lxc/0019-remount-cgroup-readonly-and-make-soft-link-of-subcgr.patch

From bd056022ef54a8dc6a859495f0edde96471bd7e5 Mon Sep 17 00:00:00 2001
From: tanyifeng <tanyifeng1@huawei.com>
Date: Mon, 14 Jan 2019 13:51:01 +0800
Subject: [PATCH 019/122] remount cgroup readonly and make soft link of
 subcgroup

Signed-off-by: LiFeng <lifeng68@huawei.com>
---
 src/lxc/cgroups/cgfsng.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index ab5732b..705985f 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1621,6 +1621,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 	int i, ret;
 	char *tmpfspath = NULL;
 	bool has_cgns = false, retval = false, wants_force_mount = false;
+	char **merged = NULL;
 
 	if ((type & LXC_AUTO_CGROUP_MASK) == 0)
 		return true;
@@ -1667,6 +1668,14 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 			continue;
 		controller++;
 
+		// isulad: symlink subcgroup
+		if (strchr(controller, ',') != NULL) {
+			int pret;
+			pret = lxc_append_string(&merged, controller);
+			if (pret < 0)
+				goto on_error;
+		}
+
 		controllerpath = must_make_path(tmpfspath, controller, NULL);
 		if (dir_exists(controllerpath)) {
 			free(controllerpath);
@@ -1721,10 +1730,45 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 		if (ret < 0)
 			goto on_error;
 	}
+
+	// isulad: symlink subcgroup
+	if (merged) {
+		char **mc;
+		for (mc = merged; *mc; mc++) {
+			char *token;
+			char *merge = must_copy_string(*mc);
+			lxc_iterate_parts(token, merge, ",") {
+				int mret;
+				char *link;
+				link = must_make_path(tmpfspath, token, NULL);
+				mret = symlink(*mc, link);
+				if (mret < 0 && errno != EEXIST) {
+					SYSERROR("Failed to create link %s for target %s", link, merge);
+					free(merge);
+					free(link);
+					goto on_error;
+				}
+				free(link);
+			}
+			free(merge);
+		}
+	}
+
+
+	// isulad: remount /sys/fs/cgroup to readonly
+	if (type == LXC_AUTO_CGROUP_FULL_RO || type == LXC_AUTO_CGROUP_RO) {
+		ret = mount(tmpfspath, tmpfspath, "bind",
+			    MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_RELATIME|MS_RDONLY|MS_BIND|MS_REMOUNT, NULL);
+		if (ret < 0) {
+			SYSERROR("Failed to remount /sys/fs/cgroup.");
+			goto on_error;
+		}
+	}
 	retval = true;
 
 on_error:
 	free(tmpfspath);
+	lxc_free_array((void **)merged, free);
 	return retval;
 }
 
-- 
1.8.3.1
Package init 2019-09-30 11:03:07 -04:00			`From bd056022ef54a8dc6a859495f0edde96471bd7e5 Mon Sep 17 00:00:00 2001`
			`From: tanyifeng <tanyifeng1@huawei.com>`
			`Date: Mon, 14 Jan 2019 13:51:01 +0800`
			`Subject: [PATCH 019/122] remount cgroup readonly and make soft link of`
			`subcgroup`

			`Signed-off-by: LiFeng <lifeng68@huawei.com>`
			`---`
			`src/lxc/cgroups/cgfsng.c \| 44 ++++++++++++++++++++++++++++++++++++++++++++`
			`1 file changed, 44 insertions(+)`

			`diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c`
			`index ab5732b..705985f 100644`
			`--- a/src/lxc/cgroups/cgfsng.c`
			`+++ b/src/lxc/cgroups/cgfsng.c`
			`@@ -1621,6 +1621,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,`
			`int i, ret;`
			`char *tmpfspath = NULL;`
			`bool has_cgns = false, retval = false, wants_force_mount = false;`
			`+ char **merged = NULL;`

			`if ((type & LXC_AUTO_CGROUP_MASK) == 0)`
			`return true;`
			`@@ -1667,6 +1668,14 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,`
			`continue;`
			`controller++;`

			`+ // isulad: symlink subcgroup`
			`+ if (strchr(controller, ',') != NULL) {`
			`+ int pret;`
			`+ pret = lxc_append_string(&merged, controller);`
			`+ if (pret < 0)`
			`+ goto on_error;`
			`+ }`
			`+`
			`controllerpath = must_make_path(tmpfspath, controller, NULL);`
			`if (dir_exists(controllerpath)) {`
			`free(controllerpath);`
			`@@ -1721,10 +1730,45 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,`
			`if (ret < 0)`
			`goto on_error;`
			`}`
			`+`
			`+ // isulad: symlink subcgroup`
			`+ if (merged) {`
			`+ char **mc;`
			`+ for (mc = merged; *mc; mc++) {`
			`+ char *token;`
			`+ char merge = must_copy_string(mc);`
			`+ lxc_iterate_parts(token, merge, ",") {`
			`+ int mret;`
			`+ char *link;`
			`+ link = must_make_path(tmpfspath, token, NULL);`
			`+ mret = symlink(*mc, link);`
			`+ if (mret < 0 && errno != EEXIST) {`
			`+ SYSERROR("Failed to create link %s for target %s", link, merge);`
			`+ free(merge);`
			`+ free(link);`
			`+ goto on_error;`
			`+ }`
			`+ free(link);`
			`+ }`
			`+ free(merge);`
			`+ }`
			`+ }`
			`+`
			`+`
			`+ // isulad: remount /sys/fs/cgroup to readonly`
			`+ if (type == LXC_AUTO_CGROUP_FULL_RO \|\| type == LXC_AUTO_CGROUP_RO) {`
			`+ ret = mount(tmpfspath, tmpfspath, "bind",`
			`+ MS_NOSUID\|MS_NODEV\|MS_NOEXEC\|MS_RELATIME\|MS_RDONLY\|MS_BIND\|MS_REMOUNT, NULL);`
			`+ if (ret < 0) {`
			`+ SYSERROR("Failed to remount /sys/fs/cgroup.");`
			`+ goto on_error;`
			`+ }`
			`+ }`
			`retval = true;`

			`on_error:`
			`free(tmpfspath);`
			`+ lxc_free_array((void **)merged, free);`
			`return retval;`
			`}`

			`--`
			`1.8.3.1`