diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-11-09 15:29:34 +0100 |
---|---|---|
committer | Sven Eden <yamakuzure@gmx.net> | 2017-11-09 15:29:34 +0100 |
commit | ec9a1d982ba4327a31158b78ceea49e582ff493d (patch) | |
tree | f10088774b21b90556dbcde4069f6f01ef36a446 /src | |
parent | f3d32ccc5e78e7f40538a8e3672b449148beb343 (diff) |
core: rework the Delegate= unit file setting to take a list of controller names
Previously it was not possible to select which controllers to enable for
a unit where Delegate=yes was set, as all controllers were enabled. With
this change, this is made configurable, and thus delegation units can
pick specifically what they want to manage themselves, and what they
don't care about.
Diffstat (limited to 'src')
-rw-r--r-- | src/core/cgroup.c | 50 | ||||
-rw-r--r-- | src/core/cgroup.h | 4 |
2 files changed, 38 insertions, 16 deletions
diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 33779110d..f14709c69 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -210,6 +210,16 @@ void cgroup_context_dump(CGroupContext *c, FILE* f, const char *prefix) { prefix, cgroup_device_policy_to_string(c->device_policy), prefix, yes_no(c->delegate)); + if (c->delegate) { + _cleanup_free_ char *t = NULL; + + (void) cg_mask_to_string(c->delegate_controllers, &t); + + fprintf(f, "%sDelegateController=%s\n", + prefix, + strempty(t)); + } + LIST_FOREACH(device_allow, a, c->device_allow) fprintf(f, "%sDeviceAllow=%s %s%s%s\n", @@ -1064,37 +1074,47 @@ CGroupMask unit_get_own_mask(Unit *u) { if (!c) return 0; - /* If delegation is turned on, then turn on all cgroups, - * unless we are on the legacy hierarchy and the process we - * fork into it is known to drop privileges, and hence - * shouldn't get access to the controllers. + return cgroup_context_get_mask(c); +} + +CGroupMask unit_get_delegate_mask(Unit *u) { + CGroupContext *c; + + /* If delegation is turned on, then turn on selected controllers, unless we are on the legacy hierarchy and the + * process we fork into is known to drop privileges, and hence shouldn't get access to the controllers. * - * Note that on the unified hierarchy it is safe to delegate - * controllers to unprivileged services. */ + * Note that on the unified hierarchy it is safe to delegate controllers to unprivileged services. */ - if (c->delegate) { + if (u->type == UNIT_SLICE) + return 0; + + c = unit_get_cgroup_context(u); + if (!c) + return 0; + + if (!c->delegate) + return 0; + + if (cg_all_unified() <= 0) { ExecContext *e; e = unit_get_exec_context(u); - if (!e || - exec_context_maintains_privileges(e) || - cg_all_unified() > 0) - return _CGROUP_MASK_ALL; + if (e && !exec_context_maintains_privileges(e)) + return 0; } - return cgroup_context_get_mask(c); + return c->delegate_controllers; } CGroupMask unit_get_members_mask(Unit *u) { assert(u); - /* Returns the mask of controllers all of the unit's children - * require, merged */ + /* Returns the mask of controllers all of the unit's children require, merged */ if (u->cgroup_members_mask_valid) return u->cgroup_members_mask; - u->cgroup_members_mask = 0; + u->cgroup_members_mask = unit_get_delegate_mask(u); if (u->type == UNIT_SLICE) { void *v; diff --git a/src/core/cgroup.h b/src/core/cgroup.h index be5103f6c..1f0fefe9d 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h @@ -127,6 +127,7 @@ struct CGroupContext { uint64_t tasks_max; bool delegate; + CGroupMask delegate_controllers; }; /* Used when querying IP accounting data */ @@ -154,8 +155,9 @@ void cgroup_context_free_blockio_device_weight(CGroupContext *c, CGroupBlockIODe void cgroup_context_free_blockio_device_bandwidth(CGroupContext *c, CGroupBlockIODeviceBandwidth *b); CGroupMask unit_get_own_mask(Unit *u); -CGroupMask unit_get_siblings_mask(Unit *u); +CGroupMask unit_get_delegate_mask(Unit *u); CGroupMask unit_get_members_mask(Unit *u); +CGroupMask unit_get_siblings_mask(Unit *u); CGroupMask unit_get_subtree_mask(Unit *u); CGroupMask unit_get_target_mask(Unit *u); |