Skip to content

Commit

Permalink
pkg/cgroups: use DBUS session when rootless
Browse files Browse the repository at this point in the history
use the DBUS user session when running in rootless mode.

Closes: containers#3801

Signed-off-by: Giuseppe Scrivano <[email protected]>
  • Loading branch information
giuseppe committed Aug 14, 2019
1 parent a734b53 commit 9873901
Show file tree
Hide file tree
Showing 3 changed files with 85 additions and 22 deletions.
11 changes: 11 additions & 0 deletions libpod/util_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ func makeSystemdCgroup(path string) error {
return err
}

if rootless.IsRootless() {
return controller.CreateSystemdUserUnit(path, rootless.GetRootlessUID())
}
return controller.CreateSystemdUnit(path)
}

Expand All @@ -57,6 +60,14 @@ func deleteSystemdCgroup(path string) error {
if err != nil {
return err
}
if rootless.IsRootless() {
conn, err := cgroups.GetUserConnection(rootless.GetRootlessUID())
if err != nil {
return err
}
defer conn.Close()
return controller.DeleteByPathConn(path, conn)
}

return controller.DeleteByPath(path)
}
Expand Down
73 changes: 69 additions & 4 deletions pkg/cgroups/cgroups.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ import (
"strconv"
"strings"

systemdDbus "github.com/coreos/go-systemd/dbus"
"github.com/godbus/dbus"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
Expand Down Expand Up @@ -352,7 +354,56 @@ func (c *CgroupControl) CreateSystemdUnit(path string) error {
if !c.systemd {
return fmt.Errorf("the cgroup controller is not using systemd")
}
return systemdCreate(path)

conn, err := systemdDbus.New()
if err != nil {
return err
}
defer conn.Close()

return systemdCreate(path, conn)
}

// GetUserConnection returns an user connection to D-BUS
func GetUserConnection(uid int) (*systemdDbus.Conn, error) {
return systemdDbus.NewConnection(func() (*dbus.Conn, error) {
return dbusAuthConnection(uid, dbus.SessionBusPrivate)
})
}

// CreateSystemdUserUnit creates the systemd cgroup for the specified user
func (c *CgroupControl) CreateSystemdUserUnit(path string, uid int) error {
if !c.systemd {
return fmt.Errorf("the cgroup controller is not using systemd")
}

conn, err := GetUserConnection(uid)
if err != nil {
return err
}
defer conn.Close()

return systemdCreate(path, conn)
}

func dbusAuthConnection(uid int, createBus func(opts ...dbus.ConnOption) (*dbus.Conn, error)) (*dbus.Conn, error) {
conn, err := createBus()
if err != nil {
return nil, err
}

methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(uid))}

err = conn.Auth(methods)
if err != nil {
conn.Close()
return nil, err
}
if err := conn.Hello(); err != nil {
return nil, err
}

return conn, nil
}

// Delete cleans a cgroup
Expand Down Expand Up @@ -386,10 +437,11 @@ func rmDirRecursively(path string) error {
return nil
}

// DeleteByPath deletes the specified cgroup path
func (c *CgroupControl) DeleteByPath(path string) error {
// DeleteByPathConn deletes the specified cgroup path using the specified
// dbus connection if needed.
func (c *CgroupControl) DeleteByPathConn(path string, conn *systemdDbus.Conn) error {
if c.systemd {
return systemdDestroy(path)
return systemdDestroyConn(path, conn)
}
if c.cgroup2 {
return rmDirRecursively(filepath.Join(cgroupRoot, c.path))
Expand All @@ -413,6 +465,19 @@ func (c *CgroupControl) DeleteByPath(path string) error {
return lastError
}

// DeleteByPath deletes the specified cgroup path
func (c *CgroupControl) DeleteByPath(path string) error {
if c.systemd {
conn, err := systemdDbus.New()
if err != nil {
return err
}
defer conn.Close()
return c.DeleteByPathConn(path, conn)
}
return c.DeleteByPathConn(path, nil)
}

// Update updates the cgroups
func (c *CgroupControl) Update(resources *spec.LinuxResources) error {
for _, h := range handlers {
Expand Down
23 changes: 5 additions & 18 deletions pkg/cgroups/systemd.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,7 @@ import (
"github.com/godbus/dbus"
)

func systemdCreate(path string) error {
c, err := systemdDbus.New()
if err != nil {
return err
}
defer c.Close()

func systemdCreate(path string, c *systemdDbus.Conn) error {
slice, name := filepath.Split(path)
slice = strings.TrimSuffix(slice, "/")

Expand Down Expand Up @@ -43,7 +37,7 @@ func systemdCreate(path string) error {
}

ch := make(chan string)
_, err = c.StartTransientUnit(name, "replace", properties, ch)
_, err := c.StartTransientUnit(name, "replace", properties, ch)
if err != nil {
lastError = err
continue
Expand All @@ -55,7 +49,7 @@ func systemdCreate(path string) error {
}

/*
systemdDestroy is copied from containerd/cgroups/systemd.go file, that
systemdDestroyConn is copied from containerd/cgroups/systemd.go file, that
has the following license:
Copyright The containerd Authors.
Expand All @@ -72,18 +66,11 @@ func systemdCreate(path string) error {
See the License for the specific language governing permissions and
limitations under the License.
*/

func systemdDestroy(path string) error {
c, err := systemdDbus.New()
if err != nil {
return err
}
defer c.Close()

func systemdDestroyConn(path string, c *systemdDbus.Conn) error {
name := filepath.Base(path)

ch := make(chan string)
_, err = c.StopUnit(name, "replace", ch)
_, err := c.StopUnit(name, "replace", ch)
if err != nil {
return err
}
Expand Down

0 comments on commit 9873901

Please sign in to comment.