oci-systemd-hook: Always pass through all the cgroup mounts

If the root name space has additional cgroup mounts, pass them to the container. Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
author: Jason Wessel <jason.wessel@windriver.com> 2017-11-14 07:52:06 -0800
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2017-11-14 12:34:50 -0500
commit: bb811bdbad0b994a1580e26e9379390edb00f991 (patch)
tree: 67fb8c01da876efb0a3a134ed83741d166f247bd
parent: 25fa17b0bb6c201ed85af7bb0451500af9df5b63 (diff)
download: meta-virtualization-bb811bdbad0b994a1580e26e9379390edb00f991.tar.gz
2 files changed, 77 insertions, 0 deletions
diff --git a/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
new file mode 100644
index 00000000..753a77d1
--- /dev/null
+++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
@@ -0,0 +1,76 @@
+From f59cddcedd6535e0b809ec9b4e95672d34b41a16 Mon Sep 17 00:00:00 2001
+From: Jason Wessel <jason.wessel@windriver.com>
+Date: Tue, 14 Nov 2017 07:41:41 -0800
+Subject: [PATCH] Add additional cgroup mounts from root NS automatically
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+---
+ src/systemdhook.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 45 insertions(+)
+diff --git a/src/systemdhook.c b/src/systemdhook.c
+index 78575ef..f735484 100644
+--- a/src/systemdhook.c
+++ b/src/systemdhook.c
+@@ -238,6 +238,11 @@ static char *get_process_cgroup_subsystem_path(int pid, const char *subsystem) {
+ static int mount_cgroup(const char *rootfs, const char *options, char *systemd_path)
+ {
+        _cleanup_free_ char *cgroup_path = NULL;
+       char *spath, *dpath;
+       DIR *dir;
+       struct dirent *d;
+       char link[80];
+       int got;
+ 
+        if (asprintf(&cgroup_path, "%s/%s", rootfs, CGROUP_ROOT) < 0) {
+                pr_perror("Failed to create path for %s", CGROUP_ROOT);
+@@ -256,6 +261,46 @@ static int mount_cgroup(const char *rootfs, const char *options, char *systemd_p
+                pr_perror("Failed to mkdir new dest: %s", systemd_path);
+                return -1;
+        }
+       /* Create all additional cgroup mounts which are in the root namespace */
+       dir = opendir(CGROUP_ROOT);
+       if (!dir) {
+               pr_perror("Failed to open %s", CGROUP_ROOT);
+               return -1;
+       }
+       /* Skip "." and ".." */
+       readdir(dir);
+       readdir(dir);
+       while ((d = readdir(dir))) {
+               /* Systemd is already handled above */
+               if (strcmp(d->d_name, "systemd") == 0) {
+                       continue;
+               }
+               if (asprintf(&spath, "%s/%s", CGROUP_ROOT, d->d_name) < 0) {
+                       pr_perror("Failed to create path for %s", d->d_name);
+                       return -1;
+               }
+               if (asprintf(&dpath, "%s%s/%s", rootfs, CGROUP_ROOT, d->d_name) < 0) {
+                       pr_perror("Failed to create path for %s", d->d_name);
+                       return -1;
+               }
+               got = readlink(spath, link, sizeof(link) - 1);
+               if (got > 0) {
+                       link[got] = '\0';
+                       symlink(link, dpath);
+               } else {
+                       if ((makepath(dpath, 0755) == -1) && (errno != EEXIST)) {
+                               pr_perror("Failed to mkdir new dest: %s", dpath);
+                               return -1;
+                       }
+                       if (bind_mount(spath, dpath, false)) {
+                               pr_perror("Failed to bind mount %s on %s", spath, dpath);
+                               return -1;
+                       }
+               }
+               free(spath);
+               free(dpath);
+       }
+       closedir(dir);
+        if (mount(cgroup_path, cgroup_path, "bind", MS_REMOUNT|MS_BIND|MS_RDONLY, "") == -1) {
+                pr_perror("Failed to remount %s readonly", cgroup_path);
+                return -1;
+-- 
+2.11.0
diff --git a/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb b/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
index fc889053..e07b7410 100644
--- a/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
+++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
@@ -10,6 +10,7 @@ SRCREV = "1ac958a4197a9ea52174812fc7d7d036af8140d3"
 SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \
           file://0001-selinux-drop-selinux-support.patch \
           file://0001-configure-drop-selinux-support.patch \
+           file://0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch \
 "
 PV = "0.0.1+git${SRCPV}"
author	Jason Wessel <jason.wessel@windriver.com>	2017-11-14 07:52:06 -0800
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2017-11-14 12:34:50 -0500
commit	bb811bdbad0b994a1580e26e9379390edb00f991 (patch)
tree	67fb8c01da876efb0a3a134ed83741d166f247bd
parent	25fa17b0bb6c201ed85af7bb0451500af9df5b63 (diff)
download	meta-virtualization-bb811bdbad0b994a1580e26e9379390edb00f991.tar.gz

diff --git a/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch new file mode 100644 index 00000000..753a77d1 --- /dev/null +++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
@@ -0,0 +1,76 @@
		1	From f59cddcedd6535e0b809ec9b4e95672d34b41a16 Mon Sep 17 00:00:00 2001
		2	From: Jason Wessel <jason.wessel@windriver.com>
		3	Date: Tue, 14 Nov 2017 07:41:41 -0800
		4	Subject: [PATCH] Add additional cgroup mounts from root NS automatically
		5
		6	Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
		7	---
		8	src/systemdhook.c \| 45 +++++++++++++++++++++++++++++++++++++++++++++
		9	1 file changed, 45 insertions(+)
		10
		11	diff --git a/src/systemdhook.c b/src/systemdhook.c
		12	index 78575ef..f735484 100644
		13	--- a/src/systemdhook.c
		14	+++ b/src/systemdhook.c
		15	@@ -238,6 +238,11 @@ static char get_process_cgroup_subsystem_path(int pid, const char subsystem) {
		16	static int mount_cgroup(const char rootfs, const char options, char *systemd_path)
		17	{
		18	_cleanup_free_ char *cgroup_path = NULL;
		19	+ char spath, dpath;
		20	+ DIR *dir;
		21	+ struct dirent *d;
		22	+ char link[80];
		23	+ int got;
		24
		25	if (asprintf(&cgroup_path, "%s/%s", rootfs, CGROUP_ROOT) < 0) {
		26	pr_perror("Failed to create path for %s", CGROUP_ROOT);
		27	@@ -256,6 +261,46 @@ static int mount_cgroup(const char rootfs, const char options, char *systemd_p
		28	pr_perror("Failed to mkdir new dest: %s", systemd_path);
		29	return -1;
		30	}
		31	+ /* Create all additional cgroup mounts which are in the root namespace */
		32	+ dir = opendir(CGROUP_ROOT);
		33	+ if (!dir) {
		34	+ pr_perror("Failed to open %s", CGROUP_ROOT);
		35	+ return -1;
		36	+ }
		37	+ /* Skip "." and ".." */
		38	+ readdir(dir);
		39	+ readdir(dir);
		40	+ while ((d = readdir(dir))) {
		41	+ /* Systemd is already handled above */
		42	+ if (strcmp(d->d_name, "systemd") == 0) {
		43	+ continue;
		44	+ }
		45	+ if (asprintf(&spath, "%s/%s", CGROUP_ROOT, d->d_name) < 0) {
		46	+ pr_perror("Failed to create path for %s", d->d_name);
		47	+ return -1;
		48	+ }
		49	+ if (asprintf(&dpath, "%s%s/%s", rootfs, CGROUP_ROOT, d->d_name) < 0) {
		50	+ pr_perror("Failed to create path for %s", d->d_name);
		51	+ return -1;
		52	+ }
		53	+ got = readlink(spath, link, sizeof(link) - 1);
		54	+ if (got > 0) {
		55	+ link[got] = '\0';
		56	+ symlink(link, dpath);
		57	+ } else {
		58	+ if ((makepath(dpath, 0755) == -1) && (errno != EEXIST)) {
		59	+ pr_perror("Failed to mkdir new dest: %s", dpath);
		60	+ return -1;
		61	+ }
		62	+ if (bind_mount(spath, dpath, false)) {
		63	+ pr_perror("Failed to bind mount %s on %s", spath, dpath);
		64	+ return -1;
		65	+ }
		66	+ }
		67	+ free(spath);
		68	+ free(dpath);
		69	+ }
		70	+ closedir(dir);
		71	if (mount(cgroup_path, cgroup_path, "bind", MS_REMOUNT\|MS_BIND\|MS_RDONLY, "") == -1) {
		72	pr_perror("Failed to remount %s readonly", cgroup_path);
		73	return -1;
		74	--
		75	2.11.0
		76


diff --git a/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb b/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb index fc889053..e07b7410 100644 --- a/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb +++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
@@ -10,6 +10,7 @@ SRCREV = "1ac958a4197a9ea52174812fc7d7d036af8140d3"
10	SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \	10	SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \
11	file://0001-selinux-drop-selinux-support.patch \	11	file://0001-selinux-drop-selinux-support.patch \
12	file://0001-configure-drop-selinux-support.patch \	12	file://0001-configure-drop-selinux-support.patch \
		13	file://0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch \
13	"	14	"
14		15
15	PV = "0.0.1+git${SRCPV}"	16	PV = "0.0.1+git${SRCPV}"