Merge "libprocessgroup: make sure SetupCgroups is called once and only by init" am: 7b2187c372
am: 7bb7f6ef28
Change-Id: Ibadde55dfd606723f03e9656ca176d540c566167
diff --git a/libprocessgroup/cgroup_map.cpp b/libprocessgroup/cgroup_map.cpp
index b3b497f..41a6e6e 100644
--- a/libprocessgroup/cgroup_map.cpp
+++ b/libprocessgroup/cgroup_map.cpp
@@ -229,9 +229,11 @@
static bool WriteRcFile(const std::map<std::string, CgroupDescriptor>& descriptors) {
std::string cgroup_rc_path = StringPrintf("%s/%s", CGROUPS_RC_DIR, CgroupMap::CGROUPS_RC_FILE);
- unique_fd fd(TEMP_FAILURE_RETRY(open(cgroup_rc_path.c_str(),
- O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC,
- S_IRUSR | S_IRGRP | S_IROTH)));
+ // Let init keep the FD open to prevent file mappings from becoming invalid
+ // in case the file gets deleted somehow
+ static unique_fd fd(TEMP_FAILURE_RETRY(open(cgroup_rc_path.c_str(),
+ O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC,
+ S_IRUSR | S_IRGRP | S_IROTH)));
if (fd < 0) {
PLOG(ERROR) << "open() failed for " << cgroup_rc_path;
return false;
@@ -412,6 +414,19 @@
bool CgroupMap::SetupCgroups() {
std::map<std::string, CgroupDescriptor> descriptors;
+ if (getpid() != 1) {
+ LOG(ERROR) << "Cgroup setup can be done only by init process";
+ return false;
+ }
+
+ // Make sure we do this only one time. No need for std::call_once because
+ // init is a single-threaded process
+ static bool setup_done = false;
+ if (setup_done) {
+ LOG(WARNING) << "Attempt to call SetupCgroups more than once";
+ return true;
+ }
+
// load cgroups.json file
if (!ReadDescriptors(&descriptors)) {
LOG(ERROR) << "Failed to load cgroup description file";
@@ -449,6 +464,7 @@
return false;
}
+ setup_done = true;
return true;
}