From bf718c9619dc27da6c196f71d1552855b8436cc0 Mon Sep 17 00:00:00 2001
From: tanyifeng <tanyifeng1@huawei.com>
Date: Mon, 14 Jan 2019 13:51:01 +0800
Subject: [PATCH 019/138] remount cgroup readonly and make soft link of
 subcgroup

Signed-off-by: LiFeng <lifeng68@huawei.com>
---
 src/lxc/cgroups/cgfsng.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index ab5732b..705985f 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1621,6 +1621,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 	int i, ret;
 	char *tmpfspath = NULL;
 	bool has_cgns = false, retval = false, wants_force_mount = false;
+	char **merged = NULL;
 
 	if ((type & LXC_AUTO_CGROUP_MASK) == 0)
 		return true;
@@ -1667,6 +1668,14 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 			continue;
 		controller++;
 
+		// isulad: symlink subcgroup
+		if (strchr(controller, ',') != NULL) {
+			int pret;
+			pret = lxc_append_string(&merged, controller);
+			if (pret < 0)
+				goto on_error;
+		}
+
 		controllerpath = must_make_path(tmpfspath, controller, NULL);
 		if (dir_exists(controllerpath)) {
 			free(controllerpath);
@@ -1721,10 +1730,45 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 		if (ret < 0)
 			goto on_error;
 	}
+
+	// isulad: symlink subcgroup
+	if (merged) {
+		char **mc;
+		for (mc = merged; *mc; mc++) {
+			char *token;
+			char *merge = must_copy_string(*mc);
+			lxc_iterate_parts(token, merge, ",") {
+				int mret;
+				char *link;
+				link = must_make_path(tmpfspath, token, NULL);
+				mret = symlink(*mc, link);
+				if (mret < 0 && errno != EEXIST) {
+					SYSERROR("Failed to create link %s for target %s", link, merge);
+					free(merge);
+					free(link);
+					goto on_error;
+				}
+				free(link);
+			}
+			free(merge);
+		}
+	}
+
+
+	// isulad: remount /sys/fs/cgroup to readonly
+	if (type == LXC_AUTO_CGROUP_FULL_RO || type == LXC_AUTO_CGROUP_RO) {
+		ret = mount(tmpfspath, tmpfspath, "bind",
+			    MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_RELATIME|MS_RDONLY|MS_BIND|MS_REMOUNT, NULL);
+		if (ret < 0) {
+			SYSERROR("Failed to remount /sys/fs/cgroup.");
+			goto on_error;
+		}
+	}
 	retval = true;
 
 on_error:
 	free(tmpfspath);
+	lxc_free_array((void **)merged, free);
 	return retval;
 }
 
-- 
1.8.3.1