github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/libsnap-confine-private/cgroup-freezer-support.h

github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/cmd/libsnap-confine-private/cgroup-freezer-support.h (about)

     1  /*
     2   * Copyright (C) 2019 Canonical Ltd
     3   *
     4   * This program is free software: you can redistribute it and/or modify
     5   * it under the terms of the GNU General Public License version 3 as
     6   * published by the Free Software Foundation.
     7   *
     8   * This program is distributed in the hope that it will be useful,
     9   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    10   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11   * GNU General Public License for more details.
    12   *
    13   * You should have received a copy of the GNU General Public License
    14   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    15   *
    16   */
    17  
    18  #ifndef SC_CGROUP_FREEZER_SUPPORT_H
    19  #define SC_CGROUP_FREEZER_SUPPORT_H
    20  
    21  #include <sys/types.h>
    22  #include "error.h"
    23  
    24  /**
    25   * Join the freezer cgroup for the given snap.
    26   *
    27   * This function adds the specified task to the freezer cgroup specific to the
    28   * given snap. The name of the cgroup is "snap.$snap_name".
    29   *
    30   * Interestingly we don't need to actually freeze the processes. The group
    31   * allows us to track processes belonging to a given snap. This makes the
    32   * measurement "are any processes of this snap still alive" very simple.
    33   *
    34   * The "cgroup.procs" file belonging to the cgroup contains the set of all the
    35   * processes that originate from the given snap. Examining that file one can
    36   * reliably determine if the set is empty or not.
    37   *
    38   * For more details please review:
    39   * https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt
    40  **/
    41  void sc_cgroup_freezer_join(const char *snap_name, pid_t pid);
    42  
    43  /**
    44   * Check if a freezer cgroup for given snap has any processes belonging to a given user.
    45   *
    46   * This function examines the freezer cgroup called "snap.$snap_name" and looks
    47   * at each of its processes. If any process exists then the function returns true.
    48  **/
    49  // TODO: Support per user filtering for eventual per-user mount namespaces
    50  bool sc_cgroup_freezer_occupied(const char *snap_name);
    51  
    52  #endif