/*
* Make sure that all the controllers are writeable.
* If any are not, then
* - if they are listed in lxc.cgroup.use, refuse to start
* - else if they are crucial subsystems, refuse to start
* - else warn and do not use them
*/
static bool verify_final_subsystems(const char *cgroup_use)
{
int i;
bool dropped_any = false;
bool bret = false;
const char *cgroup_pattern;
char tmpnam[50], *probe;
if (!cgm_dbus_connect()) {
ERROR("Error connecting to cgroup manager");
return false;
}
cgroup_pattern = lxc_global_config_value("lxc.cgroup.pattern");
i = snprintf(tmpnam, 50, "lxcprobe-%d", getpid());
if (i < 0 || i >= 50) {
ERROR("Attack - format string modified?");
return false;
}
probe = lxc_string_replace("%n", tmpnam, cgroup_pattern);
if (!probe)
goto out;
i = 0;
while (i < nr_subsystems) {
char *p = get_last_controller_in_list(subsystems[i]);
if (!subsys_is_writeable(p, probe)) {
if (is_crucial_subsys(p)) {
ERROR("Cannot write to crucial subsystem %s\n",
subsystems[i]);
goto out;
}
if (cgroup_use && any_in_comma_list(subsystems[i], cgroup_use)) {
ERROR("Cannot write to subsystem %s which is requested in lxc.cgroup.use\n",
subsystems[i]);
goto out;
}
WARN("Cannot write to subsystem %s, continuing with out it\n",
subsystems[i]);
dropped_any = true;
drop_subsystem(i);
} else {
cgm_remove_cgroup(subsystems[i], probe);
i++;
}
}
if (dropped_any)
cgm_all_controllers_same = false;
bret = true;
out:
free(probe);
cgm_dbus_disconnect();
return bret;
}
/*
* remove all the cgroups created
* called internally with dbus connection open
*/
static inline void cleanup_cgroups(char *path)
{
int i;
char **slist = subsystems;
if (cgm_supports_multiple_controllers)
slist = subsystems_inone;
for (i = 0; slist[i]; i++)
cgm_remove_cgroup(slist[i], path);
}
/*
* remove all the cgroups created
* called internally with dbus connection open
*/
static inline void cleanup_cgroups(char *path)
{
int i;
char **slist = subsystems;
if (cgm_all_controllers_same)
slist = subsystems_inone;
for (i = 0; slist[i]; i++)
cgm_remove_cgroup(slist[i], path);
}
static void cgm_destroy(struct lxc_handler *handler)
{
char *cgroup_path = handler->cgroup_info->data;
int i;
if (!cgroup_path)
return;
for (i = 0; i < nr_subsystems; i++)
cgm_remove_cgroup(subsystems[i], cgroup_path);
free(cgroup_path);
handler->cgroup_info->data = NULL;
}
/* Called after a failed container startup */
static void cgm_destroy(void *hdata)
{
struct cgm_data *d = hdata;
char **slist = subsystems;
int i;
if (!d || !d->cgroup_path)
return;
if (!cgm_dbus_connect()) {
ERROR("Error connecting to cgroup manager");
return;
}
if (cgm_supports_multiple_controllers)
slist = subsystems_inone;
for (i = 0; slist[i]; i++)
cgm_remove_cgroup(slist[i], d->cgroup_path);
free(d->name);
free(d->cgroup_path);
free(d);
cgm_dbus_disconnect();
}
/*
* remove all the cgroups created
*/
static inline void cleanup_cgroups(char *path)
{
int i;
for (i = 0; i < nr_subsystems; i++)
cgm_remove_cgroup(subsystems[i], path);
}
