int lxc_cgroup_create(const char *name, pid_t pid) { char cgmnt[MAXPATHLEN]; char cgname[MAXPATHLEN]; char clonechild[MAXPATHLEN]; int flags; if (get_cgroup_mount(MTAB, cgmnt)) { ERROR("cgroup is not mounted"); return -1; } snprintf(cgname, MAXPATHLEN, "%s/%s", cgmnt, name); /* * There is a previous cgroup, assume it is empty, * otherwise that fails */ if (!access(cgname, F_OK) && rmdir(cgname)) { SYSERROR("failed to remove previous cgroup '%s'", cgname); return -1; } if (get_cgroup_flags(MTAB, &flags)) { SYSERROR("failed to get cgroup flags"); return -1; } /* We have the deprecated ns_cgroup subsystem */ if (flags & CGROUP_NS_CGROUP) { WARN("using deprecated ns_cgroup"); return cgroup_rename_nsgroup(cgmnt, cgname, pid); } snprintf(clonechild, MAXPATHLEN, "%s/cgroup.clone_children", cgmnt); /* we check if the kernel has clone_children, at this point if there * no clone_children neither ns_cgroup, that means the cgroup is mounted * without the ns_cgroup and it has not the compatibility flag */ if (access(clonechild, F_OK)) { ERROR("no ns_cgroup option specified"); return -1; } /* we enable the clone_children flag of the cgroup */ if (cgroup_enable_clone_children(clonechild)) { SYSERROR("failed to enable 'clone_children flag"); return -1; } /* Let's create the cgroup */ if (mkdir(cgname, 0700)) { SYSERROR("failed to create '%s' directory", cgname); return -1; } /* Let's add the pid to the 'tasks' file */ if (cgroup_attach(cgname, pid)) { SYSERROR("failed to attach pid '%d' to '%s'", pid, cgname); rmdir(cgname); return -1; } return 0; }
/* * create a cgroup for the container in a particular subsystem. */ static int lxc_one_cgroup_create(const char *name, struct mntent *mntent, pid_t pid) { char cginit[MAXPATHLEN], cgname[MAXPATHLEN], cgparent[MAXPATHLEN]; char clonechild[MAXPATHLEN]; char initcgroup[MAXPATHLEN]; int flags, ret; /* cgparent is the parent dir, e.g., /sys/fs/cgroup/<cgroup>/<init-cgroup>/lxc */ /* (remember get_init_cgroup() returns a path starting with '/') */ /* cgname is the full name, e.g., /sys/fs/cgroup/<cgroup>/<init-cgroup>/lxc/name */ ret = snprintf(cginit, MAXPATHLEN, "%s%s", mntent->mnt_dir, get_init_cgroup(NULL, mntent, initcgroup)); if (ret < 0 || ret >= MAXPATHLEN) { SYSERROR("Failed creating pathname for init's cgroup (%d)\n", ret); return -1; } flags = get_cgroup_flags(mntent); ret = snprintf(cgparent, MAXPATHLEN, "%s%s", cginit, (flags & CGROUP_NS_CGROUP) ? "" : "/lxc"); if (ret < 0 || ret >= MAXPATHLEN) { SYSERROR("Failed creating pathname for cgroup parent (%d)\n", ret); return -1; } ret = snprintf(cgname, MAXPATHLEN, "%s/%s", cgparent, name); if (ret < 0 || ret >= MAXPATHLEN) { SYSERROR("Failed creating pathname for cgroup (%d)\n", ret); return -1; } /* Do we have the deprecated ns_cgroup subsystem? */ if (flags & CGROUP_NS_CGROUP) { WARN("using deprecated ns_cgroup"); return cgroup_rename_nsgroup(cginit, name, pid); } ret = snprintf(clonechild, MAXPATHLEN, "%s/cgroup.clone_children", cginit); if (ret < 0 || ret >= MAXPATHLEN) { SYSERROR("Failed creating pathname for clone_children (%d)\n", ret); return -1; } /* we check if the kernel has clone_children, at this point if there * no clone_children neither ns_cgroup, that means the cgroup is mounted * without the ns_cgroup and it has not the compatibility flag */ if (access(clonechild, F_OK)) { ERROR("no ns_cgroup option specified"); return -1; } /* enable the clone_children flag of the cgroup */ if (cgroup_enable_clone_children(clonechild)) { SYSERROR("failed to enable 'clone_children flag"); return -1; } /* if cgparent does not exist, create it */ if (access(cgparent, F_OK) && mkdir(cgparent, 0755)) { SYSERROR("failed to create '%s' directory", cgparent); return -1; } /* * There is a previous cgroup. Try to delete it. If that fails * (i.e. it is not empty) try to move it out of the way. */ if (!access(cgname, F_OK) && rmdir(cgname)) { if (try_to_move_cgname(cgparent, cgname)) { SYSERROR("failed to remove previous cgroup '%s'", cgname); return -1; } } /* Let's create the cgroup */ if (mkdir(cgname, 0755)) { SYSERROR("failed to create '%s' directory", cgname); return -1; } INFO("created cgroup '%s'", cgname); return 0; }