diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-12-30 01:57:23 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-01-05 01:40:51 +0100 |
commit | b12afc8c5c5c3ee5720780df9a602288bbcc24ea (patch) | |
tree | c31283a2db47472b134744bf353c9953e089bd62 /src/core/mount-setup.c | |
parent | 714e2e1d56b97dcf2ebae2d0447b48f21e38a600 (diff) |
nspawn: mount most of the cgroup tree read-only in nspawn containers except for the container's own subtree in the name=systemd hierarchy
More specifically mount all other hierarchies in their entirety and the
name=systemd above the container's subtree read-only.
Diffstat (limited to 'src/core/mount-setup.c')
-rw-r--r-- | src/core/mount-setup.c | 41 |
1 files changed, 5 insertions, 36 deletions
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index 342f5520c9..bd3a0352d6 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -44,6 +44,7 @@ #include "efivars.h" #include "smack-util.h" #include "def.h" +#include "cgroup-util.h" typedef enum MountMode { MNT_NONE = 0, @@ -227,49 +228,17 @@ int mount_setup_early(void) { int mount_cgroup_controllers(char ***join_controllers) { _cleanup_set_free_free_ Set *controllers = NULL; - _cleanup_fclose_ FILE *f; - char buf[LINE_MAX]; int r; /* Mount all available cgroup controllers that are built into the kernel. */ - f = fopen("/proc/cgroups", "re"); - if (!f) { - log_error_errno(errno, "Failed to enumerate cgroup controllers: %m"); - return 0; - } - controllers = set_new(&string_hash_ops); if (!controllers) return log_oom(); - /* Ignore the header line */ - (void) fgets(buf, sizeof(buf), f); - - for (;;) { - char *controller; - int enabled = 0; - - if (fscanf(f, "%ms %*i %*i %i", &controller, &enabled) != 2) { - - if (feof(f)) - break; - - log_error("Failed to parse /proc/cgroups."); - return -EIO; - } - - if (!enabled) { - free(controller); - continue; - } - - r = set_consume(controllers, controller); - if (r < 0) { - log_error("Failed to add controller to set."); - return r; - } - } + r = cg_kernel_controllers(controllers); + if (r < 0) + return log_error_errno(r, "Failed to enumerate cgroup controllers: %m"); for (;;) { _cleanup_free_ char *options = NULL, *controller = NULL, *where = NULL; @@ -348,7 +317,7 @@ int mount_cgroup_controllers(char ***join_controllers) { /* Now that we mounted everything, let's make the tmpfs the * cgroup file systems are mounted into read-only. */ - mount("tmpfs", "/sys/fs/cgroup", "tmpfs", MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755"); + (void) mount("tmpfs", "/sys/fs/cgroup", "tmpfs", MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755"); return 0; } |