[lxc-devel] [lxc/master] cgroup: pre-mount systemd controller

[brauner on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 598 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190207/8c7be284/attachment.bin>
-------------- next part --------------
From f782f8ab364345ace8f15700d561aeeb085c1c2b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Fri, 8 Feb 2019 00:06:07 +0100
Subject: [PATCH] cgroup: pre-mount systemd controller

We often run into problems where the systemd controller is missing and
systemd is not booting correctly. This can e.g. be the case on Android
workloads. Let's try and pre-create it.

Cc: Ondrej Kubik <ondrej.kubik at canonical.com>
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/cgroups/cgfsng.c | 54 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 9d886ac17..ea85cfd7a 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -2795,12 +2795,66 @@ static int cg_unified_init(struct cgroup_ops *ops, bool relative,
 	return CGROUP2_SUPER_MAGIC;
 }
 
+static bool lxc_premount_necessary_controllers(struct lxc_conf *conf)
+{
+	int ret;
+
+	if (geteuid() != 0)
+		return true;
+
+	if (!has_fs_type("/sys/fs/cgroup", CGROUP2_SUPER_MAGIC) &&
+	    !has_fs_type("/sys/fs/cgroup", TMPFS_MAGIC)) {
+		ret = unshare(CLONE_NEWNS);
+		if (ret < 0) {
+			SYSERROR("Failed to unshare CLONE_NEWNS");
+			return false;
+		}
+		TRACE("Unshared CLONE_NEWNS");
+
+		(void)mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL);
+
+		ret = mkdir("/sys/fs/cgroup", 0755);
+		if (ret && errno != EEXIST) {
+			SYSERROR("Failed to create \"/sys/fs/cgroup\" mountpoint");
+			return false;
+		}
+
+		ret = mount("tmpfs", "/sys/fs/cgroup", "tmpfs",
+				MS_NOSUID | MS_NODEV | MS_NOEXEC, "mode=755");
+		if (ret) {
+			SYSERROR("Failed to mount tmpfs at \"/sys/fs/cgroup\"");
+			return false;
+		}
+
+		if (has_fs_type("/sys/fs/cgroup/systemd", CGROUP_SUPER_MAGIC))
+			return true;
+
+		ret = mkdir("/sys/fs/cgroup/systemd", 0755);
+		if (ret && errno != EEXIST) {
+			SYSERROR("Failed to create \"/sys/fs/cgroup/systemd\" mountpoint");
+			return false;
+		}
+		ret = mount("cgroup", "/sys/fs/cgroup/systemd", "cgroup",
+			    MS_NOSUID | MS_NODEV | MS_NOEXEC,
+			    "none,name=systemd,xattr");
+		if (ret) {
+			SYSERROR("Failed to mount name=systemd controller at \"/sys/fs/cgroup/systemd\"");
+			return false;
+		}
+	}
+
+	return true;
+}
+
 static bool cg_init(struct cgroup_ops *ops, struct lxc_conf *conf)
 {
 	int ret;
 	const char *tmp;
 	bool relative = conf->cgroup_meta.relative;
 
+	if (!lxc_premount_necessary_controllers(conf))
+		return false;
+
 	tmp = lxc_global_config_value("lxc.cgroup.use");
 	if (tmp) {
 		char *chop, *cur, *pin;