Class: OsCtld::Devices::V1::ContainerConfigurator

Inherits:

GroupConfigurator

• Object
• Configurator
• GroupConfigurator
• OsCtld::Devices::V1::ContainerConfigurator

Defined in:

lib/osctld/devices/v1/container_configurator.rb

Instance Attribute Summary

Attributes inherited from Configurator

#owner

Instance Method Summary

• #abs_all_cgroup_paths ⇒ Array protected
• #abs_ct_cgroup_paths ⇒ Array protected

  Returns a list of all absolute cgroup paths that need to be configured for this container, from the top down.

• #abs_ct_chowned_cgroup_paths ⇒ Array protected

  Returns a list of the container's absolute cgroup paths that are to be chowned to the user.

• #abs_group_cgroup_paths ⇒ Array protected

  Returns a list of absolute paths of the container's group cgroups.

• #add_device(device) ⇒ Object
• #apply_changes(changes) ⇒ Object
• #create(devices) ⇒ Object protected
• #init(devices) ⇒ Object
• #prepare_cgroup(cgpath, create) ⇒ Boolean protected

  `true` if the cgroup exists or was created.

• #reconfigure(devices) ⇒ Object
• #rel_ct_cgroup_paths ⇒ Array protected

  Returns a list of all relative cgroup paths that need to be configured for this container, from the top down.

• #rel_group_cgroup_paths ⇒ Array protected

  Returns a list of relative paths of the container's group cgroups.

• #remove_device(device) ⇒ Object
• #to_abs_paths(rel_paths) ⇒ Object protected

Methods inherited from GroupConfigurator

#clear, #do_allow_device, #do_apply_changes, #do_configure, #do_deny_all, #do_deny_device

Methods inherited from Configurator

#dup, #initialize

Constructor Details

This class inherits a constructor from OsCtld::Devices::Configurator

Instance Method Details

#abs_all_cgroup_paths ⇒ Array (protected)

Returns:

• (Array)

# File 'lib/osctld/devices/v1/container_configurator.rb', line 137

def abs_all_cgroup_paths
  abs_group_cgroup_paths + abs_ct_cgroup_paths
end

#abs_ct_cgroup_paths ⇒ Array (protected)

Returns a list of all absolute cgroup paths that need to be configured for this container, from the top down.

Returns:

• (Array)

# File 'lib/osctld/devices/v1/container_configurator.rb', line 118

def abs_ct_cgroup_paths
  to_abs_paths(rel_ct_cgroup_paths)
end

#abs_ct_chowned_cgroup_paths ⇒ Array (protected)

Returns a list of the container's absolute cgroup paths that are to be chowned to the user.

Returns:

• (Array)

# File 'lib/osctld/devices/v1/container_configurator.rb', line 125

def abs_ct_chowned_cgroup_paths
  to_abs_paths([
    # <group>/<user>/<ct>/user-owned
    [ct.cgroup_path, true],

    # <group>/<user>/<ct>/user-owned/lxc.payload.<ct>
    [File.join(ct.cgroup_path, "lxc.payload.#{ct.id}"), false,
     ct.user.ugid, ct.gid_map.ns_to_host(0)],
  ])
end

#abs_group_cgroup_paths ⇒ Array (protected)

Returns a list of absolute paths of the container's group cgroups

Returns:

• (Array)

# File 'lib/osctld/devices/v1/container_configurator.rb', line 111

def abs_group_cgroup_paths
  to_abs_paths(rel_group_cgroup_paths)
end

#add_device(device) ⇒ Object

# File 'lib/osctld/devices/v1/container_configurator.rb', line 19

def add_device(device)
  abs_all_cgroup_paths.each do |cgpath, req|
    next unless prepare_cgroup(cgpath, req)
    do_allow_device(device, cgpath)
  end
end

#apply_changes(changes) ⇒ Object

# File 'lib/osctld/devices/v1/container_configurator.rb', line 33

def apply_changes(changes)
  abs_all_cgroup_paths.each do |cgpath, req|
    next unless prepare_cgroup(cgpath, req)
    do_apply_changes(changes, cgpath)
  end
end

#create(devices) ⇒ Object (protected)

# File 'lib/osctld/devices/v1/container_configurator.rb', line 43

def create(devices)
  rel_group_cgroup_paths.zip(abs_group_cgroup_paths).each do |rel, abs|
    next if !rel[1] || !abs[1]

    rel_path = rel[0]
    abs_path = abs[0]

    if CGroup.mkpath('devices', rel_path.split('/'))
      do_deny_all(abs_path)
      do_configure(ct.group.devices, abs_path)
    end
  end

  rel_ct_cgroup_paths.zip(abs_ct_cgroup_paths).each do |rel, abs|
    next if !rel[1] || !abs[1]

    rel_path = rel[0]
    abs_path = abs[0]

    if CGroup.mkpath('devices', rel_path.split('/'))
      do_deny_all(abs_path)
      do_configure(devices, abs_path)
    end
  end

  abs_ct_chowned_cgroup_paths.each do |abs, req, uid, gid|
    next unless prepare_cgroup(abs, req)
    File.chown(uid || ct.user.ugid, gid || ct.user.ugid, abs)
  end
end

#init(devices) ⇒ Object

# File 'lib/osctld/devices/v1/container_configurator.rb', line 5

def init(devices)
  log(:info, owner, "Configuring cgroup #{owner.cgroup_path} for devices")
  create(devices)
end

#prepare_cgroup(cgpath, create) ⇒ Boolean (protected)

Returns `true` if the cgroup exists or was created.

Parameters:

• cgpath (String) —

  absolute cgroup path

• create (Boolean) —

  create the cgroup or not

Returns:

• (Boolean) —

  `true` if the cgroup exists or was created

# File 'lib/osctld/devices/v1/container_configurator.rb', line 150

def prepare_cgroup(cgpath, create)
  exists = Dir.exist?(cgpath)

  if exists
    true

  elsif create
    begin
      Dir.mkdir(cgpath)

    rescue Errno::EEXIST
      true
    end

    # uid/gid is inherited from the parent cgroup
    st = File.stat(File.dirname(cgpath))
    File.chown(st.uid, st.gid, cgpath)

  else
    false
  end
end

#reconfigure(devices) ⇒ Object

# File 'lib/osctld/devices/v1/container_configurator.rb', line 10

def reconfigure(devices)
  clear

  abs_all_cgroup_paths.each do |cgpath, req|
    next unless prepare_cgroup(cgpath, req)
    devices.each { |dev| do_allow_device(dev, cgpath) }
  end
end

#rel_ct_cgroup_paths ⇒ Array (protected)

Returns a list of all relative cgroup paths that need to be configured for this container, from the top down.

The returned array contains pairs: `[String, Boolean]`. The `String` is the path itself, while the `Boolean` determines whether this path should be created. Paths that do not need to be created are configured only if they already exist. This is used only for the `./lxc.payload.<ct>` cgroup, which LXC wants to create by itself.

Returns:

• (Array)

# File 'lib/osctld/devices/v1/container_configurator.rb', line 96

def rel_ct_cgroup_paths
  [
    # <group>/<user>/<ct>
    [ct.base_cgroup_path, true],

    # <group>/<user>/<ct>/user-owned
    [ct.cgroup_path, true],

    # <group>/<user>/<ct>/user-owned/lxc.payload.<ct>
    [File.join(ct.cgroup_path, "lxc.payload.#{ct.id}"), false],
  ]
end

#rel_group_cgroup_paths ⇒ Array (protected)

Returns a list of relative paths of the container's group cgroups.

These cgroups share the settings of the container's group.

Returns:

• (Array)

# File 'lib/osctld/devices/v1/container_configurator.rb', line 79

def rel_group_cgroup_paths
  [
    # <group>/<user>
    [ct.group.full_cgroup_path(ct.user), true],
  ]
end

#remove_device(device) ⇒ Object

# File 'lib/osctld/devices/v1/container_configurator.rb', line 26

def remove_device(device)
  abs_all_cgroup_paths.reverse_each do |cgpath, req|
    next unless prepare_cgroup(cgpath, req)
    do_deny_device(device, cgpath)
  end
end

#to_abs_paths(rel_paths) ⇒ Object (protected)

# File 'lib/osctld/devices/v1/container_configurator.rb', line 141

def to_abs_paths(rel_paths)
  rel_paths.map do |path, req, *args|
    [File.join(CGroup::FS, CGroup.real_subsystem('devices'), path), req, *args]
  end
end