2023-07-31 10:00:47 +08:00
|
|
|
From ef31366523d784d92f25abd99b3782acda29a01c Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: xujing <xujing125@huawei.com>
|
|
|
|
|
Date: Fri, 8 Jul 2022 19:47:45 +0800
|
|
|
|
|
Subject: [PATCH] support disable cgroup controllers we don't want
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
src/basic/cgroup-util.c | 14 +++++++++++
|
|
|
|
|
src/basic/cgroup-util.h | 1 +
|
|
|
|
|
src/core/cgroup.c | 1 +
|
|
|
|
|
src/core/main.c | 7 ++++++
|
|
|
|
|
src/core/manager.h | 2 ++
|
|
|
|
|
src/core/system.conf.in | 1 +
|
|
|
|
|
src/shared/conf-parser.c | 54 ++++++++++++++++++++++++++++++++++++++++
|
|
|
|
|
src/shared/conf-parser.h | 1 +
|
|
|
|
|
8 files changed, 81 insertions(+)
|
|
|
|
|
|
|
|
|
|
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
|
2024-01-08 19:20:01 +08:00
|
|
|
index 3e60488..a555437 100644
|
2023-07-31 10:00:47 +08:00
|
|
|
--- a/src/basic/cgroup-util.c
|
|
|
|
|
+++ b/src/basic/cgroup-util.c
|
2024-01-08 19:20:01 +08:00
|
|
|
@@ -2115,6 +2115,20 @@ int cg_mask_supported(CGroupMask *ret) {
|
2023-07-31 10:00:47 +08:00
|
|
|
return cg_mask_supported_subtree(root, ret);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+int cg_mask_disable_cgroup(CGroupMask disabled, CGroupMask *ret) {
|
|
|
|
|
+ int r;
|
|
|
|
|
+
|
|
|
|
|
+ r = cg_all_unified();
|
|
|
|
|
+ if (r < 0)
|
|
|
|
|
+ return r;
|
|
|
|
|
+
|
|
|
|
|
+ /* We only care CGROUP_V1 */
|
|
|
|
|
+ if (r == 0)
|
|
|
|
|
+ *ret &= ~disabled;
|
|
|
|
|
+
|
|
|
|
|
+ return 0;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
int cg_kernel_controllers(Set **ret) {
|
|
|
|
|
_cleanup_set_free_ Set *controllers = NULL;
|
|
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
|
|
|
|
diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
|
2024-01-08 19:20:01 +08:00
|
|
|
index eb7ace5..3eb14b8 100644
|
2023-07-31 10:00:47 +08:00
|
|
|
--- a/src/basic/cgroup-util.h
|
|
|
|
|
+++ b/src/basic/cgroup-util.h
|
2024-01-08 19:20:01 +08:00
|
|
|
@@ -303,6 +303,7 @@ typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata);
|
2023-07-31 10:00:47 +08:00
|
|
|
|
|
|
|
|
int cg_mask_supported(CGroupMask *ret);
|
|
|
|
|
int cg_mask_supported_subtree(const char *root, CGroupMask *ret);
|
|
|
|
|
+int cg_mask_disable_cgroup(CGroupMask disabled, CGroupMask *ret);
|
|
|
|
|
int cg_mask_from_string(const char *s, CGroupMask *ret);
|
|
|
|
|
int cg_mask_to_string(CGroupMask mask, char **ret);
|
|
|
|
|
|
|
|
|
|
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
|
2024-01-08 19:20:01 +08:00
|
|
|
index 775ece5..88c976a 100644
|
2023-07-31 10:00:47 +08:00
|
|
|
--- a/src/core/cgroup.c
|
|
|
|
|
+++ b/src/core/cgroup.c
|
2024-01-08 19:20:01 +08:00
|
|
|
@@ -3922,6 +3922,7 @@ int manager_setup_cgroup(Manager *m) {
|
2023-07-31 10:00:47 +08:00
|
|
|
if (r < 0)
|
|
|
|
|
return log_error_errno(r, "Failed to determine supported bpf-based pseudo-controllers: %m");
|
|
|
|
|
m->cgroup_supported |= mask;
|
|
|
|
|
+ m->system_cgroup_supported = m->cgroup_supported;
|
|
|
|
|
|
|
|
|
|
/* 10. Log which controllers are supported */
|
|
|
|
|
for (CGroupController c = 0; c < _CGROUP_CONTROLLER_MAX; c++)
|
|
|
|
|
diff --git a/src/core/main.c b/src/core/main.c
|
2024-01-08 19:20:01 +08:00
|
|
|
index 964adb5..8f01780 100644
|
2023-07-31 10:00:47 +08:00
|
|
|
--- a/src/core/main.c
|
|
|
|
|
+++ b/src/core/main.c
|
2024-01-08 19:20:01 +08:00
|
|
|
@@ -143,6 +143,7 @@ static bool arg_no_new_privs;
|
|
|
|
|
static nsec_t arg_timer_slack_nsec;
|
2023-07-31 10:00:47 +08:00
|
|
|
static Set* arg_syscall_archs;
|
|
|
|
|
static FILE* arg_serialization;
|
|
|
|
|
+static CGroupMask arg_disable_cgroup_controllers;
|
2024-01-08 19:20:01 +08:00
|
|
|
static sd_id128_t arg_machine_id;
|
|
|
|
|
static EmergencyAction arg_cad_burst_action;
|
|
|
|
|
static CPUSet arg_cpu_affinity;
|
|
|
|
|
@@ -675,6 +676,7 @@ static int parse_config_file(void) {
|
|
|
|
|
{ "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_defaults.rlimit },
|
|
|
|
|
{ "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_defaults.rlimit },
|
|
|
|
|
{ "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_defaults.rlimit },
|
2023-07-31 10:00:47 +08:00
|
|
|
+ { "Manager", "DisableCGroupControllers", config_parse_cgroup, 0, &arg_disable_cgroup_controllers },
|
2024-01-08 19:20:01 +08:00
|
|
|
{ "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_defaults.cpu_accounting },
|
|
|
|
|
{ "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_defaults.io_accounting },
|
|
|
|
|
{ "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_defaults.ip_accounting },
|
|
|
|
|
@@ -743,6 +745,10 @@ static void set_manager_defaults(Manager *m) {
|
|
|
|
|
|
|
|
|
|
assert(m);
|
2023-07-31 10:00:47 +08:00
|
|
|
|
|
|
|
|
+ m->cgroup_disabled = arg_disable_cgroup_controllers;
|
|
|
|
|
+ m->cgroup_supported = m->system_cgroup_supported;
|
|
|
|
|
+ (void) cg_mask_disable_cgroup(m->cgroup_disabled, &m->cgroup_supported);
|
|
|
|
|
+
|
2024-01-08 19:20:01 +08:00
|
|
|
/* Propagates the various default unit property settings into the manager object, i.e. properties
|
|
|
|
|
* that do not affect the manager itself, but are just what newly allocated units will have set if
|
|
|
|
|
* they haven't set anything else. (Also see set_manager_settings() for the settings that affect the
|
|
|
|
|
@@ -2518,6 +2524,7 @@ static void reset_arguments(void) {
|
2023-07-31 10:00:47 +08:00
|
|
|
|
2024-01-08 19:20:01 +08:00
|
|
|
/* arg_runtime_scope — ignore */
|
2023-07-31 10:00:47 +08:00
|
|
|
|
|
|
|
|
+ arg_disable_cgroup_controllers = 0;
|
2024-01-08 19:20:01 +08:00
|
|
|
arg_dump_core = true;
|
|
|
|
|
arg_crash_chvt = -1;
|
|
|
|
|
arg_crash_shell = false;
|
2023-07-31 10:00:47 +08:00
|
|
|
diff --git a/src/core/manager.h b/src/core/manager.h
|
2024-01-08 19:20:01 +08:00
|
|
|
index 0c9a2ea..65cc0c9 100644
|
2023-07-31 10:00:47 +08:00
|
|
|
--- a/src/core/manager.h
|
|
|
|
|
+++ b/src/core/manager.h
|
2024-01-08 19:20:01 +08:00
|
|
|
@@ -354,6 +354,8 @@ struct Manager {
|
2023-07-31 10:00:47 +08:00
|
|
|
/* Data specific to the cgroup subsystem */
|
|
|
|
|
Hashmap *cgroup_unit;
|
|
|
|
|
CGroupMask cgroup_supported;
|
|
|
|
|
+ CGroupMask system_cgroup_supported;
|
|
|
|
|
+ CGroupMask cgroup_disabled;
|
|
|
|
|
char *cgroup_root;
|
|
|
|
|
|
|
|
|
|
/* Notifications from cgroups, when the unified hierarchy is used is done via inotify. */
|
|
|
|
|
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
|
2024-01-08 19:20:01 +08:00
|
|
|
index f48452d..8ffc48e 100644
|
2023-07-31 10:00:47 +08:00
|
|
|
--- a/src/core/system.conf.in
|
|
|
|
|
+++ b/src/core/system.conf.in
|
2024-01-08 19:20:01 +08:00
|
|
|
@@ -54,6 +54,7 @@
|
2023-07-31 10:00:47 +08:00
|
|
|
#DefaultStartLimitIntervalSec=10s
|
|
|
|
|
#DefaultStartLimitBurst=5
|
|
|
|
|
#DefaultEnvironment=
|
|
|
|
|
+#DisableCGroupControllers=no
|
2024-01-08 19:20:01 +08:00
|
|
|
#DefaultCPUAccounting=yes
|
2023-07-31 10:00:47 +08:00
|
|
|
#DefaultIOAccounting=no
|
|
|
|
|
#DefaultIPAccounting=no
|
|
|
|
|
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
|
2024-01-08 19:20:01 +08:00
|
|
|
index 59a529d..8382271 100644
|
2023-07-31 10:00:47 +08:00
|
|
|
--- a/src/shared/conf-parser.c
|
|
|
|
|
+++ b/src/shared/conf-parser.c
|
|
|
|
|
@@ -10,6 +10,7 @@
|
|
|
|
|
#include "alloc-util.h"
|
|
|
|
|
#include "conf-files.h"
|
|
|
|
|
#include "conf-parser.h"
|
|
|
|
|
+#include "cgroup-util.h"
|
|
|
|
|
#include "constants.h"
|
|
|
|
|
#include "dns-domain.h"
|
|
|
|
|
#include "escape.h"
|
2024-01-08 19:20:01 +08:00
|
|
|
@@ -1634,6 +1635,59 @@ int config_parse_rlimit(
|
2023-07-31 10:00:47 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+int config_parse_cgroup(
|
|
|
|
|
+ const char *unit,
|
|
|
|
|
+ const char *filename,
|
|
|
|
|
+ unsigned line,
|
|
|
|
|
+ const char *section,
|
|
|
|
|
+ unsigned section_line,
|
|
|
|
|
+ const char *lvalue,
|
|
|
|
|
+ int ltype,
|
|
|
|
|
+ const char *rvalue,
|
|
|
|
|
+ void *data,
|
|
|
|
|
+ void *userdata) {
|
|
|
|
|
+ assert(filename);
|
|
|
|
|
+ assert(lvalue);
|
|
|
|
|
+ assert(rvalue);
|
|
|
|
|
+ assert(data);
|
|
|
|
|
+
|
|
|
|
|
+ CGroupMask *disabled_mask = data;
|
|
|
|
|
+ int r;
|
|
|
|
|
+
|
|
|
|
|
+ for (;;) {
|
|
|
|
|
+ _cleanup_free_ char *word = NULL;
|
|
|
|
|
+ CGroupController cc;
|
|
|
|
|
+ int yes_or_no = 0;
|
|
|
|
|
+
|
|
|
|
|
+ r = extract_first_word(&rvalue, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
|
|
|
|
|
+ if (r == 0)
|
|
|
|
|
+ break;
|
|
|
|
|
+ if (r == -ENOMEM)
|
|
|
|
|
+ return log_oom();
|
|
|
|
|
+ if (r < 0) {
|
|
|
|
|
+ log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ yes_or_no = parse_boolean(word);
|
|
|
|
|
+ if (yes_or_no == 0) {
|
|
|
|
|
+ *disabled_mask = 0;
|
|
|
|
|
+ break;
|
|
|
|
|
+ } else if (yes_or_no == 1) {
|
|
|
|
|
+ *disabled_mask = CGROUP_MASK_V1;
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ cc = cgroup_controller_from_string(word);
|
|
|
|
|
+ if (cc < 0) {
|
|
|
|
|
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DisableCGroupControllers, ignoring: %s", word);
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
+ *disabled_mask |= CGROUP_CONTROLLER_TO_MASK(cc);
|
|
|
|
|
+ }
|
|
|
|
|
+ return 0;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
int config_parse_permille(
|
|
|
|
|
const char* unit,
|
|
|
|
|
const char *filename,
|
|
|
|
|
diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h
|
2024-01-08 19:20:01 +08:00
|
|
|
index a1768cd..8e7c987 100644
|
2023-07-31 10:00:47 +08:00
|
|
|
--- a/src/shared/conf-parser.h
|
|
|
|
|
+++ b/src/shared/conf-parser.h
|
2024-01-08 19:20:01 +08:00
|
|
|
@@ -214,6 +214,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ifnames);
|
2023-07-31 10:00:47 +08:00
|
|
|
CONFIG_PARSER_PROTOTYPE(config_parse_ip_port);
|
|
|
|
|
CONFIG_PARSER_PROTOTYPE(config_parse_mtu);
|
|
|
|
|
CONFIG_PARSER_PROTOTYPE(config_parse_rlimit);
|
|
|
|
|
+CONFIG_PARSER_PROTOTYPE(config_parse_cgroup);
|
|
|
|
|
CONFIG_PARSER_PROTOTYPE(config_parse_vlanprotocol);
|
|
|
|
|
CONFIG_PARSER_PROTOTYPE(config_parse_hw_addr);
|
|
|
|
|
CONFIG_PARSER_PROTOTYPE(config_parse_hw_addrs);
|
|
|
|
|
--
|
|
|
|
|
2.33.0
|
|
|
|
|
|
