libcgroup-internal.h

/* SPDX-License-Identifier: LGPL-2.1-only */
#ifndef __LIBCG_INTERNAL
 
#define __LIBCG_INTERNAL
 
#ifdef __cplusplus
extern "C" {
#endif
 
#include "config.h"
 
#include <libcgroup.h>
 
#include <pthread.h>
#include <dirent.h>
#include <limits.h>
#include <mntent.h>
#include <setjmp.h>
#include <fts.h>
 
#include <sys/stat.h>
#include <sys/types.h>
 
#define MAX_MNT_ELEMENTS    17  /* Maximum number of mount points/controllers */
#define MAX_GROUP_ELEMENTS  128 /* Estimated number of groups created */
 
#define CG_CONTROL_VALUE_MAX    4096    /* Maximum length of a value */
 
#define CG_NV_MAX       100
#define CG_CONTROLLER_MAX   100
#define CG_OPTIONS_MAX      100
 
/*
 * Max number of mounted hierarchies. Event if one controller is mounted
 * per hierarchy, it can not exceed CG_CONTROLLER_MAX
 */
#define CG_HIER_MAX  CG_CONTROLLER_MAX
 
#define CONTROL_NAMELEN_MAX 32  /* Maximum length of a controller's name */
 
/* Definitions for the uid and gid members of a cgroup_rules */
#define CGRULE_INVALID  ((uid_t) -1)
#define CGRULE_WILD ((uid_t) -2)
 
#define CGRULE_SUCCESS_STORE_PID    "SUCCESS_STORE_PID"
/* Definitions for cgrules options field */
#define CGRULE_OPTION_IGNORE        "ignore"
#define CGRULE_OPTION_IGNORE_RT     "ignore_rt"
#define CGRULE_OPT_IGNORE       1
#define CGRULE_OPT_IGNORE_RT        2
 
#define CGCONFIG_CONF_FILE      "/etc/cgconfig.conf"
/* Minimum number of file in template file list for cgrulesengd */
#define CGCONFIG_CONF_FILES_LIST_MINIMUM_SIZE   4
#define CGCONFIG_CONF_DIR       "/etc/cgconfig.d"
 
#define CGRULES_CONF_FILE       "/etc/cgrules.conf"
#define CGRULES_CONF_DIR        "/etc/cgrules.d"
#define CGRULES_MAX_FIELDS_PER_LINE 3
 
#define CGRP_BUFFER_LEN (5 * FILENAME_MAX)
 
/* Maximum length of a key(<user>:<process name>) in the daemon config file */
#define CGRP_RULE_MAXKEY    (LOGIN_NAME_MAX + FILENAME_MAX + 1)
 
/* Maximum length of a line in the daemon config file */
#define CGRP_RULE_MAXLINE   (FILENAME_MAX + CGRP_RULE_MAXKEY + CG_CONTROLLER_MAX + \
                 CG_OPTIONS_MAX + 4)
 
#define CGRP_FILE_PREFIX    "cgroup"
 
/* cgroup v2 files */
#define CGV2_CONTROLLERS_FILE   "cgroup.controllers"
#define CGV2_SUBTREE_CTRL_FILE  "cgroup.subtree_control"
 
/* maximum line length when reading the cgroup.controllers file */
#define CGV2_CONTROLLERS_LL_MAX 100
 
#define cgroup_err(x...)    cgroup_log(CGROUP_LOG_ERROR, "Error: " x)
#define cgroup_warn(x...)   cgroup_log(CGROUP_LOG_WARNING, "Warning: " x)
#define cgroup_info(x...)   cgroup_log(CGROUP_LOG_INFO, "Info: " x)
#define cgroup_dbg(x...)    cgroup_log(CGROUP_LOG_DEBUG, x)
#define cgroup_cont(x...)   cgroup_log(CGROUP_LOG_CONT, x)
 
#define CGRP_DEFAULT_LOGLEVEL   CGROUP_LOG_ERROR
 
#define max(x, y) ((y) < (x)?(x):(y))
#define min(x, y) ((y) > (x)?(x):(y))
 
#define ARRAY_SIZE(x)   (sizeof(x) / sizeof((x)[0]))
 
struct control_value {
    char name[FILENAME_MAX];
    char value[CG_CONTROL_VALUE_MAX];
 
    /* cgget uses this field for values that span multiple lines */
    char *multiline_value;
 
    /*
     * The abstraction layer uses prev_name when there's an
     * N->1 or 1->N relationship between cgroup v1 and v2 settings.
     */
    char *prev_name;
 
    bool dirty;
};
 
struct cgroup_controller {
    char name[CONTROL_NAMELEN_MAX];
    struct control_value *values[CG_NV_MAX];
    struct cgroup *cgroup;
    int index;
    enum cg_version_t version;
};
 
struct cgroup {
    char name[FILENAME_MAX];
    struct cgroup_controller *controller[CG_CONTROLLER_MAX];
    int index;
    uid_t tasks_uid;
    gid_t tasks_gid;
    mode_t task_fperm;
    uid_t control_uid;
    gid_t control_gid;
    mode_t control_fperm;
    mode_t control_dperm;
};
 
struct cg_mount_point {
    char path[FILENAME_MAX];
    struct cg_mount_point *next;
};
 
struct cg_mount_table_s {
    char name[CONTROL_NAMELEN_MAX];
    struct cg_mount_point mount;
    int index;
    int shared_mnt;
    enum cg_version_t version;
};
 
struct cgroup_rules_data {
    pid_t pid; /* pid of the process which needs to change group */
 
    /* Details of user under consideration for destination cgroup */
    struct passwd *pw;
    /* gid of the process */
    gid_t gid;
};
 
/* A rule that maps UID/GID to a cgroup */
struct cgroup_rule {
    uid_t uid;
    gid_t gid;
    int is_ignore;
    char *procname;
    char username[LOGIN_NAME_MAX];
    char destination[FILENAME_MAX];
    char *controllers[MAX_MNT_ELEMENTS];
    struct cgroup_rule *next;
};
 
/* Container for a list of rules */
struct cgroup_rule_list {
    struct cgroup_rule *head;
    struct cgroup_rule *tail;
    int len;
};
 
/* The walk_tree handle */
struct cgroup_tree_handle {
    FTS *fts;
    int flags;
};
 
struct cgroup_dictionary_item {
    const char *name;
    const char *value;
    struct cgroup_dictionary_item *next;
};
 
/* Flags for cgroup_dictionary_create */
#define CG_DICT_DONT_FREE_ITEMS 1
 
struct cgroup_dictionary {
    struct cgroup_dictionary_item *head;
    struct cgroup_dictionary_item *tail;
    int flags;
};
 
struct cgroup_dictionary_iterator {
    struct cgroup_dictionary_item *item;
};
 
extern __thread int last_errno;
 
extern jmp_buf parser_error_env;
 
/* Internal API */
char *cg_build_path(const char *name, char *path, const char *type);
int cgroup_get_uid_gid_from_procfs(pid_t pid, uid_t *euid, gid_t *egid);
int cgroup_get_procname_from_procfs(pid_t pid, char **procname);
int cg_mkdir_p(const char *path);
struct cgroup *create_cgroup_from_name_value_pairs(const char *name,
                        struct control_value *name_value, int nv_number);
void init_cgroup_table(struct cgroup *cgrps, size_t count);
 
/*
 * Main mounting structures
 *
 * cg_mount_table_lock must be held to access:
 *  cg_mount_table
 *  cg_cgroup_v2_mount_path
 */
extern struct cg_mount_table_s cg_mount_table[CG_CONTROLLER_MAX];
extern char cg_cgroup_v2_mount_path[FILENAME_MAX];
extern pthread_rwlock_t cg_mount_table_lock;
 
/*
 * config related structures
 */
extern __thread char *cg_namespace_table[CG_CONTROLLER_MAX];
 
/*
 * Default systemd cgroup used by the cg_build_path_locked() and tools
 * setting the default cgroup path.
 */
extern char systemd_default_cgroup[FILENAME_MAX * 2 + 1];
 
/*
 * config related API
 */
int cgroup_config_insert_cgroup(char *cg_name);
int cgroup_config_parse_controller_options(char *controller, struct cgroup_dictionary *values);
int template_config_insert_cgroup(char *cg_name);
int template_config_parse_controller_options(char *controller, struct cgroup_dictionary *values);
int template_config_group_task_perm(char *perm_type, char *value);
int template_config_group_admin_perm(char *perm_type, char *value);
int cgroup_config_group_task_perm(char *perm_type, char *value);
int cgroup_config_group_admin_perm(char *perm_type, char *value);
int cgroup_config_insert_into_mount_table(char *name, char *mount_point);
int cgroup_config_insert_into_namespace_table(char *name, char *mount_point);
void cgroup_config_cleanup_mount_table(void);
void cgroup_config_cleanup_namespace_table(void);
int cgroup_config_define_default(void);
 
extern int cgroup_dictionary_create(struct cgroup_dictionary **dict, int flags);
 
extern int cgroup_dictionary_add(struct cgroup_dictionary *dict, const char *name,
                 const char *value);
extern int cgroup_dictionary_free(struct cgroup_dictionary *dict);
 
extern int cgroup_dictionary_iterator_begin(struct cgroup_dictionary *dict, void **handle,
                        const char **name, const char **value);
extern int cgroup_dictionary_iterator_next(void **handle, const char **name, const char **value);
 
extern void cgroup_dictionary_iterator_end(void **handle);
 
int cg_chmod_path(const char *path, mode_t mode, int owner_is_umask);
 
int cgroup_build_tasks_procs_path(char * const path, size_t path_sz, const char * const cg_name,
                  const char * const ctrl_name);
 
char *cg_build_path_locked(const char *setting, char *path, const char *controller);
 
int cgroup_fill_cgc(struct dirent *ctrl_dir, struct cgroup *cgrp, struct cgroup_controller *cgc,
            int cg_index);
 
int cgroup_test_subsys_mounted(const char *ctrl_name);
 
int cgroup_copy_controller_values(struct cgroup_controller * const dst,
                  const struct cgroup_controller * const src);
 
int cgroup_remove_value(struct cgroup_controller * const controller, const char * const name);
 
void cgroup_free_controller(struct cgroup_controller *ctrl);
 
#ifdef UNIT_TEST
 
#define TEST_PROC_PID_CGROUP_FILE "test-procpidcgroup"
 
int cgroup_parse_rules_options(char *options, struct cgroup_rule * const rule);
int cg_get_cgroups_from_proc_cgroups(pid_t pid, char *cgrp_list[], char *controller_list[],
                     int list_len);
bool cgroup_compare_ignore_rule(const struct cgroup_rule * const rule, pid_t pid,
                const char * const procname);
bool cgroup_compare_wildcard_procname(const char * const rule_procname,
                      const char * const procname);
int cgroup_process_v1_mnt(char *controllers[], struct mntent *ent, int *mnt_tbl_idx);
int cgroup_process_v2_mnt(struct mntent *ent, int *mnt_tbl_idx);
int cgroup_set_values_recursive(const char * const base,
                const struct cgroup_controller * const controller,
                bool ignore_non_dirty_failures);
int cgroup_chown_chmod_tasks(const char * const cg_path, uid_t uid, gid_t gid, mode_t fperm);
int cgroupv2_subtree_control(const char *path, const char *ctrl_name, bool enable);
int cgroupv2_get_subtree_control(const char *path,  const char *ctrl_name, bool * const enabled);
int cgroupv2_controller_enabled(const char * const cg_name, const char * const ctrl_name);
int get_next_rule_field(char *rule, char *field, size_t field_len, bool expect_quotes);
 
#endif /* UNIT_TEST */
 
#ifdef __cplusplus
} /* extern "C" */
#endif
 
#endif