| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Current cgrulesengd daemon changes the cgroup of each process by a rule
based on uid, gid, and process name. And it is good that the log of the
daemon contains a process name with uid and gid.
This patch adds a process name to the log message.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog since v1:
===================
* Rebase the latest code.
* Cleanup.
The log message "Cgroup change for PID:X, UID:X, GID:X FAILED!" is output
by cgrulesengd daemon, even if a process finished already and that is not
a problem.
This patch prevents the daemon from outputting this spam log message.
* Reference
[PATCH 2/2] Reduce "Cgroup change for PID:X, UID:X, GID:X FAILED!" messages.
http://sourceforge.net/mailarchive/message.php?msg_name=4A10EE7E.60403%40mxs.nes.nec.co.jp
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
| |
Rename CGRULE_CGRED_TEMP_FILE to CGRULE_CGRED_SOCKET_PATH to better describe
the macro usage - it's not a temporary file, it's a socket.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* No change.
Changelog of v5:
================
* No change.
Changelog of v4:
================
* Add the comment "FIXME: Change the temporary file to configurable one."
* Define the number of allocation.
Changelog of v3:
================
* Set the value 0x1 to CGROUP_DAEMON_UNCHANGE_CHILDREN flag.
Changelog of v2:
================
* New patch.
Description:
============
This patch adds the handler of unchanged process to the cgrulesengd daemon.
By this patch, the daemon does not change a process which is executed by
'cgexec' command, because it is possible to notify the unchanged process to
the daemon by using "unix domain socket".
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* No change.
Changelog of v5:
================
* No change.
Changelog of v4:
================
* Remove unused parameter "cn_hdr" from cgre_receive_netlink_msg().
Changelog of v3:
================
* No change.
Changelog of v2:
================
* New patch.
Description:
============
This patch separates the netlink method for the readability, because
the later patch [PATCH 6/9] adds "unix domain socket" handling method
around the netlink method.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* Change the cgroup_get_procname_from_procfs() calling for the
returning value's change.
Changelog of v5:
================
* No change.
Changelog of v4:
================
* No change.
Changelog of v3:
================
* No change.
Changelog of v2:
================
* No change.
Description:
============
A process name is changed when execve(2), so a new rule based on
process name should be applied when execve(2) happens.
Then this patch adds an EXEC event to the event handler.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* The definations of CGROUP_RULE_MAXKEY and CGROUP_RULE_MAXLINE are
moved to libcgroup-internal.h since no one from outside should be
using them.
Changelog of v5:
================
* Rebase the patch to the latest code.
Changelog of v4:
================
* Use more safety length of a user name for the buffer "username".
* Move the macros min()/max() to src/libcgroup-internal.h for using
in src/api.c also.
Changelog of v3:
================
* Fix unclear buffer of user by memset().
Changelog of v2:
================
* Remove unnecessary memset().
* Some cleanups.
Description:
============
This patch adds the parser of process name in /etc/cgrules.conf.
A new rule based on process name is as the following, and the process
name is stored into the member "procname" in struct cgroup_rule.
<user>:<process name> <controllers> <destination>
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
CHANGELOG of v2.1:
================
* Rebase the patch for commit '340feae163c4797a6cb1247b3812c1ccdc52fa41'.
There are some similar functions for getting process's data (uid, gid) from
/proc/<pid>/status file, so this patch integrates these functions into one
cgroup_get_uid_gid_from_procfs().
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Reviewed-By: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
CHANGELOG of v2:
================
* New patch.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Reviewed-By: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
By default, everything is compiled. I want to add options to ./configure,
which can selectively disable tools, daemon and pam module. The library
itself is mandatory component and cannot be disabled.
Usage:
./configure --help
./configure --disable-tools --disable-pam --disable-daemon
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v2:
- Add the description of the problematic call sequence.
- There is not any change in the code.
[PATCH-v2] Fix the deadlock of rl_lock.
For avoiding the deadlock, protect cdgroup_change_cgroup_uid_gid_flags()
by blocking SIGUSR2 signal.
The problematic call sequence is the following:
----------------------------------------------------------------------
* CGRULESENGD DAEMON *
<< cgre_flash_rules() is the signal handler for SIGUSR2 signal >>
cgre_create_netlink_socket_process_msg()
<< Receive a UID/GID event packet >>
cgre_handle_msg()
cgre_process_event()
cgroup_change_cgroup_uid_gid_flags()
cgroup_find_matching_rule_uid_gid()
pthread_rwlock_wrlock(&rl_lock); << Get the lock of rl_lock >>
<< Receive a SIGUSR2 signal, and switch to cgre_flash_rules() >>
cgre_flash_rules()
cgroup_reload_cached_rules()
cgroup_parse_rules()
pthread_rwlock_wrlock(&rl_lock); << deadlock ! >>
----------------------------------------------------------------------
A cgrulesengd daemon needs a lock of rl_lock for referring configuration
buffer. On the other way, the daemon reloads configuration file when
receiving SIGUSR2 signal, and it needs the same lock in cgroup_parse_rules().
So cgroup_change_cgroup_uid_gid_flags() should be protected from SIGUSR2
signal for avoiding the deadlock.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
I found the deadlock problem that a cgrulesengd daemon stalls if
service "cgred" is reloaded while many UID events happen.
The following is the gdb output by attaching the stalling daemon:
(gdb) bt
#0 0x0000003b298dd918 in __lll_mutex_lock_wait () from /lib64/libc.so.6
#1 0x0000003b298ce847 in _L_lock_646 () from /lib64/libc.so.6
#2 0x0000003b298ce2da in __vsyslog_chk () from /lib64/libc.so.6
#3 0x0000000000401533 in flog (level=5, format=0x402778 "Reloading rules configuration.") at cgrule sengd.c:130
#4 0x00000000004015d1 in cgre_flash_rules (signum=<value optimized out>) at cgrulesengd.c:644
#5 <signal handler called>
#6 0x0000003b298d27b5 in send () from /lib64/libc.so.6
#7 0x0000003b298ce3a0 in __vsyslog_chk () from /lib64/libc.so.6
#8 0x0000000000401533 in flog (level=4, format=0x402b82 "Failed to open %s") at cgrulesengd.c:130
#9 0x0000000000401cc7 in cgre_process_event (ev=0x7fff8ad11cc4, type=4) at cgrulesengd.c:161
#10 0x0000000000401fd5 in cgre_create_netlink_socket_process_msg () at cgrulesengd.c:486
#11 0x00000000004023ca in main (argc=1, argv=<value optimized out>) at cgrulesengd.c:878
(gdb)
We can see __vsyslog_chk() is called twice, because the daemon
recieved a SIGUSR2 signal in __vsyslog_chk(). In __vsyslog_chk(),
"syslog_lock" is locked by __libc_lock_lock(syslog_lock).
So I think vsyslog() should be protected by blocking the signal,
and this patch fixes the problem by doing it.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
This patch clarifies the infinite loop.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Acked-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Acked-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
because the function breaks just after getting Uid data:
$ cat /proc/$$/status
[snip]
Uid: 500 500 500 500
Gid: 500 500 500 500
[snip]
$
This patch fixes this problem.
Signed-off-by: Masayuki Igawa <igawa@mxs.nes.nec.co.jp>
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use clock_gettime(2) for getting timestamp since a system boot.
* Change parent_info's memory to dynamic allocation.
This patch is for changing the cgroup of a forked process while parent
changing.
This patch adds the following sequence:
1. Store both the timestamp and the process-id when changing the cgroup.
2. If receiving a PROC_EVENT_FORK packet, check its parent-pid and its
timestamp.
3. If its parent-pid and the stored process-id are same and its timestamp
is older than the stored timestamp, change the cgroup of forked process.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
change the cgroup of child occasionally. I tested it by following
configulation file:
/etc/cgrules.conf:
user01 cpuset group01/user01
% memory group01/user01
A cpuset subsystem and a memory subsystem are mounted on different
mount points, and a cgrulesengd daemon manages each subsystem.
I login this environment as a user "user01", and each susbystem's
tasks file is the following:
# cat /mnt/cgroups/cpuset/group01/user01/tasks
31801
31805
31806
#
# cat /mnt/cgroups/memory/group01/user01/tasks
31801
31805
#
# pstree -p 32105
sshd(31801)---sshd(31805)---bash(31806)
#
They should be the same, but they are different. I investigated this
problem, and I found the cause. The reason is that the process(31806)
was forked just after writing the process(31805) to a cpuset subsystem's
tasks file:
<1> The UID/GID CHANGE event of the process 31805 happens.
<2> The daemon writes "31805" to a cpuset subsystem's tasks file.
<3> The process 31806 is forked, and it appears on a cpuset subsystem's
tasks file.
<4> The daemon writes "31805" to a memory subsystem's tasks file.
<5> The process 31806 does not appears on a memory subsystem's tasks file.
For solving this problem, I propose the following sequence.
1. Store both the timestamp and the process-id when the step <4>.
2. If receiving a PROC_EVENT_FORK packet, check its parent-pid and its
timestamp.
3. If its parent-pid and the stored process-id are same and its timestamp
is older than the stored timestamp, change the cgroup of forked process.
Changelog of v2:
* Change only [PATCH 2/2] and there is not any changes in [PATCH 1/2].
This patch adds the method for getting euid/egid from /proc/<pid>/status
file.
For changing the cgroup of a forked process, the method is usefull because
a PROC_EVENT_FORK packet does not inform of its euid and its egid.
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
|
| |\
| |
| |
| | |
ssh://balbir_singh@libcg.git.sourceforge.net/gitroot/libcg
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Hi,
I tested 'cgred' service and I saw the problem that some processes
are not moved to a right cgroup. This problem did not occur always,
and it did sometimes. I reviewed cgrulesengd.c and found the bug
cgrulesengd stays in an infinite loop if receiving a NLMSG_NOOP
packet.
This patch fixes this problem.
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Acked-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |/
|
|
|
|
| |
updates will be needed and will be done in subsequent cleanups.
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Make the shared object version a bit more usable, the notation with double
colons cannot be used on different places (see next patch).
Also run automake && autoconf to refresh the generated stuff.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
|
| |
|
|
|
|
| |
Finally run autoreconf -f -i to generate all the stuff that should be generated
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
|
| |
|
|
|
|
|
|
| |
Add automake makefiles and prepare everything to run, but don't actually
run the automake - it would generate lot of noise, where my manual changes
would get lots.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
|
|
|
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
|
