Re: [Libcg-devel] [PATCH resend v2] cgrulesengd: Do not ignore changes of short-lived processes

Wed, 12 Jun 2019 08:14:51 -0700 

On Tue, Jun 11, 2019 at 12:06 AM Michal Koutný <[email protected]> wrote:
>
> When a double-forking daemon spawns the shortlived forking process and
> we fail to classify it in time, the child does not inherit (the
> intended) cgroup membership.
>
> We could process all children after receiving PROC_EVENT_FORK to remedy
> this. But since we already have the timestamp logic introduced in
>
>     8953fc07c049 ("Changelog v2:  * Use clock_gettime(2) for getting
>     timestamp since a system boot.  * Change parent_info's memory to
>     dynamic allocation.")
>
> and it may be too much work for all fork(2) calls, we extend the usage
> of parent_info by assuming the parent would have changed its cgroup
> membership by our actions even if it terminated quickly.
>
> v2: Handle non-existent /proc/$PID/tasks as short-lived process too
>     Use cgroup_get_last_errno() helper
>
> Signed-off-by: Michal Koutný <[email protected]>

Applied, thanks!

Dhaval

> ---
>  src/daemon/cgrulesengd.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
> index 0d288f3ca916..0d90b8b114b8 100644
> --- a/src/daemon/cgrulesengd.c
> +++ b/src/daemon/cgrulesengd.c
> @@ -477,9 +477,13 @@ int cgre_process_event(const struct proc_event *ev, 
> const int type)
>         }
>         ret = cgroup_change_cgroup_flags(euid, egid, procname, pid,
>                                                  CGFLAG_USECACHE);
> -       if ((ret == ECGOTHER) && (errno == ESRCH)) {
> -               /* A process finished already and that is not a problem. */
> -               ret = 0;
> +       if (ret == ECGOTHER) {
> +               /* A process finished already but we may have missed changing 
> it,
> +                * make sure to apply to forked children. */
> +               if (cgroup_get_last_errno() == ESRCH || 
> cgroup_get_last_errno() == ENOENT)
> +                       ret = cgre_store_parent_info(pid);
> +               else
> +                       ret = 0;
>         } else if (ret) {
>                 flog(LOG_WARNING,
>                         "Cgroup change for PID: %d, UID: %d, GID: %d, 
> PROCNAME: %s FAILED! (Error Code: %d)\n",
> --
> 2.21.0
>


_______________________________________________
Libcg-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libcg-devel

Reply via email to