cgroup-util.c revision 974efc46586854b1f23ccf153b36199c77919de6
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering This file is part of systemd.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering Copyright 2010 Lennart Poettering
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering systemd is free software; you can redistribute it and/or modify it
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering under the terms of the GNU Lesser General Public License as published by
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering the Free Software Foundation; either version 2.1 of the License, or
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering (at your option) any later version.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering systemd is distributed in the hope that it will be useful, but
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering WITHOUT ANY WARRANTY; without even the implied warranty of
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering Lesser General Public License for more details.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering You should have received a copy of the GNU Lesser General Public License
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering along with systemd; If not, see <http://www.gnu.org/licenses/>.
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringint cg_enumerate_processes(const char *controller, const char *path, FILE **_f) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering r = cg_get_path(controller, path, "cgroup.procs", &fs);
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringint cg_enumerate_tasks(const char *controller, const char *path, FILE **_f) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering r = cg_get_path(controller, path, "tasks", &fs);
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering unsigned long ul;
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering /* Note that the cgroup.procs might contain duplicates! See
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * cgroups.txt for details. */
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringint cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering /* This is not recursive! */
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering r = cg_get_path(controller, path, NULL, &fs);
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringint cg_rmdir(const char *controller, const char *path, bool honour_sticky) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering r = cg_get_path(controller, path, NULL, &p);
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering /* If the sticky bit is set don't remove the directory */
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering return (r < 0 && errno != ENOENT) ? -errno : 0;
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringint cg_kill(const char *controller, const char *path, int sig, bool sigcont, bool ignore_self, Set *s) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering /* This goes through the tasks list and kills them all. This
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * is repeated until no further processes are added to the
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * tasks list, to properly handle forking processes */
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering if (!(s = allocated_set = set_new(trivial_hash_func, trivial_compare_func)))
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering if ((r = cg_enumerate_processes(controller, path, &f)) < 0) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering if (set_get(s, LONG_TO_PTR(pid)) == LONG_TO_PTR(pid))
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering /* If we haven't killed this process yet, kill
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering } else if (ret == 0) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering if ((r = set_put(s, LONG_TO_PTR(pid))) < 0) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering /* To avoid racing against processes which fork
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * quicker than we can kill them we repeat this until
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * no new pids need to be killed. */
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringint cg_kill_recursive(const char *controller, const char *path, int sig, bool sigcont, bool ignore_self, bool rem, Set *s) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering if (!(s = allocated_set = set_new(trivial_hash_func, trivial_compare_func)))
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering ret = cg_kill(controller, path, sig, sigcont, ignore_self, s);
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering if ((r = cg_enumerate_subgroups(controller, path, &d)) < 0) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering while ((r = cg_read_subgroup(d, &fn)) > 0) {
b9d394ea565fd742bcdd34e8dd61ae07c58a9565Lennart Poettering r = cg_kill_recursive(controller, p, sig, sigcont, ignore_self, rem, s);
b9d394ea565fd742bcdd34e8dd61ae07c58a9565Lennart Poettering if (r != 0 && ret >= 0)
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering if (r < 0 && ret >= 0)
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering if ((r = cg_rmdir(controller, path, true)) < 0) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringint cg_kill_recursive_and_wait(const char *controller, const char *path, bool rem) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering /* This safely kills all processes; first it sends a SIGTERM,
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * then checks 8 times after 200ms whether the group is now
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * empty, then kills everything that is left with SIGKILL and
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * finally checks 5 times after 200ms each whether the group
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * is finally empty. */
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering for (i = 0; i < 15; i++) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering else if (i == 9)
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering if ((r = cg_kill_recursive(controller, path, sig, true, true, rem, NULL)) <= 0)
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringint cg_migrate(const char *cfrom, const char *pfrom, const char *cto, const char *pto, bool ignore_self) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering s = set_new(trivial_hash_func, trivial_compare_func);
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering r = cg_enumerate_tasks(cfrom, pfrom, &f);
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering /* This might do weird stuff if we aren't a
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * single-threaded program. However, we
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering * luckily know we are not */
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering if (set_get(s, LONG_TO_PTR(pid)) == LONG_TO_PTR(pid))
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering } else if (ret == 0)
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringint cg_migrate_recursive(const char *cfrom, const char *pfrom, const char *cto, const char *pto, bool ignore_self, bool rem) {
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering ret = cg_migrate(cfrom, pfrom, cto, pto, ignore_self);
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering r = cg_enumerate_subgroups(cfrom, pfrom, &d);
74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering while ((r = cg_read_subgroup(d, &fn)) > 0) {
if (ret >= 0)
return ret;
if (r != 0 && ret >= 0)
ret = r;
if (r < 0 && ret >= 0)
ret = r;
if (rem) {
return ret;
return controller;
char *t = NULL;
return -EINVAL;
if (controller) {
else if (path)
else if (suffix)
else if (path)
return -ENOMEM;
*fs = t;
return r < 0 ? r : -ENOENT;
good = true;
static int check(const char *p) {
char *cc;
assert(p);
return -errno;
int cg_get_path_and_check(const char *controller, const char *path, const char *suffix, char **fs) {
return -EINVAL;
r = check(p);
bool is_sticky;
free(p);
if (is_sticky)
char *fs;
errno = 0;
if (delete_root) {
bool is_sticky;
return -ENOMEM;
free(p);
if (!is_sticky)
r = -errno;
char *parent;
return r == -ENOENT ? 0 : r;
if (pid == 0)
int cg_set_group_access(const char *controller, const char *path, mode_t mode, uid_t uid, gid_t gid) {
int cg_set_task_access(
const char *controller,
const char *path,
int sticky) {
return -errno;
char *p = NULL;
FILE *f;
char *fs;
if (pid == 0)
return -ENOMEM;
while (!feof(f)) {
errno = 0;
if (feof(f))
goto finish;
r = -ENOMEM;
goto finish;
*path = p;
goto finish;
r = -ENOENT;
fclose(f);
goto finish;
if (sc[0] == 0) {
r = -ENOMEM;
goto finish;
goto finish;
r = -EEXIST;
goto finish;
goto finish;
goto finish;
goto finish;
r = -EIO;
goto finish;
bool found = false;
found = true;
fclose(f);
return !found;
char *fn;
char *p = NULL;
r = -ENOMEM;
goto finish;
free(p);
goto finish;
closedir(d);
return -EINVAL;
if (path) {
return -ENOMEM;
*path = t;
if (controller)
return -EINVAL;
if (controller) {
return -ENOMEM;
*controller = t;
if (path)
return -ENOMEM;
if (!filename_is_safe(t)) {
free(t);
return -EINVAL;
free(t);
return -ENOMEM;
if (!path_is_safe(u)) {
free(t);
free(u);
return -EINVAL;
if (controller)
*controller = t;
free(t);
if (path)
*path = u;
free(u);
controller[0] == 0 ||
return -EINVAL;
return -ENOMEM;
return -ENOMEM;
*result = t;
free(c);
free(p);
char *root, *p;
root[0] = 0;
return -ENOMEM;
*path = p;
if (!controllers)
return controllers;
free(*f);
p = normalize_controller(*f);
r = check(p);
free(*f);
*t = NULL;
return controllers;
if (pid == 0)
cg_init[0] = 0;
p = cg_process;
if (cgroup) {
c = strdup(p);
return -ENOMEM;
*cgroup = c;
if (root) {
char *at;
if (at) {
return -EINVAL;
if (!s || !i2)
return -ENOMEM;
assert(p);
return -EINVAL;
if (!*unit)
return -ENOMEM;
return -ENOENT;
const char *dot;
return -EINVAL;
if (!dot) {
return -ENOMEM;
if (!filename_is_safe(c)) {
free(c);
return -EINVAL;
*controller = c;