summaryrefslogtreecommitdiff
path: root/src/core/dbus-unit.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2013-06-27 04:14:27 +0200
committerLennart Poettering <lennart@poettering.net>2013-06-27 04:17:34 +0200
commit4ad490007b70e6ac18d3cb04fa2ed92eba1451fa (patch)
tree20c7aab57b1f2722be1a057a28a6e7c16788c976 /src/core/dbus-unit.c
parentabb26902e424c4142b68ead35676028b12249b77 (diff)
core: general cgroup rework
Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
Diffstat (limited to 'src/core/dbus-unit.c')
-rw-r--r--src/core/dbus-unit.c530
1 files changed, 1 insertions, 529 deletions
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 8a7ab349d1..cbd41342f4 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -295,90 +295,6 @@ static int bus_unit_append_job(DBusMessageIter *i, const char *property, void *d
return 0;
}
-static int bus_unit_append_default_cgroup(DBusMessageIter *i, const char *property, void *data) {
- Unit *u = data;
- char *t;
- CGroupBonding *cgb;
- bool success;
-
- assert(i);
- assert(property);
- assert(u);
-
- cgb = unit_get_default_cgroup(u);
- if (cgb) {
- t = cgroup_bonding_to_string(cgb);
- if (!t)
- return -ENOMEM;
- } else
- t = (char*) "";
-
- success = dbus_message_iter_append_basic(i, DBUS_TYPE_STRING, &t);
-
- if (cgb)
- free(t);
-
- return success ? 0 : -ENOMEM;
-}
-
-static int bus_unit_append_cgroups(DBusMessageIter *i, const char *property, void *data) {
- Unit *u = data;
- CGroupBonding *cgb;
- DBusMessageIter sub;
-
- if (!dbus_message_iter_open_container(i, DBUS_TYPE_ARRAY, "s", &sub))
- return -ENOMEM;
-
- LIST_FOREACH(by_unit, cgb, u->cgroup_bondings) {
- _cleanup_free_ char *t = NULL;
- bool success;
-
- t = cgroup_bonding_to_string(cgb);
- if (!t)
- return -ENOMEM;
-
- success = dbus_message_iter_append_basic(&sub, DBUS_TYPE_STRING, &t);
- if (!success)
- return -ENOMEM;
- }
-
- if (!dbus_message_iter_close_container(i, &sub))
- return -ENOMEM;
-
- return 0;
-}
-
-static int bus_unit_append_cgroup_attrs(DBusMessageIter *i, const char *property, void *data) {
- Unit *u = data;
- CGroupAttribute *a;
- DBusMessageIter sub, sub2;
-
- if (!dbus_message_iter_open_container(i, DBUS_TYPE_ARRAY, "(sss)", &sub))
- return -ENOMEM;
-
- LIST_FOREACH(by_unit, a, u->cgroup_attributes) {
- _cleanup_free_ char *v = NULL;
- bool success;
-
- if (a->semantics && a->semantics->map_write)
- a->semantics->map_write(a->semantics, a->value, &v);
-
- success =
- dbus_message_iter_open_container(&sub, DBUS_TYPE_STRUCT, NULL, &sub2) &&
- dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, &a->controller) &&
- dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, &a->name) &&
- dbus_message_iter_append_basic(&sub2, DBUS_TYPE_STRING, v ? &v : &a->value) &&
- dbus_message_iter_close_container(&sub, &sub2);
- if (!success)
- return -ENOMEM;
- }
-
- if (!dbus_message_iter_close_container(i, &sub))
- return -ENOMEM;
-
- return 0;
-}
-
static int bus_unit_append_need_daemon_reload(DBusMessageIter *i, const char *property, void *data) {
Unit *u = data;
dbus_bool_t b;
@@ -488,90 +404,6 @@ static DBusHandlerResult bus_unit_message_dispatch(Unit *u, DBusConnection *conn
if (!reply)
goto oom;
- } else if (streq_ptr(dbus_message_get_member(message), "SetControlGroup")) {
- DBusMessageIter iter;
-
- SELINUX_UNIT_ACCESS_CHECK(u, connection, message, "start");
-
- if (!dbus_message_iter_init(message, &iter))
- goto oom;
-
- r = bus_unit_cgroup_set(u, &iter);
- if (r < 0)
- return bus_send_error_reply(connection, message, NULL, r);
-
- reply = dbus_message_new_method_return(message);
- if (!reply)
- goto oom;
-
- } else if (streq_ptr(dbus_message_get_member(message), "UnsetControlGroup")) {
- DBusMessageIter iter;
-
- SELINUX_UNIT_ACCESS_CHECK(u, connection, message, "stop");
-
- if (!dbus_message_iter_init(message, &iter))
- goto oom;
-
- r = bus_unit_cgroup_unset(u, &iter);
- if (r < 0)
- return bus_send_error_reply(connection, message, NULL, r);
-
- reply = dbus_message_new_method_return(message);
- if (!reply)
- goto oom;
- } else if (streq_ptr(dbus_message_get_member(message), "GetControlGroupAttribute")) {
- DBusMessageIter iter;
- _cleanup_strv_free_ char **list = NULL;
-
- SELINUX_UNIT_ACCESS_CHECK(u, connection, message, "status");
-
- if (!dbus_message_iter_init(message, &iter))
- goto oom;
-
- r = bus_unit_cgroup_attribute_get(u, &iter, &list);
- if (r < 0)
- return bus_send_error_reply(connection, message, NULL, r);
-
- reply = dbus_message_new_method_return(message);
- if (!reply)
- goto oom;
-
- dbus_message_iter_init_append(reply, &iter);
- if (bus_append_strv_iter(&iter, list) < 0)
- goto oom;
-
- } else if (streq_ptr(dbus_message_get_member(message), "SetControlGroupAttribute")) {
- DBusMessageIter iter;
-
- SELINUX_UNIT_ACCESS_CHECK(u, connection, message, "start");
-
- if (!dbus_message_iter_init(message, &iter))
- goto oom;
-
- r = bus_unit_cgroup_attribute_set(u, &iter);
- if (r < 0)
- return bus_send_error_reply(connection, message, NULL, r);
-
- reply = dbus_message_new_method_return(message);
- if (!reply)
- goto oom;
-
- } else if (streq_ptr(dbus_message_get_member(message), "UnsetControlGroupAttribute")) {
- DBusMessageIter iter;
-
- SELINUX_UNIT_ACCESS_CHECK(u, connection, message, "stop");
-
- if (!dbus_message_iter_init(message, &iter))
- goto oom;
-
- r = bus_unit_cgroup_attribute_unset(u, &iter);
- if (r < 0)
- return bus_send_error_reply(connection, message, NULL, r);
-
- reply = dbus_message_new_method_return(message);
- if (!reply)
- goto oom;
-
} else if (UNIT_VTABLE(u)->bus_message_handler)
return UNIT_VTABLE(u)->bus_message_handler(u, connection, message);
else
@@ -913,360 +745,6 @@ oom:
return DBUS_HANDLER_RESULT_NEED_MEMORY;
}
-static int parse_mode(DBusMessageIter *iter, bool *runtime, bool next) {
- const char *mode;
- int r;
-
- assert(iter);
- assert(runtime);
-
- r = bus_iter_get_basic_and_next(iter, DBUS_TYPE_STRING, &mode, next);
- if (r < 0)
- return r;
-
- if (streq(mode, "runtime"))
- *runtime = true;
- else if (streq(mode, "persistent"))
- *runtime = false;
- else
- return -EINVAL;
-
- return 0;
-}
-
-int bus_unit_cgroup_set(Unit *u, DBusMessageIter *iter) {
- _cleanup_free_ char *controller = NULL, *old_path = NULL, *new_path = NULL, *contents = NULL;
- const char *name;
- CGroupBonding *b;
- bool runtime;
- int r;
-
- assert(u);
- assert(iter);
-
- if (!unit_get_exec_context(u))
- return -EINVAL;
-
- r = bus_iter_get_basic_and_next(iter, DBUS_TYPE_STRING, &name, true);
- if (r < 0)
- return r;
-
- r = parse_mode(iter, &runtime, false);
- if (r < 0)
- return r;
-
- r = cg_split_spec(name, &controller, &new_path);
- if (r < 0)
- return r;
-
- if (!new_path) {
- new_path = unit_default_cgroup_path(u);
- if (!new_path)
- return -ENOMEM;
- }
-
- if (!controller || streq(controller, SYSTEMD_CGROUP_CONTROLLER))
- return -EINVAL;
-
- b = cgroup_bonding_find_list(u->cgroup_bondings, controller);
- if (b) {
- if (streq(b->path, new_path))
- return 0;
-
- if (b->essential)
- return -EINVAL;
-
- old_path = strdup(b->path);
- if (!old_path)
- return -ENOMEM;
- }
-
- r = unit_add_cgroup_from_text(u, name, true, &b);
- if (r < 0)
- return r;
- if (r > 0) {
- CGroupAttribute *a;
-
- /* Try to move things to the new place, and clean up the old place */
- cgroup_bonding_realize(b);
- cgroup_bonding_migrate(b, u->cgroup_bondings);
-
- if (old_path)
- cg_trim(controller, old_path, true);
-
- /* Apply the attributes to the new group */
- LIST_FOREACH(by_unit, a, u->cgroup_attributes)
- if (streq(a->controller, controller))
- cgroup_attribute_apply(a, b);
- }
-
- contents = strjoin("[", UNIT_VTABLE(u)->exec_section, "]\n"
- "ControlGroup=", name, "\n", NULL);
- if (!contents)
- return -ENOMEM;
-
- return unit_write_drop_in(u, runtime, controller, contents);
-}
-
-int bus_unit_cgroup_unset(Unit *u, DBusMessageIter *iter) {
- _cleanup_free_ char *controller = NULL, *path = NULL, *target = NULL;
- const char *name;
- CGroupAttribute *a, *n;
- CGroupBonding *b;
- bool runtime;
- int r;
-
- assert(u);
- assert(iter);
-
- if (!unit_get_exec_context(u))
- return -EINVAL;
-
- r = bus_iter_get_basic_and_next(iter, DBUS_TYPE_STRING, &name, true);
- if (r < 0)
- return r;
-
- r = parse_mode(iter, &runtime, false);
- if (r < 0)
- return r;
-
- r = cg_split_spec(name, &controller, &path);
- if (r < 0)
- return r;
-
- if (!controller || streq(controller, SYSTEMD_CGROUP_CONTROLLER))
- return -EINVAL;
-
- b = cgroup_bonding_find_list(u->cgroup_bondings, controller);
- if (!b)
- return -ENOENT;
-
- if (path && !path_equal(path, b->path))
- return -ENOENT;
-
- if (b->essential)
- return -EINVAL;
-
- unit_remove_drop_in(u, runtime, controller);
-
- /* Try to migrate the old group away */
- if (cg_pid_get_path(controller, 0, &target) >= 0)
- cgroup_bonding_migrate_to(u->cgroup_bondings, target, false);
-
- cgroup_bonding_free(b, true);
-
- /* Drop all attributes of this controller */
- LIST_FOREACH_SAFE(by_unit, a, n, u->cgroup_attributes) {
- if (!streq(a->controller, controller))
- continue;
-
- unit_remove_drop_in(u, runtime, a->name);
- cgroup_attribute_free(a);
- }
-
- return 0;
-}
-
-int bus_unit_cgroup_attribute_get(Unit *u, DBusMessageIter *iter, char ***_result) {
- _cleanup_free_ char *controller = NULL;
- CGroupAttribute *a;
- CGroupBonding *b;
- const char *name;
- char **l = NULL;
- int r;
-
- assert(u);
- assert(iter);
- assert(_result);
-
- if (!unit_get_exec_context(u))
- return -EINVAL;
-
- r = bus_iter_get_basic_and_next(iter, DBUS_TYPE_STRING, &name, false);
- if (r < 0)
- return r;
-
- r = cg_controller_from_attr(name, &controller);
- if (r < 0)
- return r;
-
- /* First attempt, read the value from the kernel */
- b = cgroup_bonding_find_list(u->cgroup_bondings, controller);
- if (b) {
- _cleanup_free_ char *p = NULL, *v = NULL;
-
- r = cg_get_path(b->controller, b->path, name, &p);
- if (r < 0)
- return r;
-
- r = read_full_file(p, &v, NULL);
- if (r >= 0) {
- /* Split on new lines */
- l = strv_split_newlines(v);
- if (!l)
- return -ENOMEM;
-
- *_result = l;
- return 0;
-
- }
- }
-
- /* If that didn't work, read our cached value */
- LIST_FOREACH(by_unit, a, u->cgroup_attributes) {
-
- if (!cgroup_attribute_matches(a, controller, name))
- continue;
-
- r = strv_extend(&l, a->value);
- if (r < 0) {
- strv_free(l);
- return r;
- }
- }
-
- if (!l)
- return -ENOENT;
-
- *_result = l;
- return 0;
-}
-
-static int update_attribute_drop_in(Unit *u, bool runtime, const char *name) {
- _cleanup_free_ char *buf = NULL;
- CGroupAttribute *a;
-
- assert(u);
- assert(name);
-
- LIST_FOREACH(by_unit, a, u->cgroup_attributes) {
- if (!cgroup_attribute_matches(a, NULL, name))
- continue;
-
- if (!buf) {
- buf = strjoin("[", UNIT_VTABLE(u)->exec_section, "]\n"
- "ControlGroupAttribute=", a->name, " ", a->value, "\n", NULL);
-
- if (!buf)
- return -ENOMEM;
- } else {
- char *b;
-
- b = strjoin(buf,
- "ControlGroupAttribute=", a->name, " ", a->value, "\n", NULL);
-
- if (!b)
- return -ENOMEM;
-
- free(buf);
- buf = b;
- }
- }
-
- if (buf)
- return unit_write_drop_in(u, runtime, name, buf);
- else
- return unit_remove_drop_in(u, runtime, name);
-}
-
-int bus_unit_cgroup_attribute_set(Unit *u, DBusMessageIter *iter) {
- _cleanup_strv_free_ char **l = NULL;
- int r;
- bool runtime = false;
- char **value;
- const char *name;
-
- assert(u);
- assert(iter);
-
- if (!unit_get_exec_context(u))
- return -EINVAL;
-
- r = bus_iter_get_basic_and_next(iter, DBUS_TYPE_STRING, &name, true);
- if (r < 0)
- return r;
-
- r = bus_parse_strv_iter(iter, &l);
- if (r < 0)
- return r;
-
- if (!dbus_message_iter_next(iter))
- return -EINVAL;
-
- r = parse_mode(iter, &runtime, false);
- if (r < 0)
- return r;
-
- STRV_FOREACH(value, l) {
- _cleanup_free_ char *v = NULL;
- CGroupAttribute *a;
- const CGroupSemantics *s;
-
- r = cgroup_semantics_find(NULL, name, *value, &v, &s);
- if (r < 0)
- return r;
-
- if (s && !s->multiple && l[1])
- return -EINVAL;
-
- r = unit_add_cgroup_attribute(u, s, NULL, name, v ? v : *value, &a);
- if (r < 0)
- return r;
-
- if (r > 0) {
- CGroupBonding *b;
-
- b = cgroup_bonding_find_list(u->cgroup_bondings, a->controller);
- if (!b) {
- /* Doesn't exist yet? Then let's add it */
- r = unit_add_cgroup_from_text(u, a->controller, false, &b);
- if (r < 0)
- return r;
-
- if (r > 0) {
- cgroup_bonding_realize(b);
- cgroup_bonding_migrate(b, u->cgroup_bondings);
- }
- }
-
- /* Make it count */
- cgroup_attribute_apply(a, u->cgroup_bondings);
- }
-
- }
-
- r = update_attribute_drop_in(u, runtime, name);
- if (r < 0)
- return r;
-
- return 0;
-}
-
-int bus_unit_cgroup_attribute_unset(Unit *u, DBusMessageIter *iter) {
- const char *name;
- bool runtime;
- int r;
-
- assert(u);
- assert(iter);
-
- if (!unit_get_exec_context(u))
- return -EINVAL;
-
- r = bus_iter_get_basic_and_next(iter, DBUS_TYPE_STRING, &name, true);
- if (r < 0)
- return r;
-
- r = parse_mode(iter, &runtime, false);
- if (r < 0)
- return r;
-
- cgroup_attribute_free_some(u->cgroup_attributes, NULL, name);
- update_attribute_drop_in(u, runtime, name);
-
- return 0;
-}
-
const BusProperty bus_unit_properties[] = {
{ "Id", bus_property_append_string, "s", offsetof(Unit, id), true },
{ "Names", bus_unit_append_names, "as", 0 },
@@ -1330,12 +808,6 @@ const BusProperty bus_unit_properties[] = {
{ "ConditionTimestampMonotonic", bus_property_append_usec, "t", offsetof(Unit, condition_timestamp.monotonic) },
{ "ConditionResult", bus_property_append_bool, "b", offsetof(Unit, condition_result) },
{ "LoadError", bus_unit_append_load_error, "(ss)", 0 },
- { NULL, }
-};
-
-const BusProperty bus_unit_cgroup_properties[] = {
- { "DefaultControlGroup", bus_unit_append_default_cgroup, "s", 0 },
- { "ControlGroups", bus_unit_append_cgroups, "as", 0 },
- { "ControlGroupAttributes", bus_unit_append_cgroup_attrs, "a(sss)", 0 },
+ { "ControlGroup", bus_property_append_string, "s", offsetof(Unit, cgroup_path), true },
{ NULL, }
};