summaryrefslogtreecommitdiff
path: root/src/core/dbus-cgroup.c
AgeCommit message (Collapse)Author
2014-11-05core: introduce new Delegate=yes/no property controlling creation of cgroup ↵Lennart Poettering
subhierarchies For priviliged units this resource control property ensures that the processes have all controllers systemd manages enabled. For unpriviliged services (those with User= set) this ensures that access rights to the service cgroup is granted to the user in question, to create further subgroups. Note that this only applies to the name=systemd hierarchy though, as access to other controllers is not safe for unpriviliged processes. Delegate=yes should be set for container scopes where a systemd instance inside the container shall manage the hierarchies below its own cgroup and have access to all controllers. Delegate=yes should also be set for user@.service, so that systemd --user can run, controlling its own cgroup tree. This commit changes machined, systemd-nspawn@.service and user@.service to set this boolean, in order to ensure that container management will just work, and the user systemd instance can run fine.
2014-09-29core/dbus: simplify handling of CPUQuotaPerSecUSecZbigniew Jędrzejewski-Szmek
No functional change intended.
2014-05-22cgroups: simplify CPUQuota= logicLennart Poettering
Only accept cpu quota values in percentages, get rid of period definition. It's not clear whether the CFS period controllable per-cgroup even has a future in the kernel, hence let's simplify all this, hardcode the period to 100ms and only accept percentage based quota values.
2014-05-22cgroup: rework startup logicLennart Poettering
Introduce a (unsigned long) -1 as "unset" state for cpu shares/block io weights, and keep the startup unit set around all the time.
2014-05-22core: add startup resource control optionWaLyong Cho
Similar to CPUShares= and BlockIOWeight= respectively. However only assign the specified weight during startup. Each control group attribute is re-assigned as weight by CPUShares=weight and BlockIOWeight=weight after startup. If not CPUShares= or BlockIOWeight= be specified, then the attribute is re-assigned to each default attribute value. (default cpu.shares=1024, blkio.weight=1000) If only CPUShares=weight or BlockIOWeight=weight be specified, then that implies StartupCPUShares=weight and StartupBlockIOWeight=weight.
2014-04-25core: expose CFS CPU time quota as high-level unit propertiesLennart Poettering
2014-04-25core: make sure we always write changed cgroup attributes to the cgroupfsLennart Poettering
2014-02-24cgroup: parse array cgroup properties correctly when they aren't at the end ↵Lennart Poettering
of the message
2014-02-22cgroup: Extend DeviceAllow= syntax to whitelist groups of devices, not just ↵Lennart Poettering
particular devices nodes
2014-01-02Use format patterns for usec_t, pid_t, nsec_t, usec_tZbigniew Jędrzejewski-Szmek
It is nicer to predefine patterns using configure time check instead of using casts everywhere. Since we do not need to use any flags, include "%" in the format instead of excluding it like PRI* macros.
2013-12-25build-sys: minor fixes found with cppcheckLennart Poettering
2013-12-22core: the cgroup properties are not actually constLennart Poettering
2013-12-22bus: decorate the various object vtables with SD_BUS_VTABLE_PROPERTY_CONST ↵Lennart Poettering
where appropriate
2013-11-21bus: rework message handlers to always take an error argumentLennart Poettering
Message handler callbacks can be simplified drastically if the dispatcher automatically replies to method calls if errors are returned. Thus: add an sd_bus_error argument to all message handlers. When we dispatch a message handler and it returns negative or a set sd_bus_error we send this as message error back to the client. This means errors returned by handlers by default are given back to clients instead of rippling all the way up to the event loop, which is desirable to make things robust. As a side-effect we can now easily turn the SELinux checks into normal function calls, since the method call dispatcher will generate the right error replies automatically now. Also, make sure we always pass the error structure to all property and method handlers as last argument to follow the usual style of passing variables for return values as last argument.
2013-11-20core: convert PID 1 to libsystemd-busLennart Poettering
This patch converts PID 1 to libsystemd-bus and thus drops the dependency on libdbus. The only remaining code using libdbus is a test case that validates our bus marshalling against libdbus' marshalling, and this dependency can be turned off. This patch also adds a couple of things to libsystem-bus, that are necessary to make the port work: - Synthesizing of "Disconnected" messages when bus connections are severed. - Support for attaching multiple vtables for the same interface on the same path. This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus calls which used an inappropriate signature. As a side effect we will now generate PropertiesChanged messages which carry property contents, rather than just invalidation information.
2013-10-21silent a few more gcc warningsKay Sievers
2013-10-14list: make our list macros a bit easier to use by not requring type spec on ↵Lennart Poettering
each invocation We can determine the list entry type via the typeof() gcc construct, and so we should to make the macros much shorter to use.
2013-09-17cgroup: get rid of MemorySoftLimit=Lennart Poettering
The cgroup attribute memory.soft_limit_in_bytes is unlikely to stay around in the kernel for good, so let's not expose it for now. We can readd something like it later when the kernel guys decided on a final API for this.
2013-09-10cgroup: setup BlockIODeviceWeight in bus_cgroup_set_propertyGao feng
This patch adds the support for setting up BlockIODeviceWeight in bus_cgroup_set_property. most of the codes are copied from the case that sets up DeviceAllow.
2013-09-10cgroup: compare fs paths with path_equal() rather than streq()Lennart Poettering
2013-09-10cgroup: setup BlockIORead/WriteBandwidth in bus_cgroup_set_propertyGao feng
This patch adds the support for setting up BlockIORead/WriteBandwidth in bus_cgroup_set_property.
2013-08-28device cgroup: don't create a new CGroupDeviceAllow when it already in the listGao feng
If a device node is already in the device_allow list of CGroupContext, we should replace it instead of create a new one and append this new one to the end of device_allow list. change from v1: use streq to replace !strcmp
2013-08-23blkio: fix incorrect setting of cpu_sharesGao feng
We should set up blockio_weight not cpu_shares.
2013-07-11core: simplify drop-in writing logic a bitLennart Poettering
let's make use of some format string magic!
2013-07-11core: when writing drop-in files, name them directly after the property we setLennart Poettering
Mapping from "FooBar" to "foo-bar" is unnecessary and makes it hard to handle many different properties with the same code, hence, let's just not do it.
2013-06-28core: add transient unitsLennart Poettering
Transient units can be created via the bus API. They are configured via the method call parameters rather than on-disk files. They are subject to normal GC. Transient units currently may only be created for services (however, we will extend this), and currently only ExecStart= and the cgroup parameters can be configured (also to be extended). Transient units require a unique name, that previously had no configuration file on disk. A tool systemd-run is added that makes use of this functionality to run arbitrary command lines as transient services: $ systemd-run /bin/ping www.heise.de Will cause systemd to create a new transient service and run ping in it.
2013-06-27dbus: make DeviceAllow=/DevicePolicy= writableLennart Poettering
2013-06-27dbus: make more cgroup attributes runtime settableLennart Poettering
2013-06-27dbus: add infrastructure for changing multiple properties at once on units ↵Lennart Poettering
and hook some cgroup attributes up to it This introduces two bus calls to make runtime changes to selected bus properties, optionally with persistence. This currently hooks this up only for three cgroup atributes, but this brings the infrastructure to add more changable attributes. This allows setting multiple attributes at once, and takes an array rather than a dictionary of properties, in order to implement simple resetting of lists using the same approach as when they are sourced from unit files. This means, that list properties are appended to by this call, unless they are first reset via assigning the empty list.
2013-06-27core: general cgroup reworkLennart Poettering
Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).