[RHEL7,COMMIT] ve/cgroup: hide ve and ub cgroups in CT

Submitted by Konstantin Khorenko on Jan. 18, 2018, 2:03 p.m.

Details

Message ID 201801181403.w0IE3Suk027426@finist_ce7.work
State New
Series "ve/cgroup: hide ve and ub cgroups in CT"
Headers show

Commit Message

Konstantin Khorenko Jan. 18, 2018, 2:03 p.m.
The commit is pushed to "branch-rh7-3.10.0-693.11.6.vz7.42.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-693.11.6.vz7.42.1
------>
commit d1580bf6a02ab7d2bedf4b6ecd506a2c6a44d59e
Author: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Date:   Thu Jan 18 17:03:28 2018 +0300

    ve/cgroup: hide ve and ub cgroups in CT
    
    Reasons:
    1) We don't need to show these cgroups in CT, they are vz specific,
    and nobody should use them inside.
    2) Docker from v17.11 checks that all cgroups are mounted, but we
    don't mount beancounter and ve, thus docker fails.
    
    Still show ve and ub for pseudosuper, so that these change does not
    influence criu. I checked that with these patch c/r of container works
    fine and values in ve cgroup files persist.
    
    Docker ct starts fine after these change.
    
    https://jira.sw.ru/browse/PSBM-80421
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
    Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
---
 kernel/cgroup.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

Patch hide | download patch | download mbox

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 247646a6f662..11c547fed99f 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -5010,6 +5010,20 @@  static int __init cgroup_wq_init(void)
 }
 core_initcall(cgroup_wq_init);
 
+static int ve_hide_cgroups(struct cgroupfs_root *root)
+{
+	struct ve_struct *ve = get_exec_env();
+	unsigned long hidden_mask = (1UL << ve_subsys_id)
+				    | (1UL << ub_subsys_id);
+
+	/*
+	 * Hide ve and ub cgroups in CT for docker,
+	 * still showing them to pseudosuper (criu)
+	 */
+	return !ve_is_super(ve) && !ve->is_pseudosuper
+	       && (root->subsys_mask & hidden_mask);
+}
+
 /*
  * proc_cgroup_show()
  *  - Print task's cgroup paths into seq_file, one line for each hierarchy
@@ -5051,6 +5065,8 @@  int proc_cgroup_show(struct seq_file *m, void *v)
 		struct cgroup *cgrp;
 		int count = 0;
 
+		if (ve_hide_cgroups(root))
+			continue;
 		seq_printf(m, "%d:", root->hierarchy_id);
 		for_each_subsys(root, ss)
 			seq_printf(m, "%s%s", count++ ? "," : "", ss->name);
@@ -5095,6 +5111,9 @@  static int proc_cgroupstats_show(struct seq_file *m, void *v)
 
 		if (ss == NULL)
 			continue;
+		if (ve_hide_cgroups(ss->root))
+			continue;
+
 		num = _cg_virtualized(ss->root->number_of_cgroups);
 		seq_printf(m, "%s\t%d\t%d\t%d\n",
 			   ss->name, ss->root->hierarchy_id,