Class: OsCtld::Devices::V1::ContainerConfigurator
- Inherits:
-
GroupConfigurator
- Object
- Configurator
- GroupConfigurator
- OsCtld::Devices::V1::ContainerConfigurator
- Defined in:
- lib/osctld/devices/v1/container_configurator.rb
Instance Attribute Summary
Attributes inherited from Configurator
Instance Method Summary collapse
- #abs_all_cgroup_paths ⇒ Array protected
-
#abs_ct_cgroup_paths ⇒ Array
protected
Returns a list of all absolute cgroup paths that need to be configured for this container, from the top down.
-
#abs_ct_chowned_cgroup_paths ⇒ Array
protected
Returns a list of the container's absolute cgroup paths that are to be chowned to the user.
-
#abs_group_cgroup_paths ⇒ Array
protected
Returns a list of absolute paths of the container's group cgroups.
- #add_device(device) ⇒ Object
- #apply_changes(changes) ⇒ Object
- #create(devices) ⇒ Object protected
- #init(devices) ⇒ Object
-
#prepare_cgroup(cgpath, create) ⇒ Boolean
protected
`true` if the cgroup exists or was created.
- #reconfigure(devices) ⇒ Object
-
#rel_ct_cgroup_paths ⇒ Array
protected
Returns a list of all relative cgroup paths that need to be configured for this container, from the top down.
-
#rel_group_cgroup_paths ⇒ Array
protected
Returns a list of relative paths of the container's group cgroups.
- #remove_device(device) ⇒ Object
- #to_abs_paths(rel_paths) ⇒ Object protected
Methods inherited from GroupConfigurator
#clear, #do_allow_device, #do_apply_changes, #do_configure, #do_deny_all, #do_deny_device
Methods inherited from Configurator
Constructor Details
This class inherits a constructor from OsCtld::Devices::Configurator
Instance Method Details
#abs_all_cgroup_paths ⇒ Array (protected)
137 138 139 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 137 def abs_all_cgroup_paths abs_group_cgroup_paths + abs_ct_cgroup_paths end |
#abs_ct_cgroup_paths ⇒ Array (protected)
Returns a list of all absolute cgroup paths that need to be configured for this container, from the top down.
118 119 120 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 118 def abs_ct_cgroup_paths to_abs_paths(rel_ct_cgroup_paths) end |
#abs_ct_chowned_cgroup_paths ⇒ Array (protected)
Returns a list of the container's absolute cgroup paths that are to be chowned to the user.
125 126 127 128 129 130 131 132 133 134 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 125 def abs_ct_chowned_cgroup_paths to_abs_paths([ # <group>/<user>/<ct>/user-owned [ct.cgroup_path, true], # <group>/<user>/<ct>/user-owned/lxc.payload.<ct> [File.join(ct.cgroup_path, "lxc.payload.#{ct.id}"), false, ct.user.ugid, ct.gid_map.ns_to_host(0)], ]) end |
#abs_group_cgroup_paths ⇒ Array (protected)
Returns a list of absolute paths of the container's group cgroups
111 112 113 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 111 def abs_group_cgroup_paths to_abs_paths(rel_group_cgroup_paths) end |
#add_device(device) ⇒ Object
19 20 21 22 23 24 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 19 def add_device(device) abs_all_cgroup_paths.each do |cgpath, req| next unless prepare_cgroup(cgpath, req) do_allow_device(device, cgpath) end end |
#apply_changes(changes) ⇒ Object
33 34 35 36 37 38 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 33 def apply_changes(changes) abs_all_cgroup_paths.each do |cgpath, req| next unless prepare_cgroup(cgpath, req) do_apply_changes(changes, cgpath) end end |
#create(devices) ⇒ Object (protected)
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 43 def create(devices) rel_group_cgroup_paths.zip(abs_group_cgroup_paths).each do |rel, abs| next if !rel[1] || !abs[1] rel_path = rel[0] abs_path = abs[0] if CGroup.mkpath('devices', rel_path.split('/')) do_deny_all(abs_path) do_configure(ct.group.devices, abs_path) end end rel_ct_cgroup_paths.zip(abs_ct_cgroup_paths).each do |rel, abs| next if !rel[1] || !abs[1] rel_path = rel[0] abs_path = abs[0] if CGroup.mkpath('devices', rel_path.split('/')) do_deny_all(abs_path) do_configure(devices, abs_path) end end abs_ct_chowned_cgroup_paths.each do |abs, req, uid, gid| next unless prepare_cgroup(abs, req) File.chown(uid || ct.user.ugid, gid || ct.user.ugid, abs) end end |
#init(devices) ⇒ Object
5 6 7 8 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 5 def init(devices) log(:info, owner, "Configuring cgroup #{owner.cgroup_path} for devices") create(devices) end |
#prepare_cgroup(cgpath, create) ⇒ Boolean (protected)
Returns `true` if the cgroup exists or was created.
150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 150 def prepare_cgroup(cgpath, create) exists = Dir.exist?(cgpath) if exists true elsif create begin Dir.mkdir(cgpath) rescue Errno::EEXIST true end # uid/gid is inherited from the parent cgroup st = File.stat(File.dirname(cgpath)) File.chown(st.uid, st.gid, cgpath) else false end end |
#reconfigure(devices) ⇒ Object
10 11 12 13 14 15 16 17 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 10 def reconfigure(devices) clear abs_all_cgroup_paths.each do |cgpath, req| next unless prepare_cgroup(cgpath, req) devices.each { |dev| do_allow_device(dev, cgpath) } end end |
#rel_ct_cgroup_paths ⇒ Array (protected)
Returns a list of all relative cgroup paths that need to be configured for this container, from the top down.
The returned array contains pairs: `[String, Boolean]`. The `String` is the path itself, while the `Boolean` determines whether this path should be created. Paths that do not need to be created are configured only if they already exist. This is used only for the `./lxc.payload.<ct>` cgroup, which LXC wants to create by itself.
96 97 98 99 100 101 102 103 104 105 106 107 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 96 def rel_ct_cgroup_paths [ # <group>/<user>/<ct> [ct.base_cgroup_path, true], # <group>/<user>/<ct>/user-owned [ct.cgroup_path, true], # <group>/<user>/<ct>/user-owned/lxc.payload.<ct> [File.join(ct.cgroup_path, "lxc.payload.#{ct.id}"), false], ] end |
#rel_group_cgroup_paths ⇒ Array (protected)
Returns a list of relative paths of the container's group cgroups.
These cgroups share the settings of the container's group.
79 80 81 82 83 84 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 79 def rel_group_cgroup_paths [ # <group>/<user> [ct.group.full_cgroup_path(ct.user), true], ] end |
#remove_device(device) ⇒ Object
26 27 28 29 30 31 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 26 def remove_device(device) abs_all_cgroup_paths.reverse_each do |cgpath, req| next unless prepare_cgroup(cgpath, req) do_deny_device(device, cgpath) end end |
#to_abs_paths(rel_paths) ⇒ Object (protected)
141 142 143 144 145 |
# File 'lib/osctld/devices/v1/container_configurator.rb', line 141 def to_abs_paths(rel_paths) rel_paths.map do |path, req, *args| [File.join(CGroup::FS, CGroup.real_subsystem('devices'), path), req, *args] end end |