cgroup: make sure all our cgroup objects have a suffix and are properly escaped

Session objects will now get the .session suffix, user objects the .user
suffix, nspawn containers the .nspawn suffix.

This also changes the user cgroups to be named after the numeric UID
rather than the username, since this allows us the parse these paths
standalone without requiring access to the cgroup file system.

This also changes the mapping of instanced units to cgroups. Instead of
mapping foo@bar.service to the cgroup path /user/foo@.service/bar we
will now map it to /user/foo@.service/foo@bar.service, in order to
ensure that all our objects are properly suffixed in the tree.

3 files changed, 24 insertions, 36 deletions

diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 2f7ab3451f..662273b07f 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -465,7 +465,18 @@ static int session_create_cgroup(Session *s) {
         assert(s->user->cgroup_path);
 
         if (!s->cgroup_path) {
-                if (asprintf(&p, "%s/%s", s->user->cgroup_path, s->id) < 0)
+                _cleanup_free_ char *name = NULL, *escaped = NULL;
+
+                name = strappend(s->id, ".session");
+                if (!name)
+                        return log_oom();
+
+                escaped = cg_escape(name);
+                if (!escaped)
+                        return log_oom();
+
+                p = strjoin(s->user->cgroup_path, "/", escaped, NULL);
+                if (!p)
                         return log_oom();
         } else
                 p = s->cgroup_path;
diff --git a/src/login/logind-user.c b/src/login/logind-user.c
index 4b0ac5e737..9e2cbf646b 100644
--- a/src/login/logind-user.c
+++ b/src/login/logind-user.c
@@ -315,7 +315,17 @@ static int user_create_cgroup(User *u) {
         assert(u);
 
         if (!u->cgroup_path) {
-                if (asprintf(&p, "%s/%s", u->manager->cgroup_path, u->name) < 0)
+                _cleanup_free_ char *name = NULL, *escaped = NULL;
+
+                if (asprintf(&name, "%lu.user", (unsigned long) u->uid) < 0)
+                        return log_oom();
+
+                escaped = cg_escape(name);
+                if (!escaped)
+                        return log_oom();
+
+                p = strjoin(u->manager->cgroup_path, "/", escaped, NULL);
+                if (!p)
                         return log_oom();
         } else
                 p = u->cgroup_path;
diff --git a/src/login/sd-login.c b/src/login/sd-login.c
index 30e07a9322..157b7e0fb4 100644
--- a/src/login/sd-login.c
+++ b/src/login/sd-login.c
@@ -73,10 +73,6 @@ _public_ int sd_pid_get_machine_name(pid_t pid, char **name) {
 }
 
 _public_ int sd_pid_get_owner_uid(pid_t pid, uid_t *uid) {
-        int r;
-        _cleanup_free_ char *root = NULL, *cgroup = NULL, *cc = NULL;
-        char *p;
-        struct stat st;
 
         if (pid < 0)
                 return -EINVAL;
@@ -84,36 +80,7 @@ _public_ int sd_pid_get_owner_uid(pid_t pid, uid_t *uid) {
         if (!uid)
                 return -EINVAL;
 
-        r = cg_pid_get_path_shifted(pid, &root, &cgroup);
-        if (r < 0)
-                return r;
-
-        if (!startswith(cgroup, "/user/"))
-                return -ENOENT;
-
-        p = strchr(cgroup + 6, '/');
-        if (!p)
-                return -ENOENT;
-
-        p++;
-        p += strcspn(p, "/");
-        *p = 0;
-
-        r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, root, cgroup, &cc);
-
-        if (r < 0)
-                return -ENOMEM;
-
-        r = lstat(cc, &st);
-
-        if (r < 0)
-                return -errno;
-
-        if (!S_ISDIR(st.st_mode))
-                return -ENOTDIR;
-
-        *uid = st.st_uid;
-        return 0;
+        return cg_pid_get_owner_uid(pid, uid);
 }
 
 _public_ int sd_uid_get_state(uid_t uid, char**state) {