mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-23 10:13:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

udev: port to DelegateSubgroup=

Browse Source
This commit is contained in:
Lennart Poettering 2023-04-21 21:06:22 +02:00
parent 3975e3f8ae
commit f8371dbd56
2 changed files with 9 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
src/udev/udevd.c
View File

@ -1799,54 +1799,6 @@ static int parse_argv(int argc, char *argv[]) {
return 1;
}
static int create_subcgroup(char **ret) {
_cleanup_free_ char *cgroup = NULL, *subcgroup = NULL;
int r;
if (getppid() != 1)
return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Not invoked by PID1.");
r = sd_booted();
if (r < 0)
return log_debug_errno(r, "Failed to check if systemd is running: %m");
if (r == 0)
return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "systemd is not running.");
/* Get our own cgroup, we regularly kill everything udev has left behind.
* We only do this on systemd systems, and only if we are directly spawned
* by PID1. Otherwise we are not guaranteed to have a dedicated cgroup. */
r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup);
if (r < 0) {
if (IN_SET(r, -ENOENT, -ENOMEDIUM))
return log_debug_errno(r, "Dedicated cgroup not found: %m");
return log_debug_errno(r, "Failed to get cgroup: %m");
}
r = cg_get_xattr_bool(SYSTEMD_CGROUP_CONTROLLER, cgroup, "trusted.delegate");
if (r == 0 || (r < 0 && ERRNO_IS_XATTR_ABSENT(r)))
return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "The cgroup %s is not delegated to us.", cgroup);
if (r < 0)
return log_debug_errno(r, "Failed to read trusted.delegate attribute: %m");
/* We are invoked with our own delegated cgroup tree, let's move us one level down, so that we
* don't collide with the "no processes in inner nodes" rule of cgroups, when the service
* manager invokes the ExecReload= job in the .control/ subcgroup. */
subcgroup = path_join(cgroup, "/udev");
if (!subcgroup)
return log_oom_debug();
r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, subcgroup, 0);
if (r < 0)
return log_debug_errno(r, "Failed to create %s subcgroup: %m", subcgroup);
log_debug("Created %s subcgroup.", subcgroup);
if (ret)
*ret = TAKE_PTR(subcgroup);
return 0;
}
static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent) {
_cleanup_(manager_freep) Manager *manager = NULL;
_cleanup_free_ char *cgroup = NULL;
@ -1854,8 +1806,6 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent) {
assert(ret);
(void) create_subcgroup(&cgroup);
manager = new(Manager, 1);
if (!manager)
return log_oom();
@ -1863,7 +1813,6 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent) {
*manager = (Manager) {
.inotify_fd = -EBADF,
.worker_watch = PIPE_EBADF,
.cgroup = TAKE_PTR(cgroup),
};
r = udev_ctrl_new_from_fd(&manager->ctrl, fd_ctrl);
@ -1895,6 +1844,14 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent) {
manager->log_level = log_get_max_level();
r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup);
if (r < 0)
log_warning_errno(r, "Failed to get cgroup, ignoring: %m");
else if (endswith(cgroup, "/udev")) { /* If we are in a subcgroup /udev/ we assume it was delegated to us */
log_debug("Running in delegated subcgroup '%s'.", cgroup);
manager->cgroup = TAKE_PTR(cgroup);
}
*ret = TAKE_PTR(manager);
return 0;

1
units/systemd-udevd.service.in
View File

@ -18,6 +18,7 @@ ConditionPathIsReadWrite=/sys
[Service]
CapabilityBoundingSet=~CAP_SYS_TIME CAP_WAKE_ALARM
Delegate=pids
DelegateSubgroup=udev
Type=notify-reload
# Note that udev will reset the value internally for its workers
OOMScoreAdjust=-1000