Notifying on empty cgroup

Notifying on empty cgroup

[Victor Porton]

I want to write software which needs to receive a signal when the cgroup 
created by it becomes empty. (After this the empty cgroup should be deleted 
just not to clutter the memory.)

If the kernel does not support such notifications, it should be improved. 
This functionality is crucial for some kinds of software.

There is /sys/fs/cgroup/systemd/release_agent but I don't understand how to 
use it. I don't understand why we would need it at all.

Starting a binary on emptying a cgroup with the purpose to notify an other 
binary looks like a big overkill. Also my program should work in userspace 
without the need to use release_agent which can be accessed only by root.

Note that my work is related with sandboxing software (running a program in 
closed environment, so that it would be unable for example to remove user's 
files).

See also
http://portonsoft.wordpress.com/2014/01/11/toward-robust-linux-sandbox/

-- 
Victor Porton - http://portonvictor.org

Re: Notifying on empty cgroup

[Michal Hocko]

[CCing cgroups mailing list]
On Wed 15-01-14 06:12:45, Victor Porton wrote:
> I want to write software which needs to receive a signal when the cgroup 
> created by it becomes empty. (After this the empty cgroup should be deleted 
> just not to clutter the memory.)
> 
> If the kernel does not support such notifications, it should be improved. 
> This functionality is crucial for some kinds of software.
> 
> There is /sys/fs/cgroup/systemd/release_agent but I don't understand how to 
> use it. I don't understand why we would need it at all.

"1.4 What does notify_on_release do ?" in
Documentation/cgroups/cgroups.txt the kernel source doesn't help?

> Starting a binary on emptying a cgroup with the purpose to notify an other 
> binary looks like a big overkill.

the binary can do rmdir which is what you want, no?

> Also my program should work in userspace without the need to use
> release_agent which can be accessed only by root.

The release_agent is global for all groups so the program doesn't have
to care.

> Note that my work is related with sandboxing software (running a program in 
> closed environment, so that it would be unable for example to remove user's 
> files).
> 
> See also
> http://portonsoft.wordpress.com/2014/01/11/toward-robust-linux-sandbox/
> 
> -- 
> Victor Porton - http://portonvictor.org
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

-- 
Michal Hocko
SUSE Labs

Re: Notifying on empty cgroup

[Michal Hocko]

[CCing cgroups mailing list]
On Wed 15-01-14 06:12:45, Victor Porton wrote:
> I want to write software which needs to receive a signal when the cgroup 
> created by it becomes empty. (After this the empty cgroup should be deleted 
> just not to clutter the memory.)
> 
> If the kernel does not support such notifications, it should be improved. 
> This functionality is crucial for some kinds of software.
> 
> There is /sys/fs/cgroup/systemd/release_agent but I don't understand how to 
> use it. I don't understand why we would need it at all.

"1.4 What does notify_on_release do ?" in
Documentation/cgroups/cgroups.txt the kernel source doesn't help?

> Starting a binary on emptying a cgroup with the purpose to notify an other 
> binary looks like a big overkill.

the binary can do rmdir which is what you want, no?

> Also my program should work in userspace without the need to use
> release_agent which can be accessed only by root.

The release_agent is global for all groups so the program doesn't have
to care.

> Note that my work is related with sandboxing software (running a program in 
> closed environment, so that it would be unable for example to remove user's 
> files).
> 
> See also
> http://portonsoft.wordpress.com/2014/01/11/toward-robust-linux-sandbox/
> 
> -- 
> Victor Porton - http://portonvictor.org
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

-- 
Michal Hocko
SUSE Labs

Re: Notifying on empty cgroup

[Victor Porton]

15.01.2014, 15:59, "Michal Hocko" <mhocko@suse.cz>:
> [CCing cgroups mailing list]
> On Wed 15-01-14 06:12:45, Victor Porton wrote:
>
>>  I want to write software which needs to receive a signal when the cgroup
>>  created by it becomes empty. (After this the empty cgroup should be deleted
>>  just not to clutter the memory.)
>>
>>  If the kernel does not support such notifications, it should be improved.
>>  This functionality is crucial for some kinds of software.
>>
>>  There is /sys/fs/cgroup/systemd/release_agent but I don't understand how to
>>  use it. I don't understand why we would need it at all.
>
> "1.4 What does notify_on_release do ?" in
> Documentation/cgroups/cgroups.txt the kernel source doesn't help?

I've read it. I understand what it does. I don't understand how to use it in practice nor why it is done this way.

>>  Starting a binary on emptying a cgroup with the purpose to notify an other
>>  binary looks like a big overkill.
>
> the binary can do rmdir which is what you want, no?

I suppose a base package should do that, not my specific software. Do I understand right?

>>  Also my program should work in userspace without the need to use
>>  release_agent which can be accessed only by root.
>
> The release_agent is global for all groups so the program doesn't have
> to care.

Again: What MY program should do?

>>  Note that my work is related with sandboxing software (running a program in
>>  closed environment, so that it would be unable for example to remove user's
>>  files).
>>
>>  See also
>>  http://portonsoft.wordpress.com/2014/01/11/toward-robust-linux-sandbox/
>>
>>  --
>>  Victor Porton - http://portonvictor.org
>>  --
>>  To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>>  the body of a message to majordomo@vger.kernel.org
>>  More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>  Please read the FAQ at  http://www.tux.org/lkml/
>
> --
> Michal Hocko
> SUSE Labs

-- 
Victor Porton - http://portonvictor.org

Re: Notifying on empty cgroup

[Victor Porton]

15.01.2014, 15:59, "Michal Hocko" <mhocko@suse.cz>:
> [CCing cgroups mailing list]
> On Wed 15-01-14 06:12:45, Victor Porton wrote:
>
>> šI want to write software which needs to receive a signal when the cgroup
>> šcreated by it becomes empty. (After this the empty cgroup should be deleted
>> šjust not to clutter the memory.)
>>
>> šIf the kernel does not support such notifications, it should be improved.
>> šThis functionality is crucial for some kinds of software.
>>
>> šThere is /sys/fs/cgroup/systemd/release_agent but I don't understand how to
>> šuse it. I don't understand why we would need it at all.
>
> "1.4 What does notify_on_release do ?" in
> Documentation/cgroups/cgroups.txt the kernel source doesn't help?

I've read it. I understand what it does. I don't understand how to use it in practice nor why it is done this way.

>> šStarting a binary on emptying a cgroup with the purpose to notify an other
>> šbinary looks like a big overkill.
>
> the binary can do rmdir which is what you want, no?

I suppose a base package should do that, not my specific software. Do I understand right?

>> šAlso my program should work in userspace without the need to use
>> šrelease_agent which can be accessed only by root.
>
> The release_agent is global for all groups so the program doesn't have
> to care.

Again: What MY program should do?

>> šNote that my work is related with sandboxing software (running a program in
>> šclosed environment, so that it would be unable for example to remove user's
>> šfiles).
>>
>> šSee also
>> šhttp://portonsoft.wordpress.com/2014/01/11/toward-robust-linux-sandbox/
>>
>> š--
>> šVictor Porton - http://portonvictor.org
>> š--
>> šTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>> šthe body of a message to majordomo@vger.kernel.org
>> šMore majordomo info at šhttp://vger.kernel.org/majordomo-info.html
>> šPlease read the FAQ at šhttp://www.tux.org/lkml/
>
> --
> Michal Hocko
> SUSE Labs

-- 
Victor Porton - http://portonvictor.org

Re: Notifying on empty cgroup

[Michal Hocko]

On Wed 15-01-14 16:11:40, Victor Porton wrote:
> 15.01.2014, 15:59, "Michal Hocko" <mhocko@suse.cz>:
> > [CCing cgroups mailing list]
> > On Wed 15-01-14 06:12:45, Victor Porton wrote:
> >
> >>  I want to write software which needs to receive a signal when the cgroup
> >>  created by it becomes empty. (After this the empty cgroup should be deleted
> >>  just not to clutter the memory.)
> >>
> >>  If the kernel does not support such notifications, it should be improved.
> >>  This functionality is crucial for some kinds of software.
> >>
> >>  There is /sys/fs/cgroup/systemd/release_agent but I don't understand how to
> >>  use it. I don't understand why we would need it at all.
> >
> > "1.4 What does notify_on_release do ?" in
> > Documentation/cgroups/cgroups.txt the kernel source doesn't help?
> 
> I've read it. I understand what it does. I don't understand how to use
> it in practice nor

You want to clean up your memcg without any tasks so the script might do
something like:
---
#!/bin/sh

CGROUP="$1"
CGROUP_MNT=`mount | grep cgroup | awk '{print $3}'`

rmdir "$CGROUP_MNT/$CGROUP"
---

> why it is done this way.

I find the interface rather awkward as well but that is a question for
those who have implement it.

The interface will change in the future (sorry I do not have any link to
discussion about the change handy).

> >>  Starting a binary on emptying a cgroup with the purpose to notify an other
> >>  binary looks like a big overkill.
> >
> > the binary can do rmdir which is what you want, no?
> 
> I suppose a base package should do that, not my specific software. Do
> I understand right?

Yes. The notifier works on the root of the cgroup hierarchy so it is a
matter of the admin to set it.
 
> >>  Also my program should work in userspace without the need to use
> >>  release_agent which can be accessed only by root.
> >
> > The release_agent is global for all groups so the program doesn't have
> > to care.
> 
> Again: What MY program should do?

Nothing. (assuming the only thing you are interested in is removing the
empty group).

[...]
-- 
Michal Hocko
SUSE Labs

Re: Notifying on empty cgroup

[Michal Hocko]

On Wed 15-01-14 16:11:40, Victor Porton wrote:
> 15.01.2014, 15:59, "Michal Hocko" <mhocko-AlSwsSmVLrQ@public.gmane.org>:
> > [CCing cgroups mailing list]
> > On Wed 15-01-14 06:12:45, Victor Porton wrote:
> >
> >>  I want to write software which needs to receive a signal when the cgroup
> >>  created by it becomes empty. (After this the empty cgroup should be deleted
> >>  just not to clutter the memory.)
> >>
> >>  If the kernel does not support such notifications, it should be improved.
> >>  This functionality is crucial for some kinds of software.
> >>
> >>  There is /sys/fs/cgroup/systemd/release_agent but I don't understand how to
> >>  use it. I don't understand why we would need it at all.
> >
> > "1.4 What does notify_on_release do ?" in
> > Documentation/cgroups/cgroups.txt the kernel source doesn't help?
> 
> I've read it. I understand what it does. I don't understand how to use
> it in practice nor

You want to clean up your memcg without any tasks so the script might do
something like:
---
#!/bin/sh

CGROUP="$1"
CGROUP_MNT=`mount | grep cgroup | awk '{print $3}'`

rmdir "$CGROUP_MNT/$CGROUP"
---

> why it is done this way.

I find the interface rather awkward as well but that is a question for
those who have implement it.

The interface will change in the future (sorry I do not have any link to
discussion about the change handy).

> >>  Starting a binary on emptying a cgroup with the purpose to notify an other
> >>  binary looks like a big overkill.
> >
> > the binary can do rmdir which is what you want, no?
> 
> I suppose a base package should do that, not my specific software. Do
> I understand right?

Yes. The notifier works on the root of the cgroup hierarchy so it is a
matter of the admin to set it.
 
> >>  Also my program should work in userspace without the need to use
> >>  release_agent which can be accessed only by root.
> >
> > The release_agent is global for all groups so the program doesn't have
> > to care.
> 
> Again: What MY program should do?

Nothing. (assuming the only thing you are interested in is removing the
empty group).

[...]
-- 
Michal Hocko
SUSE Labs