diff options
| author | Julia Kartseva <hex@fb.com> | 2021-03-02 01:56:04 +0100 |
|---|---|---|
| committer | Julia Kartseva <hex@fb.com> | 2021-04-10 05:28:47 +0200 |
| commit | b894ef1b712433e07cd5f11b8f84dfaa0ce5a4ef (patch) | |
| tree | 3d5b97e495031cab41c5b5213a74799b7fe71635 /src/core/cgroup.h | |
| parent | shared: bpf_attach_type {from,to} string (diff) | |
| download | systemd-b894ef1b712433e07cd5f11b8f84dfaa0ce5a4ef.tar.xz systemd-b894ef1b712433e07cd5f11b8f84dfaa0ce5a4ef.zip | |
cgroup: add foreign program to cgroup context
- Store foreign bpf programs in cgroup context. A program is considered
foreign if it was loaded to a kernel by an entity external to systemd,
so systemd is responsible only for attach and detach paths.
- Support the case of pinned bpf programs: pinning to bpffs so a program
is kept loaded to the kernel even when program fd is closed by a user
application is a common way to extend program's lifetime.
- Aadd linked list node struct with attach type and bpffs path
fields.
Diffstat (limited to '')
| -rw-r--r-- | src/core/cgroup.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/core/cgroup.h b/src/core/cgroup.h index fa79ba1523..be3060eba7 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h @@ -31,6 +31,7 @@ typedef struct CGroupIODeviceLimit CGroupIODeviceLimit; typedef struct CGroupIODeviceLatency CGroupIODeviceLatency; typedef struct CGroupBlockIODeviceWeight CGroupBlockIODeviceWeight; typedef struct CGroupBlockIODeviceBandwidth CGroupBlockIODeviceBandwidth; +typedef struct CGroupBPFForeignProgram CGroupBPFForeignProgram; typedef enum CGroupDevicePolicy { /* When devices listed, will allow those, plus built-in ones, if none are listed will allow @@ -94,6 +95,12 @@ struct CGroupBlockIODeviceBandwidth { uint64_t wbps; }; +struct CGroupBPFForeignProgram { + LIST_FIELDS(CGroupBPFForeignProgram, programs); + uint32_t attach_type; + char *bpffs_path; +}; + struct CGroupContext { bool cpu_accounting; bool io_accounting; @@ -142,6 +149,7 @@ struct CGroupContext { char **ip_filters_ingress; char **ip_filters_egress; + LIST_HEAD(CGroupBPFForeignProgram, bpf_foreign_programs); /* For legacy hierarchies */ uint64_t cpu_shares; @@ -202,8 +210,10 @@ void cgroup_context_free_io_device_limit(CGroupContext *c, CGroupIODeviceLimit * void cgroup_context_free_io_device_latency(CGroupContext *c, CGroupIODeviceLatency *l); void cgroup_context_free_blockio_device_weight(CGroupContext *c, CGroupBlockIODeviceWeight *w); void cgroup_context_free_blockio_device_bandwidth(CGroupContext *c, CGroupBlockIODeviceBandwidth *b); +void cgroup_context_remove_bpf_foreign_program(CGroupContext *c, CGroupBPFForeignProgram *p); int cgroup_add_device_allow(CGroupContext *c, const char *dev, const char *mode); +int cgroup_add_bpf_foreign_program(CGroupContext *c, uint32_t attach_type, const char *path); void cgroup_oomd_xattr_apply(Unit *u, const char *cgroup_path); |