On 08/19/2015 10:35 AM, Pavel Tikhomirov wrote:
cgroups with depth level more than 2 were not mangled inside a
container, that might caused problems with docker, docker were able
to see in /proc/self/cgroup paths relative to host.
PSBM-38634
But it is not docker specific:
CT-103 /# mkdir /sys/fs/cgroup/devices/test.slice
CT-103 /# mkdir /sys/fs/cgroup/devices/test.slice/test.scope
CT-103 /# sleep 1000&
[1] 578
CT-103 /# echo 578 > /sys/fs/cgroup/devices/test.slice/test.scope/tasks
with patch:
CT-103 /# cat /proc/578/cgroup
16:ve:/
15:hugetlb:/
14:perf_event:/
12:net_cls:/
11:freezer:/
10:devices:/test.slice/test.scope
6:name=systemd:/user-0.slice/session-c109.scope
The other thing, I'm not yet sure how to fix now, is that such process
somehow gets out of ve-103.slice and is in
/sys/fs/cgroup/systemd/user-0.slice/session-c109.scope if we look from host.
5:cpuset:/
4:cpuacct,cpu:/
3:beancounter:/
2:memory:/
1:blkio:/
without:
CT-103 /# cat /proc/480/cgroup
16:ve:/
15:hugetlb:/
14:perf_event:/
12:net_cls:/
11:freezer:/
10:devices:/103/test.slice/test.scope
6:name=systemd:/user.slice/user-0.slice/session-c2.scope
5:cpuset:/
4:cpuacct,cpu:/
3:beancounter:/
2:memory:/
1:blkio:/
Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
---
kernel/cgroup.c | 35 ++++++++++++++++++++---------------
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index b073fba..7abc8f3 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1823,6 +1823,7 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int
buflen)
{
int ret = -ENAMETOOLONG;
char *start;
+ struct ve_struct *ve = get_exec_env();
if (!cgrp->parent) {
if (strlcpy(buf, "/", buflen) >= buflen)
@@ -1830,21 +1831,6 @@ int cgroup_path(const struct cgroup *cgrp, char *buf,
int buflen)
return 0;
}
-#ifdef CONFIG_VE
- /*
- * Containers cgroups are bind-mounted from node
- * so they are like '/' from inside, thus we have
- * to mangle cgroup path output.
- */
- if (!ve_is_super(get_exec_env())) {
- if (cgrp->parent && !cgrp->parent->parent) {
- if (strlcpy(buf, "/", buflen) >= buflen)
- return -ENAMETOOLONG;
- return 0;
- }
- }
-#endif
-
start = buf + buflen - 1;
*start = '\0';
@@ -1853,6 +1839,25 @@ int cgroup_path(const struct cgroup *cgrp, char *buf,
int buflen)
const char *name = cgroup_name(cgrp);
int len;
+#ifdef CONFIG_VE
+ if (!ve_is_super(ve) && cgrp->parent && !cgrp->parent->parent) {
+ /*
+ * Containers cgroups are bind-mounted from node
+ * so they are like '/' from inside, thus we have
+ * to mangle cgroup path output. Effectively it is
+ * enough to remove two topmost cgroups from path.
+ * e.g. in ct 101: /101/test.slice/test.scope ->
+ * /test.slice/test.scope
+ */
+ if (*start != '/') {
+ if (--start < buf)
+ goto out;
+ *start = '/';
+ }
+ break;
+ }
+#endif
+
len = strlen(name);
if ((start -= len) < buf)
goto out;
--
Best regards, Tikhomirov Pavel
Software Developer, Odin.
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
