Add cgroup_remount program for target using old-resourced

Old Tizen resourced used "resourced" cgroup folder for controlling memory instead of "memory"
To apply nsjail(+malort) for such target, memory folder should be created.

For the compatibility, cgroup_mount is provided.

cf) provide mount prgoram because some targets cannot use mount program freely.

diff --git a/Makefile b/Makefile
index 7722452da4c80fe0c6ed3276502b8f2a7ab5c08f..cb22a93261d3f42727c80077f05a959b2bed8622 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -59,7 +59,11 @@ endif
 .cc.o: %.cc
        $(CXX) $(CXXFLAGS) $< -o $@
 
-all: $(BIN)
+all: $(BIN) cgroup_remount
+
+cgroup_remount :
+       $(CXX) $(CXXFLAGS) cgroup_remount.cc -o cgroup_remount.o
+       $(CXX) -o cgroup_remount cgroup_remount.o $(LDFLAGS)
 
 $(BIN): $(LIBS) $(OBJS)
 ifneq ($(NL3_EXISTS), yes)

diff --git a/cgroup_remount.cc b/cgroup_remount.cc
new file mode 100644 (file)
index 0000000..6534fac
--- /dev/null
+++ b/cgroup_remount.cc
@@ -0,0 +1,76 @@
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/mount.h>
+
+#define DEFAULT_CGROUP "/sys/fs/cgroup"
+#define MAX_PATH_LENGTH        512
+
+static bool cgroup_is_exists(const char *cgroup_full_path)
+{
+       struct stat stat_buf;
+       return stat(cgroup_full_path, &stat_buf) == 0;
+}
+
+int cgroup_make_subdir(const char* parentdir, const char* new_name, const char* target_name)
+{
+       char buf[MAX_PATH_LENGTH];
+       char new_buf[MAX_PATH_LENGTH];
+       bool cgroup_exists;
+       bool cgroup_remount = false;
+       int ret = 0;
+
+       if (!parentdir || !new_name || !target_name) 
+               return -1;
+
+       snprintf(buf, sizeof(buf), "%s/%s", parentdir, target_name);
+       snprintf(new_buf, sizeof(new_buf), "%s/%s", parentdir, new_name);
+
+       cgroup_exists = cgroup_is_exists(new_buf);
+       if (!cgroup_exists) {
+               if (!strncmp(parentdir, DEFAULT_CGROUP, sizeof(DEFAULT_CGROUP))) {
+                       ret = mount("tmpfs", DEFAULT_CGROUP, "tmpfs",
+                                       MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, "mode=755");
+                       if (ret < 0){ 
+                               printf("rw remount failed\n");
+                               return -1;
+                       }
+                       cgroup_remount = true;
+               }
+
+               ret = symlink(buf, new_buf);
+               if(ret < 0){
+                       printf("symlink failed\n");
+                       return -1;
+               }
+
+               if (cgroup_remount) {
+                       ret = mount("tmpfs", DEFAULT_CGROUP, "tmpfs",
+                                       MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755");
+                       if (ret < 0){
+                               printf("ro remount failed\n");
+                               return -1;
+                       }
+               }
+       }
+       else
+               printf("the cgroup is already existed\n");
+
+       return 0;
+}
+
+int main()
+{
+       int ret;
+       ret = cgroup_make_subdir(DEFAULT_CGROUP, "memory", "resourced");
+       if (ret < 0)
+               printf("creation failed\n");
+       else
+               printf("creation success or already created\n");
+       return ret;
+}
+

diff --git a/packaging/nsjail.sh b/packaging/nsjail.sh
index 89d6068d5355c880a5926a769eedf9869ffa9f6c..a74456e29d79547267d62bacf2bf5c2336640ad2 100644 (file)
--- a/packaging/nsjail.sh
+++ b/packaging/nsjail.sh
@@ -5,6 +5,12 @@ OWNER_ID=`id -u owner`
 
 if [ x$1 == "xstart" ]
 then
+       while [ ! -d "/sys/fs/cgroup/memory" ]
+       do
+               /usr/bin/cgroup_remount
+               sleep 1;
+       done
+
        mkdir /sys/fs/cgroup/memory/malort
        chown -R owner:users /sys/fs/cgroup/memory/malort
 

diff --git a/packaging/nsjail.spec b/packaging/nsjail.spec
index 1957a341897b003802ac06bed7624c661f8cff8d..e9e7c81301ba7a62063204d0b656a43dfce70499 100644 (file)
--- a/packaging/nsjail.spec
+++ b/packaging/nsjail.spec
@@ -60,6 +60,7 @@ mkdir -p %{buildroot}/usr/share/
 mkdir -p %{buildroot}/%{_unitdir}
 
 install -m 0755 nsjail %{buildroot}/%{_bindir}/
+install -m 0755 cgroup_remount %{buildroot}/%{_bindir}/
 install -m 0755 nsjail.sh %{buildroot}/%{_bindir}/
 install -m 0644 nsjail.service %{buildroot}/%{_unitdir}/
 %install_service multi-user.target.wants nsjail.service
@@ -71,6 +72,7 @@ cp -a test/*.cfg %{buildroot}/usr/share/
 %manifest %{name}.manifest
 %license LICENSE
 %{_bindir}/nsjail*
+%{_bindir}/cgroup_remount*
 %{_unitdir}/nsjail.service
 %{_unitdir}/multi-user.target.wants/nsjail.service