[systemd-commits] 7 commits - TODO src/core src/nspawn src/shared src/test
Lennart Poettering
lennart at kemper.freedesktop.org
Mon Feb 17 15:52:52 CET 2014
TODO | 2
src/core/cgroup.c | 164 +++++++++++++++++++++++++++++++-------------
src/core/cgroup.h | 9 +-
src/core/dbus-mount.c | 2
src/core/dbus-scope.c | 2
src/core/dbus-service.c | 2
src/core/dbus-slice.c | 2
src/core/dbus-socket.c | 2
src/core/dbus-swap.c | 2
src/core/dbus-unit.c | 3
src/core/main.c | 6 +
src/core/unit.c | 65 ++++++++---------
src/core/unit.h | 5 +
src/nspawn/nspawn.c | 2
src/shared/cgroup-util.c | 15 +++-
src/shared/cgroup-util.h | 4 -
src/test/test-cgroup-mask.c | 48 +++++++++---
17 files changed, 233 insertions(+), 102 deletions(-)
New commits:
commit 3d0ce78b257dccda0e377dfef580abfa11437fe8
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Feb 17 15:52:32 2014 +0100
Update TODO
diff --git a/TODO b/TODO
index cae51af..e74aa7e 100644
--- a/TODO
+++ b/TODO
@@ -29,8 +29,6 @@ Preparation for 209:
* Review new libraries
-* Rework cgroup propagation logic
-
* libsystemd-journal returns the object created as first param in sd_journal_new(), sd_bus_new() and suchlike as last...
Features:
commit 03b90d4bade317c601bc22ccc700396ca6ba5a8e
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Feb 17 02:06:32 2014 +0100
core: find the closest parent slice that has a specfic cgroup controller enabled when enabling/disabling cgroup controllers for units
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index f0420eb..24d6ff6 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -448,9 +448,26 @@ void unit_update_cgroup_members_masks(Unit *u) {
}
}
+static const char *migrate_callback(CGroupControllerMask mask, void *userdata) {
+ Unit *u = userdata;
+
+ assert(mask != 0);
+ assert(u);
+
+ while (u) {
+ if (u->cgroup_path &&
+ u->cgroup_realized &&
+ (u->cgroup_realized_mask & mask) == mask)
+ return u->cgroup_path;
+
+ u = UNIT_DEREF(u->slice);
+ }
+
+ return NULL;
+}
+
static int unit_create_cgroups(Unit *u, CGroupControllerMask mask) {
- _cleanup_free_ char *path;
- bool was_in_hash = false;
+ _cleanup_free_ char *path = NULL;
int r;
assert(u);
@@ -460,38 +477,31 @@ static int unit_create_cgroups(Unit *u, CGroupControllerMask mask) {
return log_oom();
r = hashmap_put(u->manager->cgroup_unit, path, u);
- if (r == 0)
- was_in_hash = true;
- else if (r < 0) {
- log_error(r == -EEXIST ?
- "cgroup %s exists already: %s" : "hashmap_put failed for %s: %s",
- path, strerror(-r));
+ if (r < 0) {
+ log_error(r == -EEXIST ? "cgroup %s exists already: %s" : "hashmap_put failed for %s: %s", path, strerror(-r));
return r;
}
-
- /* First, create our own group */
- r = cg_create_everywhere(u->manager->cgroup_supported, mask, path);
- if (r < 0)
- log_error("Failed to create cgroup %s: %s", path, strerror(-r));
-
- /* Then, possibly move things over */
- if (u->cgroup_path) {
- r = cg_migrate_everywhere(u->manager->cgroup_supported, u->cgroup_path, path);
- if (r < 0)
- log_error("Failed to migrate cgroup from %s to %s: %s",
- u->cgroup_path, path, strerror(-r));
- }
-
- if (!was_in_hash) {
- /* Remember the new data */
- free(u->cgroup_path);
+ if (r > 0) {
u->cgroup_path = path;
path = NULL;
}
+ /* First, create our own group */
+ r = cg_create_everywhere(u->manager->cgroup_supported, mask, u->cgroup_path);
+ if (r < 0) {
+ log_error("Failed to create cgroup %s: %s", u->cgroup_path, strerror(-r));
+ return r;
+ }
+
+ /* Keep track that this is now realized */
u->cgroup_realized = true;
u->cgroup_realized_mask = mask;
+ /* Then, possibly move things over */
+ r = cg_migrate_everywhere(u->manager->cgroup_supported, u->cgroup_path, u->cgroup_path, migrate_callback, u);
+ if (r < 0)
+ log_warning("Failed to migrate cgroup from to %s: %s", u->cgroup_path, strerror(-r));
+
return 0;
}
diff --git a/src/shared/cgroup-util.c b/src/shared/cgroup-util.c
index 9692a07..1aa81c2 100644
--- a/src/shared/cgroup-util.c
+++ b/src/shared/cgroup-util.c
@@ -1668,7 +1668,7 @@ int cg_attach_many_everywhere(CGroupControllerMask supported, const char *path,
return r;
}
-int cg_migrate_everywhere(CGroupControllerMask supported, const char *from, const char *to) {
+int cg_migrate_everywhere(CGroupControllerMask supported, const char *from, const char *to, cg_migrate_callback_t to_callback, void *userdata) {
CGroupControllerMask bit = 1;
const char *n;
int r;
@@ -1680,8 +1680,17 @@ int cg_migrate_everywhere(CGroupControllerMask supported, const char *from, cons
}
NULSTR_FOREACH(n, mask_names) {
- if (supported & bit)
- cg_migrate_recursive_fallback(SYSTEMD_CGROUP_CONTROLLER, to, n, to, false, false);
+ if (supported & bit) {
+ const char *p = NULL;
+
+ if (to_callback)
+ p = to_callback(bit, userdata);
+
+ if (!p)
+ p = to;
+
+ cg_migrate_recursive_fallback(SYSTEMD_CGROUP_CONTROLLER, to, n, p, false, false);
+ }
bit <<= 1;
}
diff --git a/src/shared/cgroup-util.h b/src/shared/cgroup-util.h
index 743d902..aca4e44 100644
--- a/src/shared/cgroup-util.h
+++ b/src/shared/cgroup-util.h
@@ -122,10 +122,12 @@ bool cg_controller_is_valid(const char *p, bool allow_named);
int cg_slice_to_path(const char *unit, char **ret);
+typedef const char* (*cg_migrate_callback_t)(CGroupControllerMask mask, void *userdata);
+
int cg_create_everywhere(CGroupControllerMask supported, CGroupControllerMask mask, const char *path);
int cg_attach_everywhere(CGroupControllerMask supported, const char *path, pid_t pid);
int cg_attach_many_everywhere(CGroupControllerMask supported, const char *path, Set* pids);
-int cg_migrate_everywhere(CGroupControllerMask supported, const char *from, const char *to);
+int cg_migrate_everywhere(CGroupControllerMask supported, const char *from, const char *to, cg_migrate_callback_t callback, void *userdata);
int cg_trim_everywhere(CGroupControllerMask supported, const char *path, bool delete_root);
CGroupControllerMask cg_mask_supported(void);
commit 6d2357247b198314d972932415d65a42f83a9b6e
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Feb 17 01:58:33 2014 +0100
core: fix property changes in transient units
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index d4393e3..8156fda 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -910,9 +910,6 @@ int bus_unit_set_properties(
assert(u);
assert(message);
- if (u->transient)
- mode &= UNIT_RUNTIME;
-
/* We iterate through the array twice. First run we just check
* if all passed data is valid, second run actually applies
* it. This is to implement transaction-like behaviour without
diff --git a/src/core/unit.c b/src/core/unit.c
index 27d3be3..d529638 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -2860,7 +2860,6 @@ static int drop_in_file(Unit *u, UnitSetPropertiesMode mode, const char *name, c
assert(name);
assert(_p);
assert(_q);
- assert(mode & (UNIT_PERSISTENT|UNIT_RUNTIME));
b = xescape(name, "/.");
if (!b)
@@ -2879,7 +2878,7 @@ static int drop_in_file(Unit *u, UnitSetPropertiesMode mode, const char *name, c
return -ENOENT;
p = strjoin(c, "/", u->id, ".d", NULL);
- } else if (mode & UNIT_PERSISTENT)
+ } else if (mode == UNIT_PERSISTENT && !u->transient)
p = strjoin("/etc/systemd/system/", u->id, ".d", NULL);
else
p = strjoin("/run/systemd/system/", u->id, ".d", NULL);
@@ -2905,7 +2904,7 @@ int unit_write_drop_in(Unit *u, UnitSetPropertiesMode mode, const char *name, co
assert(name);
assert(data);
- if (!(mode & (UNIT_PERSISTENT|UNIT_RUNTIME)))
+ if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
return 0;
r = drop_in_file(u, mode, name, &p, &q);
@@ -2925,7 +2924,7 @@ int unit_write_drop_in_format(Unit *u, UnitSetPropertiesMode mode, const char *n
assert(name);
assert(format);
- if (!(mode & (UNIT_PERSISTENT|UNIT_RUNTIME)))
+ if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
return 0;
va_start(ap, format);
@@ -2948,7 +2947,7 @@ int unit_write_drop_in_private(Unit *u, UnitSetPropertiesMode mode, const char *
if (!UNIT_VTABLE(u)->private_section)
return -EINVAL;
- if (!(mode & (UNIT_PERSISTENT|UNIT_RUNTIME)))
+ if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
return 0;
ndata = strjoin("[", UNIT_VTABLE(u)->private_section, "]\n", data, NULL);
@@ -2967,7 +2966,7 @@ int unit_write_drop_in_private_format(Unit *u, UnitSetPropertiesMode mode, const
assert(name);
assert(format);
- if (!(mode & (UNIT_PERSISTENT|UNIT_RUNTIME)))
+ if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
return 0;
va_start(ap, format);
@@ -2986,7 +2985,7 @@ int unit_remove_drop_in(Unit *u, UnitSetPropertiesMode mode, const char *name) {
assert(u);
- if (!(mode & (UNIT_PERSISTENT|UNIT_RUNTIME)))
+ if (!IN_SET(mode, UNIT_PERSISTENT, UNIT_RUNTIME))
return 0;
r = drop_in_file(u, mode, name, &p, &q);
commit e954c9cfa687065244adebaa15314082ba6d7ec2
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Feb 17 01:19:08 2014 +0100
unit: slice dependencies should not be subject to DefaultDependencies
diff --git a/src/core/unit.c b/src/core/unit.c
index b91fcf1..27d3be3 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -947,7 +947,7 @@ int unit_add_default_target_dependency(Unit *u, Unit *target) {
return unit_add_dependency(target, UNIT_AFTER, u, true);
}
-static int unit_add_default_dependencies(Unit *u) {
+static int unit_add_target_dependencies(Unit *u) {
static const UnitDependency deps[] = {
UNIT_REQUIRED_BY,
@@ -958,8 +958,8 @@ static int unit_add_default_dependencies(Unit *u) {
Unit *target;
Iterator i;
- int r;
unsigned k;
+ int r;
assert(u);
@@ -970,20 +970,22 @@ static int unit_add_default_dependencies(Unit *u) {
return r;
}
- if (u->default_dependencies && unit_get_cgroup_context(u)) {
- if (UNIT_ISSET(u->slice))
- r = unit_add_two_dependencies(u, UNIT_AFTER, UNIT_WANTS, UNIT_DEREF(u->slice), true);
- else
- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, SPECIAL_ROOT_SLICE, NULL, true);
+ return r;
+}
- if (r < 0)
- return r;
- }
+static int unit_add_slice_dependencies(Unit *u) {
+ assert(u);
- return 0;
+ if (!unit_get_cgroup_context(u))
+ return 0;
+
+ if (UNIT_ISSET(u->slice))
+ return unit_add_two_dependencies(u, UNIT_AFTER, UNIT_WANTS, UNIT_DEREF(u->slice), true);
+
+ return unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, SPECIAL_ROOT_SLICE, NULL, true);
}
-static int unit_add_mount_links(Unit *u) {
+static int unit_add_mount_dependencies(Unit *u) {
char **i;
int r;
@@ -1050,13 +1052,15 @@ int unit_load(Unit *u) {
if (u->load_state == UNIT_LOADED) {
- if (u->default_dependencies) {
- r = unit_add_default_dependencies(u);
- if (r < 0)
- goto fail;
- }
+ r = unit_add_target_dependencies(u);
+ if (r < 0)
+ goto fail;
+
+ r = unit_add_slice_dependencies(u);
+ if (r < 0)
+ goto fail;
- r = unit_add_mount_links(u);
+ r = unit_add_mount_dependencies(u);
if (r < 0)
goto fail;
commit 8a8bf3c045d50917cea76ae5a6e659fca0c03e03
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Feb 17 01:14:14 2014 +0100
main: don't set no_new_privs when using SystemCallArchitectures= system-wide
After all, we want to allow userspace to get new privs...
diff --git a/src/core/main.c b/src/core/main.c
index ed64dd1..b5bb3f6 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1191,6 +1191,12 @@ static int enforce_syscall_archs(Set *archs) {
}
}
+ r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
+ if (r < 0) {
+ log_error("Failed to unset NO_NEW_PRIVS: %s", strerror(-r));
+ goto finish;
+ }
+
r = seccomp_load(seccomp);
if (r < 0)
log_error("Failed to add install architecture seccomp: %s", strerror(-r));
commit 37c47eb7098cd39733de83c98d06fb67870bb825
Author: Lennart Poettering <lennart at poettering.net>
Date: Sun Feb 16 22:20:19 2014 +0100
nspawn: netns_fd can be removed now
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 01e8611..c003bd4 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1554,7 +1554,7 @@ finish:
int main(int argc, char *argv[]) {
- _cleanup_close_ int master = -1, kdbus_fd = -1, sync_fd = -1, netns_fd = -1;
+ _cleanup_close_ int master = -1, kdbus_fd = -1, sync_fd = -1;
_cleanup_close_pipe_ int kmsg_socket_pair[2] = { -1, -1 };
_cleanup_free_ char *kdbus_domain = NULL;
_cleanup_fdset_free_ FDSet *fds = NULL;
commit bc432dc7eb62c5671f2b741a86a66393adb350dc
Author: Lennart Poettering <lennart at poettering.net>
Date: Fri Feb 14 19:11:07 2014 +0100
core: rework cgroup mask propagation
Previously a cgroup setting down tree would result in cgroup membership
additions being propagated up the tree and to the siblings, however a
unit could never lose cgroup memberships again. With this change we'll
make sure that both cgroup additions and removals propagate properly.
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index c2b1b7d..f0420eb 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -335,7 +335,7 @@ CGroupControllerMask cgroup_context_get_mask(CGroupContext *c) {
return mask;
}
-static CGroupControllerMask unit_get_cgroup_mask(Unit *u) {
+CGroupControllerMask unit_get_cgroup_mask(Unit *u) {
CGroupContext *c;
c = unit_get_cgroup_context(u);
@@ -345,24 +345,52 @@ static CGroupControllerMask unit_get_cgroup_mask(Unit *u) {
return cgroup_context_get_mask(c);
}
-static CGroupControllerMask unit_get_members_mask(Unit *u) {
+CGroupControllerMask unit_get_members_mask(Unit *u) {
assert(u);
+
+ if (u->cgroup_members_mask_valid)
+ return u->cgroup_members_mask;
+
+ u->cgroup_members_mask = 0;
+
+ if (u->type == UNIT_SLICE) {
+ Unit *member;
+ Iterator i;
+
+ SET_FOREACH(member, u->dependencies[UNIT_BEFORE], i) {
+
+ if (member == u)
+ continue;
+
+ if (UNIT_DEREF(member->slice) != u)
+ continue;
+
+ u->cgroup_members_mask |=
+ unit_get_cgroup_mask(member) |
+ unit_get_members_mask(member);
+ }
+ }
+
+ u->cgroup_members_mask_valid = true;
return u->cgroup_members_mask;
}
-static CGroupControllerMask unit_get_siblings_mask(Unit *u) {
+CGroupControllerMask unit_get_siblings_mask(Unit *u) {
+ CGroupControllerMask m;
+
assert(u);
- if (!UNIT_ISSET(u->slice))
- return 0;
+ if (UNIT_ISSET(u->slice))
+ m = unit_get_members_mask(UNIT_DEREF(u->slice));
+ else
+ m = unit_get_cgroup_mask(u) | unit_get_members_mask(u);
/* Sibling propagation is only relevant for weight-based
* controllers, so let's mask out everything else */
- return unit_get_members_mask(UNIT_DEREF(u->slice)) &
- (CGROUP_CPU|CGROUP_BLKIO|CGROUP_CPUACCT);
+ return m & (CGROUP_CPU|CGROUP_BLKIO|CGROUP_CPUACCT);
}
-static CGroupControllerMask unit_get_target_mask(Unit *u) {
+CGroupControllerMask unit_get_target_mask(Unit *u) {
CGroupControllerMask mask;
mask = unit_get_cgroup_mask(u) | unit_get_members_mask(u) | unit_get_siblings_mask(u);
@@ -373,19 +401,57 @@ static CGroupControllerMask unit_get_target_mask(Unit *u) {
/* Recurse from a unit up through its containing slices, propagating
* mask bits upward. A unit is also member of itself. */
-void unit_update_member_masks(Unit *u) {
- u->cgroup_members_mask |= unit_get_cgroup_mask(u);
+void unit_update_cgroup_members_masks(Unit *u) {
+ CGroupControllerMask m;
+ bool more;
+
+ assert(u);
+
+ /* Calculate subtree mask */
+ m = unit_get_cgroup_mask(u) | unit_get_members_mask(u);
+
+ /* See if anything changed from the previous invocation. If
+ * not, we're done. */
+ if (u->cgroup_subtree_mask_valid && m == u->cgroup_subtree_mask)
+ return;
+
+ more =
+ u->cgroup_subtree_mask_valid &&
+ ((m & ~u->cgroup_subtree_mask) != 0) &&
+ ((~m & u->cgroup_subtree_mask) == 0);
+
+ u->cgroup_subtree_mask = m;
+ u->cgroup_subtree_mask_valid = true;
+
if (UNIT_ISSET(u->slice)) {
Unit *s = UNIT_DEREF(u->slice);
- s->cgroup_members_mask |= u->cgroup_members_mask;
- unit_update_member_masks(s);
+
+ if (more)
+ /* There's more set now than before. We
+ * propagate the new mask to the parent's mask
+ * (not caring if it actually was valid or
+ * not). */
+
+ s->cgroup_members_mask |= m;
+
+ else
+ /* There's less set now than before (or we
+ * don't know), we need to recalculate
+ * everything, so let's invalidate the
+ * parent's members mask */
+
+ s->cgroup_members_mask_valid = false;
+
+ /* And now make sure that this change also hits our
+ * grandparents */
+ unit_update_cgroup_members_masks(s);
}
}
static int unit_create_cgroups(Unit *u, CGroupControllerMask mask) {
_cleanup_free_ char *path;
- int r;
bool was_in_hash = false;
+ int r;
assert(u);
@@ -424,13 +490,15 @@ static int unit_create_cgroups(Unit *u, CGroupControllerMask mask) {
}
u->cgroup_realized = true;
- u->cgroup_mask = mask;
+ u->cgroup_realized_mask = mask;
return 0;
}
static bool unit_has_mask_realized(Unit *u, CGroupControllerMask mask) {
- return u->cgroup_realized && u->cgroup_mask == mask;
+ assert(u);
+
+ return u->cgroup_realized && u->cgroup_realized_mask == mask;
}
/* Check if necessary controllers and attributes for a unit are in place.
@@ -452,7 +520,6 @@ static int unit_realize_cgroup_now(Unit *u) {
mask = unit_get_target_mask(u);
- /* TODO: Consider skipping this check. It may be redundant. */
if (unit_has_mask_realized(u, mask))
return 0;
@@ -541,7 +608,6 @@ static void unit_queue_siblings(Unit *u) {
int unit_realize_cgroup(Unit *u) {
CGroupContext *c;
- int r;
assert(u);
@@ -564,9 +630,7 @@ int unit_realize_cgroup(Unit *u) {
unit_queue_siblings(u);
/* And realize this one now (and apply the values) */
- r = unit_realize_cgroup_now(u);
-
- return r;
+ return unit_realize_cgroup_now(u);
}
void unit_destroy_cgroup(Unit *u) {
@@ -586,7 +650,7 @@ void unit_destroy_cgroup(Unit *u) {
free(u->cgroup_path);
u->cgroup_path = NULL;
u->cgroup_realized = false;
- u->cgroup_mask = 0;
+ u->cgroup_realized_mask = 0;
}
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 25f40f7..be717ad 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -90,12 +90,19 @@ void cgroup_context_init(CGroupContext *c);
void cgroup_context_done(CGroupContext *c);
void cgroup_context_dump(CGroupContext *c, FILE* f, const char *prefix);
void cgroup_context_apply(CGroupContext *c, CGroupControllerMask mask, const char *path);
+
CGroupControllerMask cgroup_context_get_mask(CGroupContext *c);
void cgroup_context_free_device_allow(CGroupContext *c, CGroupDeviceAllow *a);
void cgroup_context_free_blockio_device_weight(CGroupContext *c, CGroupBlockIODeviceWeight *w);
void cgroup_context_free_blockio_device_bandwidth(CGroupContext *c, CGroupBlockIODeviceBandwidth *b);
+CGroupControllerMask unit_get_cgroup_mask(Unit *u);
+CGroupControllerMask unit_get_siblings_mask(Unit *u);
+CGroupControllerMask unit_get_members_mask(Unit *u);
+CGroupControllerMask unit_get_target_mask(Unit *u);
+
+void unit_update_cgroup_members_masks(Unit *u);
int unit_realize_cgroup(Unit *u);
void unit_destroy_cgroup(Unit *u);
@@ -113,5 +120,3 @@ int manager_notify_cgroup_empty(Manager *m, const char *group);
const char* cgroup_device_policy_to_string(CGroupDevicePolicy i) _const_;
CGroupDevicePolicy cgroup_device_policy_from_string(const char *s) _pure_;
-
-void unit_update_member_masks(Unit *u);
diff --git a/src/core/dbus-mount.c b/src/core/dbus-mount.c
index 28f0e90..e64d3ea 100644
--- a/src/core/dbus-mount.c
+++ b/src/core/dbus-mount.c
@@ -143,6 +143,8 @@ int bus_mount_set_property(
int bus_mount_commit_properties(Unit *u) {
assert(u);
+ unit_update_cgroup_members_masks(u);
unit_realize_cgroup(u);
+
return 0;
}
diff --git a/src/core/dbus-scope.c b/src/core/dbus-scope.c
index d025696..73b7bbf 100644
--- a/src/core/dbus-scope.c
+++ b/src/core/dbus-scope.c
@@ -187,7 +187,9 @@ int bus_scope_set_property(
int bus_scope_commit_properties(Unit *u) {
assert(u);
+ unit_update_cgroup_members_masks(u);
unit_realize_cgroup(u);
+
return 0;
}
diff --git a/src/core/dbus-service.c b/src/core/dbus-service.c
index 73cf175..0451790 100644
--- a/src/core/dbus-service.c
+++ b/src/core/dbus-service.c
@@ -258,6 +258,8 @@ int bus_service_set_property(
int bus_service_commit_properties(Unit *u) {
assert(u);
+ unit_update_cgroup_members_masks(u);
unit_realize_cgroup(u);
+
return 0;
}
diff --git a/src/core/dbus-slice.c b/src/core/dbus-slice.c
index 2a48ea4..8bc90b1 100644
--- a/src/core/dbus-slice.c
+++ b/src/core/dbus-slice.c
@@ -48,6 +48,8 @@ int bus_slice_set_property(
int bus_slice_commit_properties(Unit *u) {
assert(u);
+ unit_update_cgroup_members_masks(u);
unit_realize_cgroup(u);
+
return 0;
}
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index bb9d419..67a5627 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -145,6 +145,8 @@ int bus_socket_set_property(
int bus_socket_commit_properties(Unit *u) {
assert(u);
+ unit_update_cgroup_members_masks(u);
unit_realize_cgroup(u);
+
return 0;
}
diff --git a/src/core/dbus-swap.c b/src/core/dbus-swap.c
index 7bd05db..93eae53 100644
--- a/src/core/dbus-swap.c
+++ b/src/core/dbus-swap.c
@@ -88,6 +88,8 @@ int bus_swap_set_property(
int bus_swap_commit_properties(Unit *u) {
assert(u);
+ unit_update_cgroup_members_masks(u);
unit_realize_cgroup(u);
+
return 0;
}
diff --git a/src/core/unit.c b/src/core/unit.c
index 0277675..b91fcf1 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -778,7 +778,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) {
prefix, strna(unit_slice_name(u)),
prefix, strna(u->cgroup_path),
prefix, yes_no(u->cgroup_realized),
- prefix, u->cgroup_mask,
+ prefix, u->cgroup_realized_mask,
prefix, u->cgroup_members_mask);
SET_FOREACH(t, u->names, i)
@@ -1056,21 +1056,17 @@ int unit_load(Unit *u) {
goto fail;
}
- unit_update_member_masks(u);
-
r = unit_add_mount_links(u);
if (r < 0)
goto fail;
- if (u->on_failure_job_mode == JOB_ISOLATE &&
- set_size(u->dependencies[UNIT_ON_FAILURE]) > 1) {
-
- log_error_unit(u->id,
- "More than one OnFailure= dependencies specified for %s but OnFailureJobMode=isolate set. Refusing.", u->id);
-
+ if (u->on_failure_job_mode == JOB_ISOLATE && set_size(u->dependencies[UNIT_ON_FAILURE]) > 1) {
+ log_error_unit(u->id, "More than one OnFailure= dependencies specified for %s but OnFailureJobMode=isolate set. Refusing.", u->id);
r = -EINVAL;
goto fail;
}
+
+ unit_update_cgroup_members_masks(u);
}
assert((u->load_state != UNIT_MERGED) == !u->merged_into);
diff --git a/src/core/unit.h b/src/core/unit.h
index c104a8a..808929e 100644
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -177,7 +177,8 @@ struct Unit {
/* Counterparts in the cgroup filesystem */
char *cgroup_path;
- CGroupControllerMask cgroup_mask;
+ CGroupControllerMask cgroup_realized_mask;
+ CGroupControllerMask cgroup_subtree_mask;
CGroupControllerMask cgroup_members_mask;
UnitRef slice;
@@ -266,6 +267,8 @@ struct Unit {
bool in_audit:1;
bool cgroup_realized:1;
+ bool cgroup_members_mask_valid:1;
+ bool cgroup_subtree_mask_valid:1;
};
struct UnitStatusMessageFormats {
diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c
index 99c8cee..3414ed4 100644
--- a/src/test/test-cgroup-mask.c
+++ b/src/test/test-cgroup-mask.c
@@ -33,7 +33,7 @@
static int test_cgroup_mask(void) {
Manager *m;
- Unit *son, *daughter, *parent, *root;
+ Unit *son, *daughter, *parent, *root, *grandchild, *parent_deep;
FILE *serial = NULL;
FDSet *fdset = NULL;
int r;
@@ -53,24 +53,50 @@ static int test_cgroup_mask(void) {
assert_se(manager_load_unit(m, "parent.slice", NULL, NULL, &parent) >= 0);
assert_se(manager_load_unit(m, "son.service", NULL, NULL, &son) >= 0);
assert_se(manager_load_unit(m, "daughter.service", NULL, NULL, &daughter) >= 0);
+ assert_se(manager_load_unit(m, "grandchild.service", NULL, NULL, &grandchild) >= 0);
+ assert_se(manager_load_unit(m, "parent-deep.slice", NULL, NULL, &parent_deep) >= 0);
assert(parent->load_state == UNIT_LOADED);
assert(son->load_state == UNIT_LOADED);
assert(daughter->load_state == UNIT_LOADED);
+ assert(grandchild->load_state == UNIT_LOADED);
+ assert(parent_deep->load_state == UNIT_LOADED);
assert(UNIT_DEREF(son->slice) == parent);
assert(UNIT_DEREF(daughter->slice) == parent);
+ assert(UNIT_DEREF(parent_deep->slice) == parent);
+ assert(UNIT_DEREF(grandchild->slice) == parent_deep);
root = UNIT_DEREF(parent->slice);
/* Verify per-unit cgroups settings. */
- assert(cgroup_context_get_mask(unit_get_cgroup_context(son)) == (CGROUP_CPU | CGROUP_CPUACCT));
- assert(cgroup_context_get_mask(unit_get_cgroup_context(daughter)) == 0);
- assert(cgroup_context_get_mask(unit_get_cgroup_context(parent)) == CGROUP_BLKIO);
- assert(cgroup_context_get_mask(unit_get_cgroup_context(root)) == 0);
-
- /* Verify aggregation of controller masks. */
- assert(son->cgroup_members_mask == (CGROUP_CPU | CGROUP_CPUACCT));
- assert(daughter->cgroup_members_mask == 0);
- assert(parent->cgroup_members_mask == (CGROUP_CPU | CGROUP_CPUACCT | CGROUP_BLKIO));
- assert(root->cgroup_members_mask == (CGROUP_CPU | CGROUP_CPUACCT | CGROUP_BLKIO));
+ assert(unit_get_cgroup_mask(son) == (CGROUP_CPU | CGROUP_CPUACCT));
+ assert(unit_get_cgroup_mask(daughter) == 0);
+ assert(unit_get_cgroup_mask(grandchild) == 0);
+ assert(unit_get_cgroup_mask(parent_deep) == CGROUP_MEMORY);
+ assert(unit_get_cgroup_mask(parent) == CGROUP_BLKIO);
+ assert(unit_get_cgroup_mask(root) == 0);
+
+ /* Verify aggregation of member masks */
+ assert(unit_get_members_mask(son) == 0);
+ assert(unit_get_members_mask(daughter) == 0);
+ assert(unit_get_members_mask(grandchild) == 0);
+ assert(unit_get_members_mask(parent_deep) == 0);
+ assert(unit_get_members_mask(parent) == (CGROUP_CPU | CGROUP_CPUACCT | CGROUP_MEMORY));
+ assert(unit_get_members_mask(root) == (CGROUP_CPU | CGROUP_CPUACCT | CGROUP_BLKIO | CGROUP_MEMORY));
+
+ /* Verify aggregation of sibling masks. */
+ assert(unit_get_siblings_mask(son) == (CGROUP_CPU | CGROUP_CPUACCT));
+ assert(unit_get_siblings_mask(daughter) == (CGROUP_CPU | CGROUP_CPUACCT));
+ assert(unit_get_siblings_mask(grandchild) == 0);
+ assert(unit_get_siblings_mask(parent_deep) == (CGROUP_CPU | CGROUP_CPUACCT));
+ assert(unit_get_siblings_mask(parent) == (CGROUP_CPU | CGROUP_CPUACCT | CGROUP_BLKIO));
+ assert(unit_get_siblings_mask(root) == (CGROUP_CPU | CGROUP_CPUACCT | CGROUP_BLKIO));
+
+ /* Verify aggregation of target masks. */
+ assert(unit_get_target_mask(son) == (CGROUP_CPU | CGROUP_CPUACCT));
+ assert(unit_get_target_mask(daughter) == (CGROUP_CPU | CGROUP_CPUACCT));
+ assert(unit_get_target_mask(grandchild) == 0);
+ assert(unit_get_target_mask(parent_deep) == (CGROUP_CPU | CGROUP_CPUACCT | CGROUP_MEMORY));
+ assert(unit_get_target_mask(parent) == (CGROUP_CPU | CGROUP_CPUACCT | CGROUP_BLKIO | CGROUP_MEMORY));
+ assert(unit_get_target_mask(root) == (CGROUP_CPU | CGROUP_CPUACCT | CGROUP_BLKIO | CGROUP_MEMORY));
manager_free(m);
More information about the systemd-commits
mailing list