github.com/cloudfoundry-attic/garden-linux@v0.333.2-candidate/linux_backend/skeleton/lib/hook-parent-after-clone.sh (about)

     1  #!/bin/bash
     2  
     3  [ -n "$DEBUG" ] && set -o xtrace
     4  set -o nounset
     5  set -o errexit
     6  shopt -s nullglob
     7  
     8  cd $(dirname $0)/../
     9  
    10  source etc/config
    11  
    12  # Add new group for every subsystem
    13  #
    14  # cpuset must be set up first, so that cpuset.cpus and cpuset.mems is assigned
    15  # otherwise adding the process to the subsystem's tasks will fail with ENOSPC
    16  for subsystem in {cpuset,cpu,cpuacct,devices,memory}
    17  do
    18    system_path=$GARDEN_CGROUP_PATH/$subsystem
    19    cgroup_path_segment=$(cat /proc/self/cgroup | grep ${subsystem}: | cut -d ':' -f 3)
    20    instance_path=${system_path}${cgroup_path_segment}/instance-$id
    21  
    22    mkdir -p $instance_path
    23  
    24    if [ $subsystem == "cpuset" ]
    25    then
    26      cat $system_path/cpuset.cpus > $instance_path/cpuset.cpus
    27      cat $system_path/cpuset.mems > $instance_path/cpuset.mems
    28    fi
    29  
    30    if [ $subsystem == "devices" ] && [ "$cgroup_path_segment" == "/" ]
    31    then
    32      # Deny everything, allow explicitly
    33      echo a > $instance_path/devices.deny
    34  
    35      # Allow mknod for everything.
    36      echo "c *:* m" > $instance_path/devices.allow
    37      echo "b *:* m" > $instance_path/devices.allow
    38  
    39      # /dev/null
    40      echo "c 1:3 rwm" > $instance_path/devices.allow
    41      # /dev/zero
    42      echo "c 1:5 rwm" > $instance_path/devices.allow
    43      # /dev/full
    44      echo "c 1:7 rwm" > $instance_path/devices.allow
    45      # /dev/random
    46      echo "c 1:8 rwm" > $instance_path/devices.allow
    47      # /dev/urandom
    48      echo "c 1:9 rwm" > $instance_path/devices.allow
    49      # /dev/tty0
    50      echo "c 4:0 rwm" > $instance_path/devices.allow
    51      # /dev/tty1
    52      echo "c 4:1 rwm" > $instance_path/devices.allow
    53      # /dev/tty
    54      echo "c 5:0 rwm" > $instance_path/devices.allow
    55      # /dev/console
    56      echo "c 5:1 rwm" > $instance_path/devices.allow
    57      # /dev/ptmx
    58      echo "c 5:2 rwm" > $instance_path/devices.allow
    59      # /dev/pts/*
    60      echo "c 136:* rwm" > $instance_path/devices.allow
    61      # tuntap (?)
    62      echo "c 10:200 rwm" > $instance_path/devices.allow
    63      # /dev/fuse
    64      echo "c 10:229 rwm" > $instance_path/devices.allow
    65    fi
    66  
    67    echo $PID > $instance_path/cgroup.procs
    68  done
    69  
    70  echo $PID > ./run/wshd.pid
    71  
    72  exit 0