The commit is pushed to "branch-rh7-3.10.0-229.7.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-229.7.2.vz7.6.5 ------> commit 1518ff8ef0a78d8be1b19774506f355424103e9a Author: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> Date: Tue Sep 1 16:13:30 2015 +0400
ve/cgroup: fix mangle root in CT cgroups with depth level more than 2 were not mangled inside a container, that might caused problems with docker, docker were able to see in /proc/self/cgroup paths relative to host. But it is not docker specific: CT-103 /# mkdir /sys/fs/cgroup/devices/test.slice CT-103 /# mkdir /sys/fs/cgroup/devices/test.slice/test.scope CT-103 /# sleep 1000& [1] 578 CT-103 /# echo 578 > /sys/fs/cgroup/devices/test.slice/test.scope/tasks with patch: CT-103 /# cat /proc/578/cgroup 16:ve:/ 15:hugetlb:/ 14:perf_event:/ 12:net_cls:/ 11:freezer:/ 10:devices:/test.slice/test.scope 6:name=systemd:/user-0.slice/session-c109.scope 5:cpuset:/ 4:cpuacct,cpu:/ 3:beancounter:/ 2:memory:/ 1:blkio:/ without: CT-103 /# cat /proc/480/cgroup 16:ve:/ 15:hugetlb:/ 14:perf_event:/ 12:net_cls:/ 11:freezer:/ 10:devices:/103/test.slice/test.scope 6:name=systemd:/user.slice/user-0.slice/session-c2.scope 5:cpuset:/ 4:cpuacct,cpu:/ 3:beancounter:/ 2:memory:/ 1:blkio:/ https://jira.sw.ru/browse/PSBM-38634 Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> Reviewed-by: Cyrill Gorcunov <gorcu...@virtuozzo.com> khorenko@: this fix is quite inflexible, if we move CTs into machine.slice, we have to rework it. But i accept it because we are still not sure with final cgroups "virtualization" implementation => less work right now which can be later dropped. --- kernel/cgroup.c | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/kernel/cgroup.c b/kernel/cgroup.c index d96176e..a07c4e0 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -1808,6 +1808,7 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen) { int ret = -ENAMETOOLONG; char *start; + struct ve_struct *ve = get_exec_env(); if (!cgrp->parent) { if (strlcpy(buf, "/", buflen) >= buflen) @@ -1815,21 +1816,6 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen) return 0; } -#ifdef CONFIG_VE - /* - * Containers cgroups are bind-mounted from node - * so they are like '/' from inside, thus we have - * to mangle cgroup path output. - */ - if (!ve_is_super(get_exec_env())) { - if (cgrp->parent && !cgrp->parent->parent) { - if (strlcpy(buf, "/", buflen) >= buflen) - return -ENAMETOOLONG; - return 0; - } - } -#endif - start = buf + buflen - 1; *start = '\0'; @@ -1838,6 +1824,25 @@ int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen) const char *name = cgroup_name(cgrp); int len; +#ifdef CONFIG_VE + if (!ve_is_super(ve) && cgrp->parent && !cgrp->parent->parent) { + /* + * Containers cgroups are bind-mounted from node + * so they are like '/' from inside, thus we have + * to mangle cgroup path output. Effectively it is + * enough to remove two topmost cgroups from path. + * e.g. in ct 101: /101/test.slice/test.scope -> + * /test.slice/test.scope + */ + if (*start != '/') { + if (--start < buf) + goto out; + *start = '/'; + } + break; + } +#endif + len = strlen(name); if ((start -= len) < buf) goto out; _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel