup_uid_gid(uid_t uid, gid_t gid, pid_t pid)
Definition: api.c:4595
+
cgroup_register_unchanged_process
int cgroup_register_unchanged_process(pid_t pid, int flags)
Definition: api.c:5864
+
cgroup_get_current_controller_path
int cgroup_get_current_controller_path(pid_t pid, const char *controller, char **current_path)
Definition: api.c:4823
cgroup_attach_task_pid
int cgroup_attach_task_pid(struct cgroup *cgroup, pid_t tid)
Definition: api.c:2024
-
cgroup_print_rules_config
void cgroup_print_rules_config(FILE *fp)
Definition: api.c:4700
-
cgroup_init_rules_cache
int cgroup_init_rules_cache(void)
Definition: api.c:4784
-
cgroup_change_cgroup_uid_gid_flags
int cgroup_change_cgroup_uid_gid_flags(uid_t uid, gid_t gid, pid_t pid, int flags)
Definition: api.c:4562
-
cgroup_reload_cached_rules
int cgroup_reload_cached_rules(void)
Definition: api.c:4760
-
cgroup_change_all_cgroups
int cgroup_change_all_cgroups(void)
Definition: api.c:4655
+
cgroup_print_rules_config
void cgroup_print_rules_config(FILE *fp)
Definition: api.c:4718
+
cgroup_init_rules_cache
int cgroup_init_rules_cache(void)
Definition: api.c:4802
+
cgroup_change_cgroup_uid_gid_flags
int cgroup_change_cgroup_uid_gid_flags(uid_t uid, gid_t gid, pid_t pid, int flags)
Definition: api.c:4580
+
cgroup_reload_cached_rules
int cgroup_reload_cached_rules(void)
Definition: api.c:4778
+
cgroup_change_all_cgroups
int cgroup_change_all_cgroups(void)
Definition: api.c:4673
cgroup
Definition: libcgroup-internal.h:115
-- 2.47.2