mirror of https://github.com/k3s-io/k3s
284 lines
6.4 KiB
Go
284 lines
6.4 KiB
Go
package cgroups
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"sync"
|
|
"syscall"
|
|
|
|
securejoin "github.com/cyphar/filepath-securejoin"
|
|
"github.com/moby/sys/mountinfo"
|
|
"golang.org/x/sys/unix"
|
|
)
|
|
|
|
// Code in this source file are specific to cgroup v1,
|
|
// and must not be used from any cgroup v2 code.
|
|
|
|
const (
|
|
CgroupNamePrefix = "name="
|
|
defaultPrefix = "/sys/fs/cgroup"
|
|
)
|
|
|
|
var (
|
|
errUnified = errors.New("not implemented for cgroup v2 unified hierarchy")
|
|
ErrV1NoUnified = errors.New("invalid configuration: cannot use unified on cgroup v1")
|
|
|
|
readMountinfoOnce sync.Once
|
|
readMountinfoErr error
|
|
cgroupMountinfo []*mountinfo.Info
|
|
)
|
|
|
|
type NotFoundError struct {
|
|
Subsystem string
|
|
}
|
|
|
|
func (e *NotFoundError) Error() string {
|
|
return fmt.Sprintf("mountpoint for %s not found", e.Subsystem)
|
|
}
|
|
|
|
func NewNotFoundError(sub string) error {
|
|
return &NotFoundError{
|
|
Subsystem: sub,
|
|
}
|
|
}
|
|
|
|
func IsNotFound(err error) bool {
|
|
if err == nil {
|
|
return false
|
|
}
|
|
_, ok := err.(*NotFoundError)
|
|
return ok
|
|
}
|
|
|
|
func tryDefaultPath(cgroupPath, subsystem string) string {
|
|
if !strings.HasPrefix(defaultPrefix, cgroupPath) {
|
|
return ""
|
|
}
|
|
|
|
// remove possible prefix
|
|
subsystem = strings.TrimPrefix(subsystem, CgroupNamePrefix)
|
|
|
|
// Make sure we're still under defaultPrefix, and resolve
|
|
// a possible symlink (like cpu -> cpu,cpuacct).
|
|
path, err := securejoin.SecureJoin(defaultPrefix, subsystem)
|
|
if err != nil {
|
|
return ""
|
|
}
|
|
|
|
// (1) path should be a directory.
|
|
st, err := os.Lstat(path)
|
|
if err != nil || !st.IsDir() {
|
|
return ""
|
|
}
|
|
|
|
// (2) path should be a mount point.
|
|
pst, err := os.Lstat(filepath.Dir(path))
|
|
if err != nil {
|
|
return ""
|
|
}
|
|
|
|
if st.Sys().(*syscall.Stat_t).Dev == pst.Sys().(*syscall.Stat_t).Dev {
|
|
// parent dir has the same dev -- path is not a mount point
|
|
return ""
|
|
}
|
|
|
|
// (3) path should have 'cgroup' fs type.
|
|
fst := unix.Statfs_t{}
|
|
err = unix.Statfs(path, &fst)
|
|
if err != nil || fst.Type != unix.CGROUP_SUPER_MAGIC {
|
|
return ""
|
|
}
|
|
|
|
return path
|
|
}
|
|
|
|
// readCgroupMountinfo returns a list of cgroup v1 mounts (i.e. the ones
|
|
// with fstype of "cgroup") for the current running process.
|
|
//
|
|
// The results are cached (to avoid re-reading mountinfo which is relatively
|
|
// expensive), so it is assumed that cgroup mounts are not being changed.
|
|
func readCgroupMountinfo() ([]*mountinfo.Info, error) {
|
|
readMountinfoOnce.Do(func() {
|
|
cgroupMountinfo, readMountinfoErr = mountinfo.GetMounts(
|
|
mountinfo.FSTypeFilter("cgroup"),
|
|
)
|
|
})
|
|
|
|
return cgroupMountinfo, readMountinfoErr
|
|
}
|
|
|
|
// https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt
|
|
func FindCgroupMountpoint(cgroupPath, subsystem string) (string, error) {
|
|
if IsCgroup2UnifiedMode() {
|
|
return "", errUnified
|
|
}
|
|
|
|
// Avoid parsing mountinfo by trying the default path first, if possible.
|
|
if path := tryDefaultPath(cgroupPath, subsystem); path != "" {
|
|
return path, nil
|
|
}
|
|
|
|
mnt, _, err := FindCgroupMountpointAndRoot(cgroupPath, subsystem)
|
|
return mnt, err
|
|
}
|
|
|
|
func FindCgroupMountpointAndRoot(cgroupPath, subsystem string) (string, string, error) {
|
|
if IsCgroup2UnifiedMode() {
|
|
return "", "", errUnified
|
|
}
|
|
|
|
mi, err := readCgroupMountinfo()
|
|
if err != nil {
|
|
return "", "", err
|
|
}
|
|
|
|
return findCgroupMountpointAndRootFromMI(mi, cgroupPath, subsystem)
|
|
}
|
|
|
|
func findCgroupMountpointAndRootFromMI(mounts []*mountinfo.Info, cgroupPath, subsystem string) (string, string, error) {
|
|
for _, mi := range mounts {
|
|
if strings.HasPrefix(mi.Mountpoint, cgroupPath) {
|
|
for _, opt := range strings.Split(mi.VFSOptions, ",") {
|
|
if opt == subsystem {
|
|
return mi.Mountpoint, mi.Root, nil
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return "", "", NewNotFoundError(subsystem)
|
|
}
|
|
|
|
func (m Mount) GetOwnCgroup(cgroups map[string]string) (string, error) {
|
|
if len(m.Subsystems) == 0 {
|
|
return "", fmt.Errorf("no subsystem for mount")
|
|
}
|
|
|
|
return getControllerPath(m.Subsystems[0], cgroups)
|
|
}
|
|
|
|
func getCgroupMountsHelper(ss map[string]bool, mounts []*mountinfo.Info, all bool) ([]Mount, error) {
|
|
res := make([]Mount, 0, len(ss))
|
|
numFound := 0
|
|
for _, mi := range mounts {
|
|
m := Mount{
|
|
Mountpoint: mi.Mountpoint,
|
|
Root: mi.Root,
|
|
}
|
|
for _, opt := range strings.Split(mi.VFSOptions, ",") {
|
|
seen, known := ss[opt]
|
|
if !known || (!all && seen) {
|
|
continue
|
|
}
|
|
ss[opt] = true
|
|
opt = strings.TrimPrefix(opt, CgroupNamePrefix)
|
|
m.Subsystems = append(m.Subsystems, opt)
|
|
numFound++
|
|
}
|
|
if len(m.Subsystems) > 0 || all {
|
|
res = append(res, m)
|
|
}
|
|
if !all && numFound >= len(ss) {
|
|
break
|
|
}
|
|
}
|
|
return res, nil
|
|
}
|
|
|
|
func getCgroupMountsV1(all bool) ([]Mount, error) {
|
|
mi, err := readCgroupMountinfo()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
allSubsystems, err := ParseCgroupFile("/proc/self/cgroup")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
allMap := make(map[string]bool)
|
|
for s := range allSubsystems {
|
|
allMap[s] = false
|
|
}
|
|
|
|
return getCgroupMountsHelper(allMap, mi, all)
|
|
}
|
|
|
|
// GetOwnCgroup returns the relative path to the cgroup docker is running in.
|
|
func GetOwnCgroup(subsystem string) (string, error) {
|
|
if IsCgroup2UnifiedMode() {
|
|
return "", errUnified
|
|
}
|
|
cgroups, err := ParseCgroupFile("/proc/self/cgroup")
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return getControllerPath(subsystem, cgroups)
|
|
}
|
|
|
|
func GetOwnCgroupPath(subsystem string) (string, error) {
|
|
cgroup, err := GetOwnCgroup(subsystem)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return getCgroupPathHelper(subsystem, cgroup)
|
|
}
|
|
|
|
func GetInitCgroup(subsystem string) (string, error) {
|
|
if IsCgroup2UnifiedMode() {
|
|
return "", errUnified
|
|
}
|
|
cgroups, err := ParseCgroupFile("/proc/1/cgroup")
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return getControllerPath(subsystem, cgroups)
|
|
}
|
|
|
|
func GetInitCgroupPath(subsystem string) (string, error) {
|
|
cgroup, err := GetInitCgroup(subsystem)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return getCgroupPathHelper(subsystem, cgroup)
|
|
}
|
|
|
|
func getCgroupPathHelper(subsystem, cgroup string) (string, error) {
|
|
mnt, root, err := FindCgroupMountpointAndRoot("", subsystem)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
// This is needed for nested containers, because in /proc/self/cgroup we
|
|
// see paths from host, which don't exist in container.
|
|
relCgroup, err := filepath.Rel(root, cgroup)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return filepath.Join(mnt, relCgroup), nil
|
|
}
|
|
|
|
func getControllerPath(subsystem string, cgroups map[string]string) (string, error) {
|
|
if IsCgroup2UnifiedMode() {
|
|
return "", errUnified
|
|
}
|
|
|
|
if p, ok := cgroups[subsystem]; ok {
|
|
return p, nil
|
|
}
|
|
|
|
if p, ok := cgroups[CgroupNamePrefix+subsystem]; ok {
|
|
return p, nil
|
|
}
|
|
|
|
return "", NewNotFoundError(subsystem)
|
|
}
|