From 23b3d0e2a69287673431925987497ac64964595b Mon Sep 17 00:00:00 2001 From: Kunhoon Baik Date: Mon, 6 Sep 2021 16:41:04 +0900 Subject: [PATCH] Add cgroup_remount program for target using old-resourced Old Tizen resourced used "resourced" cgroup folder for controlling memory instead of "memory" To apply nsjail(+malort) for such target, memory folder should be created. For the compatibility, cgroup_mount is provided. cf) provide mount prgoram because some targets cannot use mount program freely. --- Makefile | 6 +++- cgroup_remount.cc | 76 +++++++++++++++++++++++++++++++++++++++++++ packaging/nsjail.sh | 6 ++++ packaging/nsjail.spec | 2 ++ 4 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 cgroup_remount.cc diff --git a/Makefile b/Makefile index 7722452..cb22a93 100644 --- a/Makefile +++ b/Makefile @@ -59,7 +59,11 @@ endif .cc.o: %.cc $(CXX) $(CXXFLAGS) $< -o $@ -all: $(BIN) +all: $(BIN) cgroup_remount + +cgroup_remount : + $(CXX) $(CXXFLAGS) cgroup_remount.cc -o cgroup_remount.o + $(CXX) -o cgroup_remount cgroup_remount.o $(LDFLAGS) $(BIN): $(LIBS) $(OBJS) ifneq ($(NL3_EXISTS), yes) diff --git a/cgroup_remount.cc b/cgroup_remount.cc new file mode 100644 index 0000000..6534fac --- /dev/null +++ b/cgroup_remount.cc @@ -0,0 +1,76 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +#define DEFAULT_CGROUP "/sys/fs/cgroup" +#define MAX_PATH_LENGTH 512 + +static bool cgroup_is_exists(const char *cgroup_full_path) +{ + struct stat stat_buf; + return stat(cgroup_full_path, &stat_buf) == 0; +} + +int cgroup_make_subdir(const char* parentdir, const char* new_name, const char* target_name) +{ + char buf[MAX_PATH_LENGTH]; + char new_buf[MAX_PATH_LENGTH]; + bool cgroup_exists; + bool cgroup_remount = false; + int ret = 0; + + if (!parentdir || !new_name || !target_name) + return -1; + + snprintf(buf, sizeof(buf), "%s/%s", parentdir, target_name); + snprintf(new_buf, sizeof(new_buf), "%s/%s", parentdir, new_name); + + cgroup_exists = cgroup_is_exists(new_buf); + if (!cgroup_exists) { + if (!strncmp(parentdir, DEFAULT_CGROUP, sizeof(DEFAULT_CGROUP))) { + ret = mount("tmpfs", DEFAULT_CGROUP, "tmpfs", + MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, "mode=755"); + if (ret < 0){ + printf("rw remount failed\n"); + return -1; + } + cgroup_remount = true; + } + + ret = symlink(buf, new_buf); + if(ret < 0){ + printf("symlink failed\n"); + return -1; + } + + if (cgroup_remount) { + ret = mount("tmpfs", DEFAULT_CGROUP, "tmpfs", + MS_REMOUNT|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME|MS_RDONLY, "mode=755"); + if (ret < 0){ + printf("ro remount failed\n"); + return -1; + } + } + } + else + printf("the cgroup is already existed\n"); + + return 0; +} + +int main() +{ + int ret; + ret = cgroup_make_subdir(DEFAULT_CGROUP, "memory", "resourced"); + if (ret < 0) + printf("creation failed\n"); + else + printf("creation success or already created\n"); + return ret; +} + diff --git a/packaging/nsjail.sh b/packaging/nsjail.sh index 89d6068..a74456e 100644 --- a/packaging/nsjail.sh +++ b/packaging/nsjail.sh @@ -5,6 +5,12 @@ OWNER_ID=`id -u owner` if [ x$1 == "xstart" ] then + while [ ! -d "/sys/fs/cgroup/memory" ] + do + /usr/bin/cgroup_remount + sleep 1; + done + mkdir /sys/fs/cgroup/memory/malort chown -R owner:users /sys/fs/cgroup/memory/malort diff --git a/packaging/nsjail.spec b/packaging/nsjail.spec index 1957a34..e9e7c81 100644 --- a/packaging/nsjail.spec +++ b/packaging/nsjail.spec @@ -60,6 +60,7 @@ mkdir -p %{buildroot}/usr/share/ mkdir -p %{buildroot}/%{_unitdir} install -m 0755 nsjail %{buildroot}/%{_bindir}/ +install -m 0755 cgroup_remount %{buildroot}/%{_bindir}/ install -m 0755 nsjail.sh %{buildroot}/%{_bindir}/ install -m 0644 nsjail.service %{buildroot}/%{_unitdir}/ %install_service multi-user.target.wants nsjail.service @@ -71,6 +72,7 @@ cp -a test/*.cfg %{buildroot}/usr/share/ %manifest %{name}.manifest %license LICENSE %{_bindir}/nsjail* +%{_bindir}/cgroup_remount* %{_unitdir}/nsjail.service %{_unitdir}/multi-user.target.wants/nsjail.service -- 2.34.1