1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
//go:build linux
// +build linux
package libpod
import (
"fmt"
"strings"
"syscall"
"github.com/containers/common/pkg/cgroups"
"github.com/containers/podman/v4/libpod/define"
"github.com/containers/podman/v4/pkg/rootless"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
)
// systemdSliceFromPath makes a new systemd slice under the given parent with
// the given name.
// The parent must be a slice. The name must NOT include ".slice"
func systemdSliceFromPath(parent, name string) (string, error) {
cgroupPath, err := assembleSystemdCgroupName(parent, name)
if err != nil {
return "", err
}
logrus.Debugf("Created cgroup path %s for parent %s and name %s", cgroupPath, parent, name)
if err := makeSystemdCgroup(cgroupPath); err != nil {
return "", errors.Wrapf(err, "error creating cgroup %s", cgroupPath)
}
logrus.Debugf("Created cgroup %s", cgroupPath)
return cgroupPath, nil
}
func getDefaultSystemdCgroup() string {
if rootless.IsRootless() {
return SystemdDefaultRootlessCgroupParent
}
return SystemdDefaultCgroupParent
}
// makeSystemdCgroup creates a systemd Cgroup at the given location.
func makeSystemdCgroup(path string) error {
controller, err := cgroups.NewSystemd(getDefaultSystemdCgroup())
if err != nil {
return err
}
if rootless.IsRootless() {
return controller.CreateSystemdUserUnit(path, rootless.GetRootlessUID())
}
return controller.CreateSystemdUnit(path)
}
// deleteSystemdCgroup deletes the systemd cgroup at the given location
func deleteSystemdCgroup(path string) error {
controller, err := cgroups.NewSystemd(getDefaultSystemdCgroup())
if err != nil {
return err
}
if rootless.IsRootless() {
conn, err := cgroups.GetUserConnection(rootless.GetRootlessUID())
if err != nil {
return err
}
defer conn.Close()
return controller.DeleteByPathConn(path, conn)
}
return controller.DeleteByPath(path)
}
// assembleSystemdCgroupName creates a systemd cgroup path given a base and
// a new component to add.
// The base MUST be systemd slice (end in .slice)
func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) {
const sliceSuffix = ".slice"
if !strings.HasSuffix(baseSlice, sliceSuffix) {
return "", errors.Wrapf(define.ErrInvalidArg, "cannot assemble cgroup path with base %q - must end in .slice", baseSlice)
}
noSlice := strings.TrimSuffix(baseSlice, sliceSuffix)
final := fmt.Sprintf("%s/%s-%s%s", baseSlice, noSlice, newSlice, sliceSuffix)
return final, nil
}
var lvpRelabel = label.Relabel
var lvpInitLabels = label.InitLabels
var lvpReleaseLabel = label.ReleaseLabel
// LabelVolumePath takes a mount path for a volume and gives it an
// selinux label of either shared or not
func LabelVolumePath(path string) error {
_, mountLabel, err := lvpInitLabels([]string{})
if err != nil {
return errors.Wrapf(err, "error getting default mountlabels")
}
if err := lvpReleaseLabel(mountLabel); err != nil {
return errors.Wrapf(err, "error releasing label %q", mountLabel)
}
if err := lvpRelabel(path, mountLabel, true); err != nil {
if err == syscall.ENOTSUP {
logrus.Debugf("Labeling not supported on %q", path)
} else {
return errors.Wrapf(err, "error setting selinux label for %s to %q as shared", path, mountLabel)
}
}
return nil
}
// Unmount umounts a target directory
func Unmount(mount string) {
if err := unix.Unmount(mount, unix.MNT_DETACH); err != nil {
if err != syscall.EINVAL {
logrus.Warnf("Failed to unmount %s : %v", mount, err)
} else {
logrus.Debugf("failed to unmount %s : %v", mount, err)
}
}
}
|
