Skip to content

libct/cg/sd/v1: fix freezeBeforeSet #3148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kolyshkin wants to merge 2 commits into from
Closed

libct/cg/sd/v1: fix freezeBeforeSet #3148

kolyshkin wants to merge 2 commits into from

Conversation

@kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Aug 11, 2021
edited
Loading

this is an alternative to #3143; the biggest difference is the test case.

Commit f2db879 (PR #3082) did not do the right job getting unit
properties, and the deviceAllow property comparison was not working
either. Fix both issues.

The test case added by #3082 was not adequate either -- it only checked
that the freeze is performed if necessary, but did not check that the freeze
is avoided if possible.

Add a test case specific to freezeBeforeSet.

Fixes: f2db879
Co-authored-by: Odin Ugedal odin@uged.al
Signed-off-by: Kir Kolyshkin kolyshkin@gmail.com

@kolyshkin kolyshkin force-pushed the fix-freeze-before-set branch from 5837118 to 9e2a01a Compare August 11, 2021 21:47
@kolyshkin
Copy link
Contributor Author

kolyshkin commented Aug 11, 2021

Ah, pushed the old version. Updated now.

@kolyshkin kolyshkin force-pushed the fix-freeze-before-set branch from 9e2a01a to b7df794 Compare August 11, 2021 21:51
@kolyshkin kolyshkin mentioned this pull request Aug 11, 2021
Closed
@kolyshkin kolyshkin force-pushed the fix-freeze-before-set branch from b7df794 to f9a6457 Compare August 11, 2021 22:05
dims
dims reviewed Aug 11, 2021
View reviewed changes
libcontainer/cgroups/systemd/v1.go
return
unitType := getUnitType(unitName)
devPolicy, e := getUnitTypeProperty(m.dbus, unitName, unitType, "DevicePolicy")
if e == nil && devPolicy.Value.String() == `"auto"` {
Copy link
Contributor

@dims dims Aug 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

interesting ... comparing with "auto" instead of auto

Copy link
Contributor Author

@kolyshkin kolyshkin Aug 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is because (dbus.Variant).String uses strconv.Quote to format strings.

I am not quite sure whether the old or the new way to compare is better... Old one is working fine (for devPolicy, that is), so maybe leave it as is.

kolyshkin and others added 2 commits August 11, 2021 16:08
@kolyshkin @odinuge
libct/cg/sd/v1: fix freezeBeforeSet
f0e71a2 
Commit f2db879 was not working as expected:

1. It did not do the right job getting unit properties;
2. The check that deviceAllow is empty was not working.

Fix both issues.

Fixes: f2db879
Co-authored-by: Odin Ugedal <odin@uged.al>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin
libct/cg/sd/v1: add freezeBeforeSet unit test
a133fbb 
Add a test for freezeBeforeSet, checking various scenarios including
those that were failing before the fix in the previous commit.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin force-pushed the fix-freeze-before-set branch from f9a6457 to a133fbb Compare August 11, 2021 23:08
mrunalp
mrunalp reviewed Aug 11, 2021
View reviewed changes
libcontainer/cgroups/systemd/v1_test.go
t.Error(err)
}
}
// Destroy() do not kill processes in cgroup, so we should.
Copy link
Contributor

@mrunalp mrunalp Aug 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: does not..

mrunalp
mrunalp reviewed Aug 11, 2021
View reviewed changes
Copy link
Contributor

@mrunalp mrunalp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we move the check of the current freezer state before we do the SkipDevices check since we do that check always anyways and sometimes we could exit early avoiding the calls in SkipDevices?

@mrunalp
Copy link
Contributor

mrunalp commented Aug 11, 2021

Left a couple of comments, otherwise looks fine.

@kolyshkin
Copy link
Contributor Author

kolyshkin commented Aug 12, 2021

Should we move the check of the current freezer state before we do the SkipDevices check since we do that check always anyways

Nope, we don't do the freezer state check in case SkipDevices is set and the device rules are "allow all".

and sometimes we could exit early avoiding the calls in SkipDevices?

I was thinking about that while working on #3082 but decided against it, since a frozen cgroup is a rare case.

Wait a minute, I got a better idea!

@kolyshkin kolyshkin mentioned this pull request Aug 12, 2021
Closed
@kolyshkin
Copy link
Contributor Author

kolyshkin commented Aug 12, 2021

Wait a minute, I got a better idea!

PTAL #3151 (faster/simpler check, even more test cases)

@kolyshkin kolyshkin closed this Aug 12, 2021
This was referenced Aug 17, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp mrunalp left review comments

+1 more reviewer

@dims dims dims left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kolyshkin @mrunalp @dims