Class: OsCtld::UserControl::Commands::CtWrapperStart

Inherits:
Base show all
Includes:
OsCtl::Lib::Utils::Log
Defined in:
lib/osctld/user_control/commands/ct_wrapper_start.rb

Instance Attribute Summary

Attributes inherited from Base

#user

Attributes inherited from Commands::Base

#client, #client_handler, #id, #opts

Instance Method Summary collapse

Methods inherited from Base

handle, #initialize, #owns_ct?, run

Methods inherited from Commands::Base

#base_execute, #call_cmd, #call_cmd!, #error, #error!, handle, #handled, #indirect?, #initialize, #manipulate, #manipulation_holder, #ok, #progress, #request_stop, run, run!

Constructor Details

This class inherits a constructor from OsCtld::UserControl::Commands::Base

Instance Method Details

#executeObject 



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/osctld/user_control/commands/ct_wrapper_start.rb', line 10

def execute
  ct = DB::Containers.find(opts[:id], opts[:pool])
  return error('container not found') unless ct
  return error('access denied') unless owns_ct?(ct)

  # Move the calling wrapper to user-owned cgroup, which will then be used
  # by LXC
  cgpath = ct.cgroup_path

  log(:debug, ct, "Reattaching wrapper, PID #{opts[:pid]} -> #{cgpath}")
  CGroup.mkpath_all(
    cgpath.split('/'),
    chown: ct.user.ugid,
    attach: true,
    leaf: false,
    pid: opts[:pid]
  )

  # Reset oom_score_adj of the calling process. The reset has to come from
  # a process with CAP_SYS_RESOURCE (which osctld is), so that
  # oom_score_adj_min is changed and container users cannot freely set
  # oom_score_adj to -1000.
  log(:debug, ct, "Set /proc/#{opts[:pid]}/oom_score_adj=0")
  File.write(File.join('/proc', opts[:pid].to_s, 'oom_score_adj'), '0')

  ok
end