max/nix-super
1
0
Fork 0
mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-11-15 02:36:16 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move daemon process into sub-cgroup

Browse source 
The daemon process is now moved into a new sub-cgroup called nix-daemon when the
daemon starts. This is necessary to abide by the no-processes-in-inner-nodes
rule, because the service cgroup becomes an inner node when the child cgroups
for the build are created (see LocalDerivationGoal::startBuilder()).

See #9675
This commit is contained in:
Parker Hoyes 2024-08-26 13:50:22 +00:00
parent 1073a8effa
commit 46b3188045
4 changed files with 75 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/libstore/unix/build/local-derivation-goal.cc
View file

@ -444,25 +444,22 @@ void LocalDerivationGoal::startBuilder()
#if __linux__ #if __linux__
experimentalFeatureSettings.require(Xp::Cgroups); experimentalFeatureSettings.require(Xp::Cgroups);
/* If we're running from the daemon, then this will return the
root cgroup of the service. Otherwise, it will return the
current cgroup. */
auto rootCgroup = getRootCgroup();
auto cgroupFS = getCgroupFS(); auto cgroupFS = getCgroupFS();
if (!cgroupFS) if (!cgroupFS)
throw Error("cannot determine the cgroups file system"); throw Error("cannot determine the cgroups file system");
auto rootCgroupPath = canonPath(*cgroupFS + "/" + rootCgroup);
auto ourCgroups = getCgroups("/proc/self/cgroup"); if (!pathExists(rootCgroupPath))
auto ourCgroup = ourCgroups[""]; throw Error("expected cgroup directory '%s'", rootCgroupPath);
if (ourCgroup == "")
throw Error("cannot determine cgroup name from /proc/self/cgroup");
auto ourCgroupPath = canonPath(*cgroupFS + "/" + ourCgroup);
if (!pathExists(ourCgroupPath))
throw Error("expected cgroup directory '%s'", ourCgroupPath);
static std::atomic<unsigned int> counter{0}; static std::atomic<unsigned int> counter{0};
cgroup = buildUser cgroup = buildUser
? fmt("%s/nix-build-uid-%d", ourCgroupPath, buildUser->getUID()) ? fmt("%s/nix-build-uid-%d", rootCgroupPath, buildUser->getUID())
: fmt("%s/nix-build-pid-%d-%d", ourCgroupPath, getpid(), counter++); : fmt("%s/nix-build-pid-%d-%d", rootCgroupPath, getpid(), counter++);
debug("using cgroup '%s'", *cgroup); debug("using cgroup '%s'", *cgroup);

32
src/libutil/linux/cgroup.cc
View file

@ -6,6 +6,7 @@
#include <chrono> #include <chrono>
#include <cmath> #include <cmath>
#include <mutex>
#include <regex> #include <regex>
#include <unordered_set> #include <unordered_set>
#include <thread> #include <thread>
@ -144,4 +145,35 @@ CgroupStats destroyCgroup(const Path & cgroup)
return destroyCgroup(cgroup, true); return destroyCgroup(cgroup, true);
} }
std::string getCurrentCgroup()
{
auto cgroupFS = getCgroupFS();
if (!cgroupFS)
throw Error("cannot determine the cgroups file system");
auto ourCgroups = getCgroups("/proc/self/cgroup");
auto ourCgroup = ourCgroups[""];
if (ourCgroup == "")
throw Error("cannot determine cgroup name from /proc/self/cgroup");
return ourCgroup;
}
static std::optional<std::string> rootCgroup;
static std::mutex rootCgroupMutex;
std::string getRootCgroup()
{
{
std::lock_guard<std::mutex> guard(rootCgroupMutex);
if (rootCgroup)
return *rootCgroup;
}
auto current = getCurrentCgroup();
std::lock_guard<std::mutex> guard(rootCgroupMutex);
if (rootCgroup)
return *rootCgroup;
rootCgroup = current;
return current;
}
} }

9
src/libutil/linux/cgroup.hh
View file

@ -25,4 +25,13 @@ struct CgroupStats
*/ */
CgroupStats destroyCgroup(const Path & cgroup); CgroupStats destroyCgroup(const Path & cgroup);
std::string getCurrentCgroup();
/**
* Get the cgroup that should be used as the parent when creating new
* sub-cgroups. The first time this is called, the current cgroup will be
* returned, and then all subsequent calls will return the original cgroup.
*/
std::string getRootCgroup();
} }

25
src/nix/unix/daemon.cc
View file

@ -33,6 +33,10 @@
#include <grp.h> #include <grp.h>
#include <fcntl.h> #include <fcntl.h>
#if __linux__
#include "cgroup.hh"
#endif
#if __APPLE__ || __FreeBSD__ #if __APPLE__ || __FreeBSD__
#include <sys/ucred.h> #include <sys/ucred.h>
#endif #endif
@ -312,6 +316,27 @@ static void daemonLoop(std::optional<TrustedFlag> forceTrustClientOpt)
// Get rid of children automatically; don't let them become zombies. // Get rid of children automatically; don't let them become zombies.
setSigChldAction(true); setSigChldAction(true);
#if __linux__
if (settings.useCgroups) {
experimentalFeatureSettings.require(Xp::Cgroups);
// This also sets the root cgroup to the current one.
auto rootCgroup = getRootCgroup();
auto cgroupFS = getCgroupFS();
if (!cgroupFS)
throw Error("cannot determine the cgroups file system");
auto rootCgroupPath = canonPath(*cgroupFS + "/" + rootCgroup);
if (!pathExists(rootCgroupPath))
throw Error("expected cgroup directory '%s'", rootCgroupPath);
auto daemonCgroupPath = rootCgroupPath + "/nix-daemon";
// Create new sub-cgroup for the daemon.
if (mkdir(daemonCgroupPath.c_str(), 0755) != 0 && errno != EEXIST)
throw SysError("creating cgroup '%s'", daemonCgroupPath);
// Move daemon into the new cgroup.
writeFile(daemonCgroupPath + "/cgroup.procs", fmt("%d", getpid()));
}
#endif
// Loop accepting connections. // Loop accepting connections.
while (1) { while (1) {