[lxc-devel] [lxd/master] Fix LXD on CGroupV2-only systems

Mon Sep 24 21:41:53 UTC 2018

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180924/c921eb7e/attachment.bin>
-------------- next part --------------
From 00e6bfb1c8bbb2b68cc562cd25da1844ea69c536 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 24 Sep 2018 13:34:14 -0400
Subject: [PATCH 1/2] Makefile: Set LDFLAGS for dqlite
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 415f52a566..cec6a61421 100644
--- a/Makefile
+++ b/Makefile
@@ -52,7 +52,7 @@ deps:
 	cd "$(GOPATH)/deps/dqlite" && \
 		autoreconf -i && \
 		PKG_CONFIG_PATH="$(GOPATH)/deps/sqlite/" ./configure && \
-		make CFLAGS="-I$(GOPATH)/deps/sqlite/"
+		make CFLAGS="-I$(GOPATH)/deps/sqlite/" LDFLAGS="-L$(GOPATH)/deps/sqlite/.libs/"
 
 	# environment
 	@echo ""

From 445d57ac50efa9a51cb60526de29cc048217cf9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 24 Sep 2018 14:43:04 -0400
Subject: [PATCH 2/2] lxd: Fix handling of CGroup-V2 systems
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #4557

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/container_lxc.go   | 34 +++++++++++++++++++++++-----------
 lxd/container_state.go |  8 ++++++++
 lxd/sys/cgroup.go      |  2 ++
 lxd/sys/os.go          |  1 +
 4 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 90f6c124aa..73f9f7764d 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -2741,7 +2741,7 @@ func (c *containerLXC) Stop(stateful bool) error {
 	if c.state.OS.CGroupPidsController {
 		// Attempt to disable forking new processes
 		c.CGroupSet("pids.max", "0")
-	} else {
+	} else if c.state.OS.CGroupFreezerController {
 		// Attempt to freeze the container
 		freezer := make(chan bool, 1)
 		go func() {
@@ -2937,16 +2937,22 @@ func (c *containerLXC) Freeze() error {
 		"ephemeral": c.ephemeral,
 		"used":      c.lastUsedDate}
 
-	// Check that we're not already frozen
-	if c.IsFrozen() {
-		return fmt.Errorf("The container is already frozen")
-	}
-
 	// Check that we're running
 	if !c.IsRunning() {
 		return fmt.Errorf("The container isn't running")
 	}
 
+	// Check if the CGroup is available
+	if !c.state.OS.CGroupFreezerController {
+		logger.Info("Unable to freeze container (lack of kernel support)", ctxMap)
+		return nil
+	}
+
+	// Check that we're not already frozen
+	if c.IsFrozen() {
+		return fmt.Errorf("The container is already frozen")
+	}
+
 	logger.Info("Freezing container", ctxMap)
 
 	// Load the go-lxc struct
@@ -2977,16 +2983,22 @@ func (c *containerLXC) Unfreeze() error {
 		"ephemeral": c.ephemeral,
 		"used":      c.lastUsedDate}
 
-	// Check that we're frozen
-	if !c.IsFrozen() {
-		return fmt.Errorf("The container is already running")
-	}
-
 	// Check that we're running
 	if !c.IsRunning() {
 		return fmt.Errorf("The container isn't running")
 	}
 
+	// Check if the CGroup is available
+	if !c.state.OS.CGroupFreezerController {
+		logger.Info("Unable to unfreeze container (lack of kernel support)", ctxMap)
+		return nil
+	}
+
+	// Check that we're frozen
+	if !c.IsFrozen() {
+		return fmt.Errorf("The container is already running")
+	}
+
 	logger.Info("Unfreezing container", ctxMap)
 
 	// Load the go-lxc struct
diff --git a/lxd/container_state.go b/lxd/container_state.go
index 50dfd5a19d..884b03c3fb 100644
--- a/lxd/container_state.go
+++ b/lxd/container_state.go
@@ -172,12 +172,20 @@ func containerStatePut(d *Daemon, r *http.Request) Response {
 			return nil
 		}
 	case shared.Freeze:
+		if !d.os.CGroupDevicesController {
+			return BadRequest(fmt.Errorf("This system doesn't support freezing containers"))
+		}
+
 		opType = db.OperationContainerFreeze
 		do = func(op *operation) error {
 			c.SetOperation(op)
 			return c.Freeze()
 		}
 	case shared.Unfreeze:
+		if !d.os.CGroupDevicesController {
+			return BadRequest(fmt.Errorf("This system doesn't support unfreezing containers"))
+		}
+
 		opType = db.OperationContainerUnfreeze
 		do = func(op *operation) error {
 			c.SetOperation(op)
diff --git a/lxd/sys/cgroup.go b/lxd/sys/cgroup.go
index 52cb2f9775..d1dbd8243d 100644
--- a/lxd/sys/cgroup.go
+++ b/lxd/sys/cgroup.go
@@ -15,6 +15,7 @@ func (s *OS) initCGroup() {
 		&s.CGroupCPUacctController,
 		&s.CGroupCPUsetController,
 		&s.CGroupDevicesController,
+		&s.CGroupFreezerController,
 		&s.CGroupMemoryController,
 		&s.CGroupNetPrioController,
 		&s.CGroupPidsController,
@@ -45,6 +46,7 @@ var cGroups = []struct {
 	{"cpuacct", cGroupMissing("CPUacct controller", "CPU accounting will not be available")},
 	{"cpuset", cGroupMissing("CPUset controller", "CPU pinning will be ignored")},
 	{"devices", cGroupMissing("devices controller", "device access control won't work")},
+	{"freezer", cGroupMissing("freezer controller", "pausing/resuming containers won't work")},
 	{"memory", cGroupMissing("memory controller", "memory limits will be ignored")},
 	{"net_prio", cGroupMissing("network class controller", "network limits will be ignored")},
 	{"pids", cGroupMissing("pids controller", "process limits will be ignored")},
diff --git a/lxd/sys/os.go b/lxd/sys/os.go
index 98f9b2f88f..9e93da327a 100644
--- a/lxd/sys/os.go
+++ b/lxd/sys/os.go
@@ -52,6 +52,7 @@ type OS struct {
 	CGroupCPUacctController bool
 	CGroupCPUsetController  bool
 	CGroupDevicesController bool
+	CGroupFreezerController bool
 	CGroupMemoryController  bool
 	CGroupNetPrioController bool
 	CGroupPidsController    bool
