During container start there might be a situation when not all cgroup hierarchies get virtualized by container manager (like vzctl). By virtualizing a cgroup hierarchy I mean creation of sub-directory within a particular mounted cgroup. When container starts it looks in css set of it's init process to list all affilated cgroups and perform actions on each. But non-virtualized cgroups will also be present in init's css_set and they should not be touched from inside of any non root ve.
Signed-off-by: Valeriy Vdovin <[email protected]> Reviewed-by: Kirill Tkhai <[email protected]> --- kernel/cgroup/cgroup.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 8aea78f07b5b..75997b503d3c 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -1927,6 +1927,23 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp, struct cftype *cft, bool activate); #ifdef CONFIG_VE +static inline bool is_virtualized_cgroup(struct cgroup *cgrp) +{ + /* + * no parent means this is the host cgroup + */ + if (!cgrp->kn->parent) + return false; + + if (cgrp->root->subsys_mask) + return true; + + if (!strcmp(cgrp->root->name, "systemd")) + return true; + + return false; +} + int cgroup_mark_ve_roots(struct ve_struct *ve) { int err; -- 2.27.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
