diff options
| author | Lennart Poettering <lennart@poettering.net> | 2018-11-15 21:07:43 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2018-11-16 14:54:13 +0100 |
| commit | 143fadf369a18449464956206226761e49be1928 (patch) | |
| tree | 9ff2d69cbebfba21bb18465ae861556443bc159c /src/core | |
| parent | core: fix capitalization of CPUShares= settings (diff) | |
| download | systemd-143fadf369a18449464956206226761e49be1928.tar.xz systemd-143fadf369a18449464956206226761e49be1928.zip | |
core: remove JoinControllers= configuration setting
This removes the ability to configure which cgroup controllers to mount
together. Instead, we'll now hardcode that "cpu" and "cpuacct" are
mounted together as well as "net_cls" and "net_prio".
The concept of mounting controllers together has no future as it does
not exist to cgroupsv2. Moreover, the current logic is systematically
broken, as revealed by the discussions in #10507. Also, we surveyed Red
Hat customers and couldn't find a single user of the concept (which
isn't particularly surprising, as it is broken...)
This reduced the (already way too complex) cgroup handling for us, since
we now know whenever we make a change to a cgroup for one controller to
which other controllers it applies.
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/main.c | 6 | ||||
| -rw-r--r-- | src/core/mount-setup.c | 150 | ||||
| -rw-r--r-- | src/core/mount-setup.h | 2 | ||||
| -rw-r--r-- | src/core/system.conf.in | 1 |
4 files changed, 82 insertions, 77 deletions
diff --git a/src/core/main.c b/src/core/main.c index 11537c8140..cabcb9ec16 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -100,7 +100,6 @@ static ShowStatus arg_show_status = _SHOW_STATUS_INVALID; static bool arg_switched_root = false; static PagerFlags arg_pager_flags = 0; static bool arg_service_watchdogs = true; -static char ***arg_join_controllers = NULL; static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL; static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT; static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC; @@ -667,7 +666,7 @@ static int parse_config_file(void) { { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot }, { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status }, { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, NULL }, - { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers }, + { "Manager", "JoinControllers", config_parse_warn_compat, DISABLED_CONFIGURATION, NULL }, { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog }, { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog }, { "Manager", "WatchdogDevice", config_parse_path, 0, &arg_watchdog_device }, @@ -1956,7 +1955,7 @@ static int initialize_runtime( install_crash_handler(); if (!skip_setup) { - r = mount_cgroup_controllers(arg_join_controllers); + r = mount_cgroup_controllers(); if (r < 0) { *ret_error_message = "Failed to mount cgroup hierarchies"; return r; @@ -2081,7 +2080,6 @@ static void free_arguments(void) { arg_default_unit = mfree(arg_default_unit); arg_confirm_spawn = mfree(arg_confirm_spawn); - arg_join_controllers = strv_free_free(arg_join_controllers); arg_default_environment = strv_free(arg_default_environment); arg_syscall_archs = set_free(arg_syscall_archs); } diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index 16880e6157..e15d94d98a 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -229,76 +229,105 @@ int mount_setup_early(void) { return mount_points_setup(N_EARLY_MOUNT, false); } -int mount_cgroup_controllers(char ***join_controllers) { +static const char *join_with(const char *controller) { + + static const char* const pairs[] = { + "cpu", "cpuacct", + "net_cls", "net_prio", + NULL + }; + + const char *const *x, *const *y; + + assert(controller); + + /* This will lookup which controller to mount another controller with. Input is a controller name, and output + * is the other controller name. The function works both ways: you can input one and get the other, and input + * the other to get the one. */ + + STRV_FOREACH_PAIR(x, y, pairs) { + if (streq(controller, *x)) + return *y; + if (streq(controller, *y)) + return *x; + } + + return NULL; +} + +static int symlink_controller(const char *target, const char *alias) { + const char *a; + int r; + + assert(target); + assert(alias); + + a = strjoina("/sys/fs/cgroup/", alias); + + r = symlink_idempotent(target, a, false); + if (r < 0) + return log_error_errno(r, "Failed to create symlink %s: %m", a); + +#ifdef SMACK_RUN_LABEL + const char *p; + + p = strjoina("/sys/fs/cgroup/", target); + + r = mac_smack_copy(a, p); + if (r < 0 && r != -EOPNOTSUPP) + return log_error_errno(r, "Failed to copy smack label from %s to %s: %m", p, a); +#endif + + return 0; +} + +int mount_cgroup_controllers(void) { _cleanup_set_free_free_ Set *controllers = NULL; - bool has_argument = !!join_controllers; int r; if (!cg_is_legacy_wanted()) return 0; /* Mount all available cgroup controllers that are built into the kernel. */ - - if (!has_argument) - /* The defaults: - * mount "cpu" + "cpuacct" together, and "net_cls" + "net_prio". - * - * We'd like to add "cpuset" to the mix, but "cpuset" doesn't really - * work for groups with no initialized attributes. - */ - join_controllers = (char**[]) { - STRV_MAKE("cpu", "cpuacct"), - STRV_MAKE("net_cls", "net_prio"), - NULL, - }; - r = cg_kernel_controllers(&controllers); if (r < 0) return log_error_errno(r, "Failed to enumerate cgroup controllers: %m"); for (;;) { _cleanup_free_ char *options = NULL, *controller = NULL, *where = NULL; + const char *other_controller; MountPoint p = { .what = "cgroup", .type = "cgroup", .flags = MS_NOSUID|MS_NOEXEC|MS_NODEV, .mode = MNT_IN_CONTAINER, }; - char ***k = NULL; controller = set_steal_first(controllers); if (!controller) break; - for (k = join_controllers; *k; k++) - if (strv_find(*k, controller)) - break; - - if (*k) { - char **i, **j; - - for (i = *k, j = *k; *i; i++) { - - if (!streq(*i, controller)) { - _cleanup_free_ char *t; - - t = set_remove(controllers, *i); - if (!t) { - if (has_argument) - free(*i); - continue; - } - } - - *(j++) = *i; + /* Check if we shall mount this together with another controller */ + other_controller = join_with(controller); + if (other_controller) { + _cleanup_free_ char *c = NULL; + + /* Check if the other controller is actually available in the kernel too */ + c = set_remove(controllers, other_controller); + if (c) { + + /* Join the two controllers into one string, and maintain a stable ordering */ + if (strcmp(controller, other_controller) < 0) + options = strjoin(controller, ",", other_controller); + else + options = strjoin(other_controller, ",", controller); + if (!options) + return log_oom(); } + } - *j = NULL; - - options = strv_join(*k, ","); - if (!options) - return log_oom(); - } else + /* The simple case, where there's only one controller to mount together */ + if (!options) options = TAKE_PTR(controller); where = strappend("/sys/fs/cgroup/", options); @@ -312,35 +341,14 @@ int mount_cgroup_controllers(char ***join_controllers) { if (r < 0) return r; - if (r > 0 && *k) { - char **i; - - for (i = *k; *i; i++) { - _cleanup_free_ char *t = NULL; - - t = strappend("/sys/fs/cgroup/", *i); - if (!t) - return log_oom(); - - r = symlink(options, t); - if (r >= 0) { -#ifdef SMACK_RUN_LABEL - _cleanup_free_ char *src; - src = strappend("/sys/fs/cgroup/", options); - if (!src) - return log_oom(); - r = mac_smack_copy(t, src); - if (r < 0 && r != -EOPNOTSUPP) - return log_error_errno(r, "Failed to copy smack label from %s to %s: %m", src, t); -#endif - } else if (errno != EEXIST) - return log_error_errno(errno, "Failed to create symlink %s: %m", t); - } - } + /* Create symlinks from the individual controller names, in case we have a joined mount */ + if (controller) + (void) symlink_controller(options, controller); + if (other_controller) + (void) symlink_controller(options, other_controller); } - /* Now that we mounted everything, let's make the tmpfs the - * cgroup file systems are mounted into read-only. */ + /* Now that we mounted everything, let's make the tmpfs the cgroup file systems are mounted into read-only. */ (void) mount("tmpfs", "/sys/fs/cgroup", "tmpfs", MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755"); return 0; diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h index 43cd8908de..b4ca2cf4b4 100644 --- a/src/core/mount-setup.h +++ b/src/core/mount-setup.h @@ -6,7 +6,7 @@ int mount_setup_early(void); int mount_setup(bool loaded_policy); -int mount_cgroup_controllers(char ***join_controllers); +int mount_cgroup_controllers(void); bool mount_point_is_api(const char *path); bool mount_point_ignore(const char *path); diff --git a/src/core/system.conf.in b/src/core/system.conf.in index ef1bbbd948..0a58737b82 100644 --- a/src/core/system.conf.in +++ b/src/core/system.conf.in @@ -23,7 +23,6 @@ #CrashReboot=no #CtrlAltDelBurstAction=reboot-force #CPUAffinity=1 2 -#JoinControllers=cpu,cpuacct net_cls,net_prio #RuntimeWatchdogSec=0 #ShutdownWatchdogSec=10min #WatchdogDevice= |