From 7320093bf8a33ed14296320f856c960af7b80881 Mon Sep 17 00:00:00 2001 From: William Hubbs Date: Fri, 16 Dec 2011 08:25:40 -0600 Subject: [PATCH] cgroups: create one cgroup per subsystem The recommendation from the linux kernel documentation is to create one group per subsystem you want to control; this changes openrc to do this. --- init.d/sysfs.in | 40 +++++++++++++++++++++++++++++----------- 1 files changed, 29 insertions(+), 11 deletions(-) diff --git a/init.d/sysfs.in b/init.d/sysfs.in index d57c388..fd0e8a4 100644 --- a/init.d/sysfs.in +++ b/init.d/sysfs.in @@ -66,23 +66,36 @@ mount_misc() if grep -qs cgroup /proc/filesystems && \ ! mountinfo -q /sys/fs/cgroup; then ebegin "Mounting cgroup filesystem" - mount -n -t tmpfs -o nodev,noexec,nosuid \ + mount -n -t tmpfs -o nodev,noexec,nosuid,mode=755 \ cgroup /sys/fs/cgroup eend $? fi - if ! mountinfo -q /sys/fs/cgroup/openrc; then - ebegin "creating openrc control group" - mkdir /sys/fs/cgroup/openrc - mount -n -t cgroup -o nodev,noexec,nosuid \ - openrc /sys/fs/cgroup/openrc - echo 1 > /sys/fs/cgroup/openrc/notify_on_release - echo @LIBEXECDIR@/sh/cgroup-release-agent.sh \ - > /sys/fs/cgroup/openrc/release_agent - eend - fi fi } +mount_cgroups() +{ + local agent="@LIBEXECDIR@/sh/cgroup-release-agent.sh" + + if [ ! -e /proc/cgroups ]; then + return 0 + fi + + while read name hier groups enabled rest; do + case "${enabled}" in + 1) mkdir /sys/fs/cgroup/${name} + mount -t cgroup -o nodev,noexec,nosuid,${name} \ + cgroup /sys/fs/cgroup/${name} + ;; + esac + done < /proc/cgroups + + # Here is where we mount the openrc cgroup with no subsystems + # attached. + # I'm not sure of the proper mount command to use however. + # This is also the only cgroup that will use the release agent. +} + start() { local retval @@ -90,6 +103,11 @@ start() retval=$? if [ $retval -eq 0 ]; then mount_misc + retval=$? + fi + if [ $retval -eq 0 ]; then + mount_cgroups + retval=$? fi return $retval } -- 1.7.3.4