#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/syscall.h>
+#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
return true;
}
+ struct timeval tv;
+ if (gettimeofday(&tv, NULL) == -1) {
+ PLOG_E("gettimeofday() failed");
+ return false;
+ }
+
+ char mem_cgroup_path[PATH_MAX];
+ snprintf(mem_cgroup_path, sizeof(mem_cgroup_path), "%s/%s/NSJAIL.%lx.%lx",
+ nsjconf->cgroup_mem_mount, nsjconf->cgroup_mem_parent, (unsigned long)tv.tv_sec,
+ (unsigned long)tv.tv_usec);
+ if (mkdir(mem_cgroup_path, 0700) == -1) {
+ PLOG_E("mkdir('%s', 0711) failed", mem_cgroup_path);
+ return false;
+ }
+
char fname[PATH_MAX];
if (nsjconf->cgroup_mem_max != (size_t) 0) {
char mem_max_str[512];
snprintf(mem_max_str, sizeof(mem_max_str), "%zu", nsjconf->cgroup_mem_max);
- snprintf(fname, sizeof(fname), "%s/%s/memory.limit_in_bytes",
- nsjconf->cgroup_mem_mount, nsjconf->cgroup_mem_group);
- LOG_D("Setting %s/%s/memory.limit_in_bytes to '%s'", nsjconf->cgroup_mem_mount,
- nsjconf->cgroup_mem_group, mem_max_str);
+ snprintf(fname, sizeof(fname), "%s/memory.limit_in_bytes", mem_cgroup_path);
+ LOG_D("Setting %s/memory.limit_in_bytes to '%s'", mem_cgroup_path, mem_max_str);
if (utilWriteBufToFile(fname, mem_max_str, strlen(mem_max_str), O_WRONLY) == false) {
LOG_E("Could not update memory cgroup max limit");
return false;
char pid_str[512];
snprintf(pid_str, sizeof(pid_str), "%ld", syscall(__NR_getpid));
- snprintf(fname, sizeof(fname), "%s/%s/tasks", nsjconf->cgroup_mem_mount,
- nsjconf->cgroup_mem_group);
- LOG_D("Adding PID='%s' to %s/%s/tasks", pid_str, nsjconf->cgroup_mem_mount,
- nsjconf->cgroup_mem_group);
+ snprintf(fname, sizeof(fname), "%s/tasks", mem_cgroup_path);
+ LOG_D("Adding PID='%s' to %s/tasks", pid_str, mem_cgroup_path);
if (utilWriteBufToFile(fname, pid_str, strlen(pid_str), O_WRONLY) == false) {
LOG_E("Could not update memory cgroup task list");
return false;
.tmpfs_size = 4 * (1024 * 1024),
.mount_proc = true,
.cgroup_mem_mount = "/cgroup_memory",
- .cgroup_mem_group = "NSJAIL",
+ .cgroup_mem_parent = "NSJAIL",
.cgroup_mem_max = (size_t)0,
.iface_no_lo = false,
.iface = NULL,
{{"tmpfs_size", required_argument, NULL, 0x0602}, "Number of bytes to allocate for tmpfsmounts (default: 4194304)"},
{{"disable_proc", no_argument, NULL, 0x0603}, "Disable mounting /proc in the jail"},
{{"cgroup_mem_mount", required_argument, NULL, 0x0801}, "Where to mount memory cgroup FS (default: '/cgroup_memory'"},
- {{"cgroup_mem_group", required_argument, NULL, 0x0802}, "Which memory cgroup to use (default: 'NSJAIL')"},
+ {{"cgroup_mem_parent", required_argument, NULL, 0x0802}, "Which memory cgroup to use as parent (default: 'NSJAIL')"},
{{"cgroup_mem_max", required_argument, NULL, 0x0803}, "Maximum number of bytes to use in the group"},
{{"iface_no_lo", no_argument, NULL, 0x700}, "Don't bring up the 'lo' interface"},
{{"iface", required_argument, NULL, 'I'}, "Interface which will be cloned (MACVLAN) and put inside the subprocess' namespace as 'vs'"},
nsjconf->cgroup_mem_mount = optarg;
break;
case 0x802:
- nsjconf->cgroup_mem_group = optarg;
+ nsjconf->cgroup_mem_parent = optarg;
break;
case 0x803:
nsjconf->cgroup_mem_max = (size_t) strtoull(optarg, NULL, 0);
projects / platform / upstream / nsjail.git / commitdiff