From bb811bdbad0b994a1580e26e9379390edb00f991 Mon Sep 17 00:00:00 2001 From: Jason Wessel Date: Tue, 14 Nov 2017 07:52:06 -0800 Subject: oci-systemd-hook: Always pass through all the cgroup mounts If the root name space has additional cgroup mounts, pass them to the container. Signed-off-by: Jason Wessel Signed-off-by: Bruce Ashfield --- ...nal-cgroup-mounts-from-root-NS-automatica.patch | 76 ++++++++++++++++++++++ .../oci-systemd-hook/oci-systemd-hook_git.bb | 1 + 2 files changed, 77 insertions(+) create mode 100644 recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch diff --git a/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch new file mode 100644 index 00000000..753a77d1 --- /dev/null +++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch @@ -0,0 +1,76 @@ +From f59cddcedd6535e0b809ec9b4e95672d34b41a16 Mon Sep 17 00:00:00 2001 +From: Jason Wessel +Date: Tue, 14 Nov 2017 07:41:41 -0800 +Subject: [PATCH] Add additional cgroup mounts from root NS automatically + +Signed-off-by: Jason Wessel +--- + src/systemdhook.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 45 insertions(+) + +diff --git a/src/systemdhook.c b/src/systemdhook.c +index 78575ef..f735484 100644 +--- a/src/systemdhook.c ++++ b/src/systemdhook.c +@@ -238,6 +238,11 @@ static char *get_process_cgroup_subsystem_path(int pid, const char *subsystem) { + static int mount_cgroup(const char *rootfs, const char *options, char *systemd_path) + { + _cleanup_free_ char *cgroup_path = NULL; ++ char *spath, *dpath; ++ DIR *dir; ++ struct dirent *d; ++ char link[80]; ++ int got; + + if (asprintf(&cgroup_path, "%s/%s", rootfs, CGROUP_ROOT) < 0) { + pr_perror("Failed to create path for %s", CGROUP_ROOT); +@@ -256,6 +261,46 @@ static int mount_cgroup(const char *rootfs, const char *options, char *systemd_p + pr_perror("Failed to mkdir new dest: %s", systemd_path); + return -1; + } ++ /* Create all additional cgroup mounts which are in the root namespace */ ++ dir = opendir(CGROUP_ROOT); ++ if (!dir) { ++ pr_perror("Failed to open %s", CGROUP_ROOT); ++ return -1; ++ } ++ /* Skip "." and ".." */ ++ readdir(dir); ++ readdir(dir); ++ while ((d = readdir(dir))) { ++ /* Systemd is already handled above */ ++ if (strcmp(d->d_name, "systemd") == 0) { ++ continue; ++ } ++ if (asprintf(&spath, "%s/%s", CGROUP_ROOT, d->d_name) < 0) { ++ pr_perror("Failed to create path for %s", d->d_name); ++ return -1; ++ } ++ if (asprintf(&dpath, "%s%s/%s", rootfs, CGROUP_ROOT, d->d_name) < 0) { ++ pr_perror("Failed to create path for %s", d->d_name); ++ return -1; ++ } ++ got = readlink(spath, link, sizeof(link) - 1); ++ if (got > 0) { ++ link[got] = '\0'; ++ symlink(link, dpath); ++ } else { ++ if ((makepath(dpath, 0755) == -1) && (errno != EEXIST)) { ++ pr_perror("Failed to mkdir new dest: %s", dpath); ++ return -1; ++ } ++ if (bind_mount(spath, dpath, false)) { ++ pr_perror("Failed to bind mount %s on %s", spath, dpath); ++ return -1; ++ } ++ } ++ free(spath); ++ free(dpath); ++ } ++ closedir(dir); + if (mount(cgroup_path, cgroup_path, "bind", MS_REMOUNT|MS_BIND|MS_RDONLY, "") == -1) { + pr_perror("Failed to remount %s readonly", cgroup_path); + return -1; +-- +2.11.0 + diff --git a/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb b/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb index fc889053..e07b7410 100644 --- a/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb +++ b/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb @@ -10,6 +10,7 @@ SRCREV = "1ac958a4197a9ea52174812fc7d7d036af8140d3" SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \ file://0001-selinux-drop-selinux-support.patch \ file://0001-configure-drop-selinux-support.patch \ + file://0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch \ " PV = "0.0.1+git${SRCPV}" -- cgit v1.2.3-54-g00ecf