On 08/19/2015 10:35 AM, Pavel Tikhomirov wrote:
cgroups with depth level more than 2 were not mangled inside a container, that might caused problems with docker, docker were able to see in /proc/self/cgroup paths relative to host. PSBM-38634 But it is not docker specific: CT-103 /# mkdir /sys/fs/cgroup/devices/test.slice CT-103 /# mkdir /sys/fs/cgroup/devices/test.slice/test.scope CT-103 /# sleep 1000& [1] 578 CT-103 /# echo 578 > /sys/fs/cgroup/devices/test.slice/test.scope/tasks with patch: CT-103 /# cat /proc/578/cgroup 16:ve:/ 15:hugetlb:/ 14:perf_event:/ 12:net_cls:/ 11:freezer:/ 10:devices:/test.slice/test.scope 6:name=systemd:/user-0.slice/session-c109.scope
The other thing, I'm not yet sure how to fix now, is that such process somehow gets out of ve-103.slice and is in /sys/fs/cgroup/systemd/user-0.slice/session-c109.scope if we look from host.
5:cpuset:/ 4:cpuacct,cpu:/ 3:beancounter:/ 2:memory:/ 1:blkio:/ without: CT-103 /# cat /proc/480/cgroup 16:ve:/ 15:hugetlb:/ 14:perf_event:/ 12:net_cls:/ 11:freezer:/ 10:devices:/103/test.slice/test.scope 6:name=systemd:/user.slice/user-0.slice/session-c2.scope 5:cpuset:/ 4:cpuacct,cpu:/ 3:beancounter:/ 2:memory:/ 1:blkio:/ Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> --- kernel/cgroup.c | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/kernel/cgroup.c b/kernel/cgroup.c index b073fba..7abc8f3 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -1823,6 +1823,7 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen) { int ret = -ENAMETOOLONG; char *start; + struct ve_struct *ve = get_exec_env(); if (!cgrp->parent) { if (strlcpy(buf, "/", buflen) >= buflen) @@ -1830,21 +1831,6 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen) return 0; } -#ifdef CONFIG_VE - /* - * Containers cgroups are bind-mounted from node - * so they are like '/' from inside, thus we have - * to mangle cgroup path output. - */ - if (!ve_is_super(get_exec_env())) { - if (cgrp->parent && !cgrp->parent->parent) { - if (strlcpy(buf, "/", buflen) >= buflen) - return -ENAMETOOLONG; - return 0; - } - } -#endif - start = buf + buflen - 1; *start = '\0'; @@ -1853,6 +1839,25 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen) const char *name = cgroup_name(cgrp); int len; +#ifdef CONFIG_VE + if (!ve_is_super(ve) && cgrp->parent && !cgrp->parent->parent) { + /* + * Containers cgroups are bind-mounted from node + * so they are like '/' from inside, thus we have + * to mangle cgroup path output. Effectively it is + * enough to remove two topmost cgroups from path. + * e.g. in ct 101: /101/test.slice/test.scope -> + * /test.slice/test.scope + */ + if (*start != '/') { + if (--start < buf) + goto out; + *start = '/'; + } + break; + } +#endif + len = strlen(name); if ((start -= len) < buf) goto out;
-- Best regards, Tikhomirov Pavel Software Developer, Odin. _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel