diff options
| author | Lennart Poettering <lennart@poettering.net> | 2023-04-21 18:22:35 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-04-27 12:18:32 +0200 |
| commit | a8b993dc11319292c54b301f3faffc4a05ab5ec1 (patch) | |
| tree | a5397671b291b436283716adee1ea3668c405714 /src/core/load-fragment.c | |
| parent | 1a56b0c05dc14fa91f0de24f230d9b9f35cc5b05 (diff) | |
| download | systemd-a8b993dc11319292c54b301f3faffc4a05ab5ec1.tar.gz | |
core: add DelegateSubgroup= setting
This implements a minimal subset of #24961, but in a lot more
restrictive way: we only allow one level of subcgroup (as that's enough
to address the no-processes in inner cgroups rule), and does not change
anything about threaded cgroup logic or similar, or make any of this new
behaviour mandatory.
All this does is this: all non-control processes we invoke for a unit
we'll invoke in a subgroup by the specified name.
We'll later port all our current services that use cgroup delegation
over to this, i.e. user@.service, systemd-nspawn@.service and
systemd-udevd.service.
Diffstat (limited to 'src/core/load-fragment.c')
| -rw-r--r-- | src/core/load-fragment.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 581a051d46..ebfe98d7cc 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -4029,6 +4029,42 @@ int config_parse_delegate( return 0; } +int config_parse_delegate_subgroup( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + CGroupContext *c = ASSERT_PTR(data); + UnitType t; + + t = unit_name_to_type(unit); + assert(t >= 0); + + if (!unit_vtable[t]->can_delegate) { + log_syntax(unit, LOG_WARNING, filename, line, 0, "DelegateSubgroup= setting not supported for this unit type, ignoring."); + return 0; + } + + if (isempty(rvalue)) { + c->delegate_subgroup = mfree(c->delegate_subgroup); + return 0; + } + + if (cg_needs_escape(rvalue)) { /* Insist that specified names don't need escaping */ + log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid control group name, ignoring: %s", rvalue); + return 0; + } + + return free_and_strdup_warn(&c->delegate_subgroup, rvalue); +} + int config_parse_managed_oom_mode( const char *unit, const char *filename, |