Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
dc0dc67
linux: fix NULL pointer dereference
giuseppe May 11, 2026
ef23680
linux: open procfd early and store in private_data
giuseppe May 5, 2026
ef06684
linux: use fsetxattr with procfd in do_mount
giuseppe May 5, 2026
022c7c5
linux: use fchmodat/fchownat with procfd in libcrun_create_dev
giuseppe May 5, 2026
42b16e0
linux: use procfd to read /proc/self/cgroup in do_mount_cgroup_v1
giuseppe May 5, 2026
73d7319
linux: use procfd to stat source_mountfd in process_single_mount
giuseppe May 5, 2026
89a7fbb
linux: use procfd in do_masked_or_readonly_path
giuseppe May 5, 2026
30d88cd
linux: use procfd in do_masked_or_readonly_path keep_flags fallback
giuseppe May 13, 2026
aea44d3
linux: use procfd in get_shared_empty_dir_cached and mount_masked_dir
giuseppe May 5, 2026
cf41f37
linux: use procfd to read unified cgroup path
giuseppe May 5, 2026
e506719
linux: try mount_setattr in do_remount
giuseppe May 5, 2026
53adb9a
linux: try mount_setattr in make_parent_mount_private
giuseppe May 12, 2026
a98380b
linux: use fstat to detect root in make_parent_mount_private
giuseppe May 12, 2026
9259e89
linux: use new mount API in do_mount when available
giuseppe May 5, 2026
5672105
linux: pre-open needed devices in parent for userns containers
giuseppe May 6, 2026
f67b00c
linux: use fchmodat/fchownat in libcrun_create_dev
giuseppe May 6, 2026
0450679
linux: change signature for open_mount_of_type
giuseppe May 8, 2026
c50e946
tests: check directory type instead of nlink for masked paths
giuseppe May 13, 2026
2da2413
tests: add procless container tests
giuseppe May 25, 2026
5506b6e
linux: move pivot_root before container mounts
giuseppe May 11, 2026
25790ca
linux: add OPEN_TREE_NAMESPACE support
giuseppe May 7, 2026
8a5e0e9
linux: fallback to receiver-side device creation when fsopen fails
giuseppe Jun 7, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 50 additions & 24 deletions src/libcrun/cgroup-utils.c
Original file line number Diff line number Diff line change
Expand Up @@ -210,35 +210,13 @@ libcrun_get_cgroup_mode (libcrun_error_t *err)
return cgroup_mode;
}

int
libcrun_get_cgroup_process (pid_t pid, char **path, bool absolute, libcrun_error_t *err)
static int
get_cgroup_process_from_content (char *content, int cgroup_mode, char **path, bool absolute, libcrun_error_t *err)
{
cleanup_free char *content = NULL;
char proc_cgroup_file[64];
char *cg_path = NULL;
size_t content_size;
char *controller;
char *saveptr;
int cgroup_mode;
bool has_data;
int ret;

cgroup_mode = libcrun_get_cgroup_mode (err);
if (UNLIKELY (cgroup_mode < 0))
return cgroup_mode;

if (pid == 0)
strcpy (proc_cgroup_file, PROC_SELF_CGROUP);
else
{
int len = snprintf (proc_cgroup_file, sizeof (proc_cgroup_file), "/proc/%d/cgroup", pid);
if (UNLIKELY (len >= (int) sizeof (proc_cgroup_file)))
return crun_make_error (err, 0, "internal error: static buffer too small");
}

ret = read_all_file (proc_cgroup_file, &content, &content_size, err);
if (UNLIKELY (ret < 0))
return ret;

for (has_data = read_proc_cgroup (content, &saveptr, NULL, &controller, &cg_path);
has_data;
Expand Down Expand Up @@ -266,6 +244,54 @@ libcrun_get_cgroup_process (pid_t pid, char **path, bool absolute, libcrun_error
return 0;
}

int
libcrun_get_cgroup_process_at (int dirfd, char **path, bool absolute, libcrun_error_t *err)
{
cleanup_free char *content = NULL;
size_t content_size;
int cgroup_mode;
int ret;

cgroup_mode = libcrun_get_cgroup_mode (err);
if (UNLIKELY (cgroup_mode < 0))
return cgroup_mode;

ret = read_all_file_at (dirfd, SELF_CGROUP, &content, &content_size, err);
if (UNLIKELY (ret < 0))
return ret;

return get_cgroup_process_from_content (content, cgroup_mode, path, absolute, err);
}

int
libcrun_get_cgroup_process (pid_t pid, char **path, bool absolute, libcrun_error_t *err)
{
cleanup_free char *content = NULL;
char proc_cgroup_file[64];
size_t content_size;
int cgroup_mode;
int ret;

cgroup_mode = libcrun_get_cgroup_mode (err);
if (UNLIKELY (cgroup_mode < 0))
return cgroup_mode;

if (pid == 0)
strcpy (proc_cgroup_file, PROC_SELF_CGROUP);
else
{
int len = snprintf (proc_cgroup_file, sizeof (proc_cgroup_file), "/proc/%d/cgroup", pid);
if (UNLIKELY (len >= (int) sizeof (proc_cgroup_file)))
return crun_make_error (err, 0, "internal error: static buffer too small");
}

ret = read_all_file (proc_cgroup_file, &content, &content_size, err);
if (UNLIKELY (ret < 0))
return ret;

return get_cgroup_process_from_content (content, cgroup_mode, path, absolute, err);
}

static int
read_pids_cgroup (int dfd, bool recurse, pid_t **pids, size_t *n_pids, size_t *allocated, libcrun_error_t *err)
{
Expand Down
2 changes: 2 additions & 0 deletions src/libcrun/cgroup-utils.h
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ int libcrun_cgroups_create_symlinks (int dirfd, libcrun_error_t *err);

int libcrun_get_cgroup_process (pid_t pid, char **path, bool absolute, libcrun_error_t *err);

int libcrun_get_cgroup_process_at (int dirfd, char **path, bool absolute, libcrun_error_t *err);

int libcrun_get_cgroup_mode (libcrun_error_t *err);

int libcrun_get_cgroup_dirfd (struct libcrun_cgroup_status *status, const char *sub_cgroup, libcrun_error_t *err);
Expand Down
6 changes: 5 additions & 1 deletion src/libcrun/cgroup.h
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,12 @@
# define CGROUP_ROOT "/sys/fs/cgroup"
#endif

#ifndef SELF_CGROUP
# define SELF_CGROUP "self/cgroup"
#endif

#ifndef PROC_SELF_CGROUP
# define PROC_SELF_CGROUP "/proc/self/cgroup"
# define PROC_SELF_CGROUP "/proc/" SELF_CGROUP
#endif

enum
Expand Down
21 changes: 9 additions & 12 deletions src/libcrun/container.c
Original file line number Diff line number Diff line change
Expand Up @@ -1339,11 +1339,6 @@ container_init_setup (void *args, pid_t own_pid, char *notify_socket,
if (UNLIKELY (ret < 0))
return ret;

/* sync 2 and 3 are sent as part of libcrun_set_mounts. */
ret = libcrun_set_mounts (entrypoint_args, container, rootfs, send_sync_cb, &sync_socket, err);
if (UNLIKELY (ret < 0))
return ret;

if (def->hooks && def->hooks->create_container_len)
{
libcrun_error_t tmp_err = NULL;
Expand All @@ -1357,6 +1352,15 @@ container_init_setup (void *args, pid_t own_pid, char *notify_socket,
return ret;
}

ret = libcrun_do_pivot_root (container, entrypoint_args->context->no_pivot, &rootfs, err);
if (UNLIKELY (ret < 0))
return ret;

/* sync 2 and 3 are sent as part of libcrun_set_mounts. */
ret = libcrun_set_mounts (entrypoint_args, container, rootfs, send_sync_cb, &sync_socket, err);
if (UNLIKELY (ret < 0))
return ret;

ret = libcrun_finalize_mounts (entrypoint_args, container, rootfs, err);
if (UNLIKELY (ret < 0))
return ret;
Expand All @@ -1376,13 +1380,6 @@ container_init_setup (void *args, pid_t own_pid, char *notify_socket,
if (UNLIKELY (ret < 0))
crun_error_write_warning_and_release (entrypoint_args->context->output_handler_arg, &err);

if (rootfs)
{
ret = libcrun_do_pivot_root (container, entrypoint_args->context->no_pivot, rootfs, err);
if (UNLIKELY (ret < 0))
return ret;
}

ret = libcrun_reopen_dev_null (err);
if (UNLIKELY (ret < 0))
return ret;
Expand Down
Loading
Loading