[libcgroup/f14/master] Fixed interaction with systemd (libcgroup ignores systemd hierarchy) Moved the default mount point t
Jan Šafránek
jsafrane at fedoraproject.org
Fri Sep 3 11:02:07 UTC 2010
commit 85d5d82e5ab8bc259e82646d4d8dd138258c3f01
Author: Jan Safranek <jsafrane at redhat.com>
Date: Fri Sep 3 13:02:03 2010 +0200
Fixed interaction with systemd (libcgroup ignores systemd hierarchy)
Moved the default mount point to /sys/fs/cgroup
Resolves: #626794 #627381
fedora-config.patch | 21 +++--
fedora-nochdir.patch | 124 +++++++++++++++++++++++++++++
fedora-sys.patch | 214 ++++++++++++++++++++++++++++++++++++++++++++++++++
fedora-systemd.patch | 25 ++++++
libcgroup.spec | 13 +++-
5 files changed, 387 insertions(+), 10 deletions(-)
---
diff --git a/fedora-config.patch b/fedora-config.patch
index f8c8f58..16938a7 100644
--- a/fedora-config.patch
+++ b/fedora-config.patch
@@ -3,7 +3,7 @@ Fedora specific configuration - we want to mount all controllers by default for
diff -up libcgroup-0.34/samples/cgconfig.conf.orig libcgroup-0.34/samples/cgconfig.conf
--- libcgroup-0.34/samples/cgconfig.conf.orig 2009-03-04 10:40:06.000000000 +0100
+++ libcgroup-0.34/samples/cgconfig.conf 2009-10-19 10:17:37.000000000 +0200
-@@ -10,39 +10,17 @@
+@@ -10,39 +10,20 @@
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
@@ -44,16 +44,19 @@ diff -up libcgroup-0.34/samples/cgconfig.conf.orig libcgroup-0.34/samples/cgconf
-# cpu = /mnt/cgroups/cpu;
-# cpuacct = /mnt/cgroups/cpuacct;
-#}
-+# By default, mount all controllers to /cgroup/<controller>
++# By default, mount all separately controllers
++# to /sys/fs/cgroup/<controller name>
+
+mount {
-+ cpuset = /cgroup/cpuset;
-+ cpu = /cgroup/cpu;
-+ cpuacct = /cgroup/cpuacct;
-+ memory = /cgroup/memory;
-+ devices = /cgroup/devices;
-+ freezer = /cgroup/freezer;
-+ net_cls = /cgroup/net_cls;
++ cpuset = /sys/fs/cgroup/cpuset;
++ cpu = /sys/fs/cgroup/cpu;
++ cpuacct = /sys/fs/cgroup/cpuacct;
++ memory = /sys/fs/cgroup/memory;
++ devices = /sys/fs/cgroup/devices;
++ freezer = /sys/fs/cgroup/freezer;
++ net_cls = /sys/fs/cgroup/net_cls;
++ ns = /sys/fs/cgroup/ns;
++ blkio = /sys/fs/cgroup/blkio;
+}
+
diff -up libcgroup-0.35.1/samples/cgconfig.sysconfig.orig libcgroup-0.35.1/samples/cgconfig.sysconfig
diff --git a/fedora-nochdir.patch b/fedora-nochdir.patch
new file mode 100644
index 0000000..bba7849
--- /dev/null
+++ b/fedora-nochdir.patch
@@ -0,0 +1,124 @@
+Don't use chdir
+
+From: Jan Safranek <jsafrane at redhat.com>
+
+Rewrite cg_mkdir_p so it does not change current working directory.
+
+Old sequence of operations when creating e.g. /cgroup/cpu
+$OLDCWD=$PWD
+cd /
+mkdir cgroup
+cd cgroup
+mkdir cpu
+cd $OLDCWD
+
+New sequence is:
+mkdir /cgroup
+mkdir /cgroup/cpu
+
+Some tools, namely those used in /etc/init.d/cgconfig, might be executed with
+security constrained context, which does not allow them to access certain
+directories (like /var/log/audit). And when e.g. cgconfigparser is executed in
+/var/log/audit as current working directory, chdir("/var/log/audit") in
+cg_mkdir_p() fails. As consequence, "/etc/init.d/cgconfig start" randomly fails
+or succeeds, depending on current working directory and current SELinux policy.
+
+Signed-off-by: Jan Safranek <jsafrane at redhat.com>
+---
+
+ src/api.c | 57 +++++++++++----------------------------------------------
+ 1 files changed, 11 insertions(+), 46 deletions(-)
+
+
+diff --git a/src/api.c b/src/api.c
+index 4bd6b46..66734ed 100644
+--- a/src/api.c
++++ b/src/api.c
+@@ -1026,20 +1026,9 @@ int cgroup_attach_task(struct cgroup *cgroup)
+ int cg_mkdir_p(const char *path)
+ {
+ char *real_path = NULL;
+- char *wd = NULL;
+- int i = 0, j = 0;
++ int i = 0;
+ char pos;
+- char *str = NULL;
+ int ret = 0;
+- char cwd[FILENAME_MAX];
+- char *buf = NULL;
+-
+- buf = getcwd(cwd, FILENAME_MAX);
+-
+- if (!buf) {
+- last_errno = errno;
+- return ECGOTHER;
+- }
+
+ real_path = strdup(path);
+ if (!real_path) {
+@@ -1048,23 +1037,16 @@ int cg_mkdir_p(const char *path)
+ }
+
+ do {
+- while (real_path[j] != '\0' && real_path[j] != '/')
+- j++;
+- while (real_path[j] != '\0' && real_path[j] == '/')
+- j++;
+- if (i == j)
+- continue;
+- pos = real_path[j];
+- real_path[j] = '\0'; /* Temporarily overwrite "/" */
+- str = &real_path[i];
+- ret = mkdir(str, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
+- wd = strdup(str);
+- if (!wd) {
+- last_errno = errno;
+- ret = ECGOTHER;
+- break;
+- }
+- real_path[j] = pos;
++ while (real_path[i] != '\0' && real_path[i] == '/')
++ i++;
++ if (real_path[i] == '\0')
++ break; /* The path ends with '/', ignore it. */
++ while (real_path[i] != '\0' && real_path[i] != '/')
++ i++;
++ pos = real_path[i];
++ real_path[i] = '\0'; /* Temporarily overwrite "/" */
++ ret = mkdir(real_path, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
++ real_path[i] = pos;
+ if (ret) {
+ switch (errno) {
+ case EEXIST:
+@@ -1072,31 +1054,14 @@ int cg_mkdir_p(const char *path)
+ break;
+ case EPERM:
+ ret = ECGROUPNOTOWNER;
+- free(wd);
+ goto done;
+ default:
+ ret = ECGROUPNOTALLOWED;
+- free(wd);
+ goto done;
+ }
+ }
+- i = j;
+- ret = chdir(wd);
+- if (ret) {
+- cgroup_dbg("could not chdir to child directory (%s)\n",
+- wd);
+- break;
+- }
+- free(wd);
+ } while (real_path[i]);
+
+- ret = chdir(buf);
+- if (ret) {
+- last_errno = errno;
+- ret = ECGOTHER;
+- cgroup_dbg("could not go back to old directory (%s)\n", cwd);
+- }
+-
+ done:
+ free(real_path);
+ return ret;
diff --git a/fedora-sys.patch b/fedora-sys.patch
new file mode 100644
index 0000000..1ab012c
--- /dev/null
+++ b/fedora-sys.patch
@@ -0,0 +1,214 @@
+Mount everything into /sys/fs/cgroup by force
+
+(this patch is under discussion now)
+
+Author (code): Dhaval Giani <dhaval.giani at gmail.com>
+Author (doc): Jan Safranek <jsafrane at redhat.com>
+
+--- libcgroup-0.36.2.orig/src/config.c
++++ libcgroup-0.36.2/src/config.c
+@@ -49,6 +49,8 @@ unsigned int MAX_CGROUPS = 64; /* NOTE:
+ extern FILE *yyin;
+ extern int yyparse(void);
+
++#define CGROUP_MOUNT_POINT "/sys/fs/cgroup/"
++
+ /*
+ * The basic global data structures.
+ *
+@@ -355,7 +357,9 @@ int cgroup_config_insert_into_mount_tabl
+ }
+
+ strcpy(config_mount_table[config_table_index].name, name);
+- strcpy(config_mount_table[config_table_index].path, mount_point);
++ strcpy(config_mount_table[config_table_index].path, CGROUP_MOUNT_POINT);
++ strncat(config_mount_table[config_table_index].path, mount_point,
++ FILENAME_MAX - strlen(CGROUP_MOUNT_POINT));
+ config_table_index++;
+ done:
+ pthread_rwlock_unlock(&config_table_lock);
+diff -up libcgroup-0.36.2/doc/man/cgconfig.conf.5.orig libcgroup-0.36.2/doc/man/cgconfig.conf.5
+--- libcgroup-0.36.2/doc/man/cgconfig.conf.5.orig 2010-09-03 12:28:48.178971797 +0200
++++ libcgroup-0.36.2/doc/man/cgconfig.conf.5 2010-09-03 12:28:17.000000000 +0200
+@@ -48,9 +48,11 @@ Example 1) and the directory is mounted
+ .TP
+ .B path
+ The directory path, where group hierarchy associated to given
+-controller, shall be mounted. The directory is created
+-automatically on cgconfig service startup if it does not exist and
+-is deleted on service shutdown.
++controller, shall be mounted. '/sys/fs/cgroup/' is automatically
++added to the path to ensure all control groups are created under
++/sys/fs/cgroup. The directory is created
++automatically on cgconfig service startup and is deleted on service
++shutdown.
+ .LP
+ .I group
+ section has the form:
+@@ -183,8 +185,8 @@ The configuration file:
+ .nf
+ mount {
+ .RS
+-cpu = /mnt/cgroups/cpu;
+-cpuacct = /mnt/cgroups/cpu;
++cpu = cpu;
++cpuacct = cpu;
+ .RE
+ }
+ .fi
+@@ -195,8 +197,8 @@ inside. It corresponds to following oper
+ .LP
+ .RS
+ .nf
+-mkdir /mnt/cgroups/cpu
+-mount -t cgroup -o cpu,cpuacct cpu /mnt/cgroups/cpu
++mkdir /sys/fs/cgroup/cpu
++mount -t cgroup -o cpu,cpuacct cpu /sys/fs/cgroup/cpu
+ .fi
+ .RE
+
+@@ -208,8 +210,8 @@ The configuration file:
+ .nf
+ mount {
+ .RS
+-cpu = /mnt/cgroups/cpu;
+-cpuacct = /mnt/cgroups/cpu;
++cpu = cpu;
++cpuacct = cpu;
+ .RE
+ }
+
+@@ -272,20 +274,20 @@ It corresponds to following operations:
+ .LP
+ .RS
+ .nf
+-mkdir /mnt/cgroups/cpu
+-mount -t cgroup -o cpu,cpuacct cpu /mnt/cgroups/cpu
++mkdir /sys/fs/cgroup/cpu
++mount -t cgroup -o cpu,cpuacct cpu /sys/fs/cgroup/cpu
+
+-mkdir /mnt/cgroups/cpu/daemons
++mkdir /sys/fs/cgroup/cpu/daemons
+
+-mkdir /mnt/cgroups/cpu/daemons/www
+-chown root:root /mnt/cgroups/cpu/daemons/www/*
+-chown root:webmaster /mnt/cgroups/cpu/daemons/www/tasks
+-echo 1000 > /mnt/cgroups/cpu/daemons/www/cpu.shares
+-
+-mkdir /mnt/cgroups/cpu/daemons/ftp
+-chown root:root /mnt/cgroups/cpu/daemons/ftp/*
+-chown root:ftpmaster /mnt/cgroups/cpu/daemons/ftp/tasks
+-echo 500 > /mnt/cgroups/cpu/daemons/ftp/cpu.shares
++mkdir /sys/fs/cgroup/cpu/daemons/www
++chown root:root /sys/fs/cgroup/cpu/daemons/www/*
++chown root:webmaster /sys/fs/cgroup/cpu/daemons/www/tasks
++echo 1000 > /sys/fs/cgroup/cpu/daemons/www/cpu.shares
++
++mkdir /sys/fs/cgroup/cpu/daemons/ftp
++chown root:root /sys/fs/cgroup/cpu/daemons/ftp/*
++chown root:ftpmaster /sys/fs/cgroup/cpu/daemons/ftp/tasks
++echo 500 > /sys/fs/cgroup/cpu/daemons/ftp/cpu.shares
+ .fi
+ .RE
+
+@@ -316,8 +318,8 @@ The configuration file:
+ .nf
+ mount {
+ .RS
+-cpu = /mnt/cgroups/cpu;
+-cpuacct = /mnt/cgroups/cpuacct;
++cpu = cpu;
++cpuacct = cpuacct;
+ .RE
+ }
+
+@@ -336,13 +338,13 @@ It corresponds to following operations:
+ .LP
+ .RS
+ .nf
+-mkdir /mnt/cgroups/cpu
+-mkdir /mnt/cgroups/cpuacct
+-mount -t cgroup -o cpu cpu /mnt/cgroups/cpu
+-mount -t cgroup -o cpuacct cpuacct /mnt/cgroups/cpuacct
++mkdir /sys/fs/cgroup/cpu
++mkdir /sys/fs/cgroup/cpuacct
++mount -t cgroup -o cpu cpu /sys/fs/cgroup/cpu
++mount -t cgroup -o cpuacct cpuacct /sys/fs/cgroup/cpuacct
+
+-mkdir /mnt/cgroups/cpu/daemons
+-mkdir /mnt/cgroups/cpuacct/daemons
++mkdir /sys/fs/cgroup/cpu/daemons
++mkdir /sys/fs/cgroup/cpuacct/daemons
+ .fi
+ .RE
+
+@@ -363,8 +365,8 @@ The configuration file:
+ .nf
+ mount {
+ .RS
+-cpu = /mnt/cgroups/cpu;
+-cpuacct = /mnt/cgroups/cpuacct;
++cpu = cpu;
++cpuacct = cpuacct;
+ .RE
+ }
+
+@@ -403,15 +405,15 @@ It corresponds to following operations:
+ .LP
+ .RS
+ .nf
+-mkdir /mnt/cgroups/cpu
+-mkdir /mnt/cgroups/cpuacct
+-mount -t cgroup -o cpu cpu /mnt/cgroups/cpu
+-mount -t cgroup -o cpuacct cpuacct /mnt/cgroups/cpuacct
+-
+-mkdir /mnt/cgroups/cpuacct/daemons
+-mkdir /mnt/cgroups/cpu/daemons
+-mkdir /mnt/cgroups/cpu/daemons/www
+-mkdir /mnt/cgroups/cpu/daemons/ftp
++mkdir /sys/fs/cgroup/cpu
++mkdir /sys/fs/cgroup/cpuacct
++mount -t cgroup -o cpu cpu /sys/fs/cgroup/cpu
++mount -t cgroup -o cpuacct cpuacct /sys/fs/cgroup/cpuacct
++
++mkdir /sys/fs/cgroup/cpuacct/daemons
++mkdir /sys/fs/cgroup/cpu/daemons
++mkdir /sys/fs/cgroup/cpu/daemons/www
++mkdir /sys/fs/cgroup/cpu/daemons/ftp
+ .fi
+ .RE
+ Group
+@@ -442,8 +444,8 @@ The configuration file:
+ .nf
+ mount {
+ .RS
+-cpu = /mnt/cgroups/cpu;
+-cpuacct = /mnt/cgroups/cpu;
++cpu = cpu;
++cpuacct = cpu;
+ .RE
+ }
+
+@@ -500,15 +502,15 @@ It corresponds to following operations:
+ .LP
+ .RS
+ .nf
+-mkdir /mnt/cgroups/cpu
+-mount -t cgroup -o cpu,cpuacct cpu /mnt/cgroups/cpu
++mkdir /sys/fs/cgroup/cpu
++mount -t cgroup -o cpu,cpuacct cpu /sys/fs/cgroup/cpu
+
+-chown root:operator /mnt/cgroups/cpu/*
+-chown root:operator /mnt/cgroups/cpu/tasks
++chown root:operator /sys/fs/cgroup/cpu/*
++chown root:operator /sys/fs/cgroup/cpu/tasks
+
+-mkdir /mnt/cgroups/cpu/daemons
+-chown root:operator /mnt/cgroups/cpu/daemons/*
+-chown root:daemonmaster /mnt/cgroups/cpu/daemons/tasks
++mkdir /sys/fs/cgroup/cpu/daemons
++chown root:operator /sys/fs/cgroup/cpu/daemons/*
++chown root:daemonmaster /sys/fs/cgroup/cpu/daemons/tasks
+ .fi
+ .RE
+
diff --git a/fedora-systemd.patch b/fedora-systemd.patch
new file mode 100644
index 0000000..c48b4ed
--- /dev/null
+++ b/fedora-systemd.patch
@@ -0,0 +1,25 @@
+Don't mess with systemd hierarchy at all, just ignore it.
+
+Quick & dirty, but working for now.
+
+Author: Dhaval Giani <dhaval.giani at gmail.com>
+
+Index: libcgroup-0.36.2/src/api.c
+===================================================================
+--- libcgroup-0.36.2.orig/src/api.c
++++ libcgroup-0.36.2/src/api.c
+@@ -772,6 +772,14 @@ int cgroup_init(void)
+ * Check if it is a duplicate
+ */
+ duplicate = 0;
++
++ /*
++ * Ignore anything to do with systemd
++ */
++ if (strncmp(mntopt, "name=systemd",
++ strlen("name=systemd")) == 0)
++ continue;
++
+ for (j = 0; j < found_mnt; j++) {
+ if (strncmp(mntopt, cg_mount_table[j].name,
+ FILENAME_MAX) == 0) {
diff --git a/libcgroup.spec b/libcgroup.spec
index 73a2538..a02cf78 100644
--- a/libcgroup.spec
+++ b/libcgroup.spec
@@ -5,7 +5,7 @@ Name: libcgroup
Summary: Tools and libraries to control and monitor control groups
Group: Development/Libraries
Version: 0.36.2
-Release: 2%{?dist}
+Release: 3%{?dist}
License: LGPLv2+
URL: http://libcg.sourceforge.net/
Source0: http://downloads.sourceforge.net/libcg/%{name}-%{version}.tar.bz2
@@ -13,6 +13,10 @@ Source1: README.Fedora
Patch1: fedora-config.patch
Patch2: fedora-fix-initscripts.patch
Patch3: libcgroup-0.36.2-initscripts.patch
+Patch4: fedora-systemd.patch
+Patch5: fedora-sys.patch
+Patch6: fedora-nochdir.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pam-devel
BuildRequires: byacc
@@ -49,6 +53,9 @@ provide scripts to manage that configuration.
%patch1 -p1 -b .config
%patch2 -p1 -b .lsb
%patch3 -p1 -b .running
+%patch4 -p1 -b .systemd
+#%patch5 -p1 -b .sys
+%patch6 -p1 -b .nochdir
%build
%configure --bindir=/bin --sbindir=/sbin --libdir=%{_libdir} --enable-initscript-install --enable-pam-module-dir=/%{_lib}/security
@@ -143,6 +150,10 @@ fi
%doc COPYING INSTALL
%changelog
+* Fri Sep 3 2010 Jan Safranek <jsafrane at redhat.com> 0.36.2-3
+- Fixed interaction with systemd (libcgroup ignores systemd hierarchy; #626794).
+- Moved the default mount point to /sys/fs/cgroup (#627381)
+
* Mon Aug 2 2010 Jan Safranek <jsafrane at redhat.com> 0.36.2-2
- Fix initscripts to report stopped cgconfig service as not running
(#619091)
More information about the scm-commits
mailing list