Compare commits
No commits in common. "f7c79f09117a383a776830dc59558c026bb79566" and "eae1ef076d6b84e25c68ba543705f3fc1e07bd2c" have entirely different histories.
f7c79f0911
...
eae1ef076d
|
@ -2450,64 +2450,6 @@
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>FairQueuingControlledDelayMemoryLimit=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the limit on the total number of bytes that can be queued in this FQ-CoDel instance.
|
||||
When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
|
||||
respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>FairQueuingControlledDelayFlows=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the number of flows into which the incoming packets are classified.
|
||||
Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>FairQueuingControlledDelayTargetSec=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a timespan. Specifies the acceptable minimum standing/persistent queue delay.
|
||||
Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>FairQueuingControlledDelayIntervalSec=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a timespan. This is used to ensure that the measured minimum delay does not
|
||||
become too stale. Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>FairQueuingControlledDelayQuantum=</varname></term>
|
||||
<listitem>
|
||||
<para>Specifies the number of bytes used as 'deficit' in the fair queuing algorithmtimespan.
|
||||
When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
|
||||
respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>FairQueuingControlledDelayECN=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. This can be used to mark packets instead of dropping them. Defaults to
|
||||
unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>FairQueuingControlledDelayCEThresholdSec=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a timespan. This sets a threshold above which all packets are marked with ECN
|
||||
Congestion Experienced (CE). Defaults to unset and kernel's default is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>FairQueueTrafficPolicingPacketLimit=</varname></term>
|
||||
<listitem>
|
||||
|
|
|
@ -258,14 +258,7 @@ TrafficControlQueueingDiscipline.TokenBufferFilterMPUBytes, con
|
|||
TrafficControlQueueingDiscipline.TokenBufferFilterPeakRate, config_parse_tc_token_buffer_filter_size, 0, 0
|
||||
TrafficControlQueueingDiscipline.TokenBufferFilterLatencySec, config_parse_tc_token_buffer_filter_latency, 0, 0
|
||||
TrafficControlQueueingDiscipline.StochasticFairnessQueueingPerturbPeriodSec, config_parse_tc_stochastic_fairness_queueing_perturb_period, 0, 0
|
||||
TrafficControlQueueingDiscipline.FairQueuingControlledDelayPacketLimit, config_parse_tc_fair_queuing_controlled_delay_u32, 0, 0
|
||||
TrafficControlQueueingDiscipline.FairQueuingControlledDelayMemoryLimit, config_parse_tc_fair_queuing_controlled_delay_size, 0, 0
|
||||
TrafficControlQueueingDiscipline.FairQueuingControlledDelayFlows, config_parse_tc_fair_queuing_controlled_delay_u32, 0, 0
|
||||
TrafficControlQueueingDiscipline.FairQueuingControlledDelayQuantum, config_parse_tc_fair_queuing_controlled_delay_size, 0, 0
|
||||
TrafficControlQueueingDiscipline.FairQueuingControlledDelayTargetSec, config_parse_tc_fair_queuing_controlled_delay_usec, 0, 0
|
||||
TrafficControlQueueingDiscipline.FairQueuingControlledDelayIntervalSec, config_parse_tc_fair_queuing_controlled_delay_usec, 0, 0
|
||||
TrafficControlQueueingDiscipline.FairQueuingControlledDelayCEThresholdSec, config_parse_tc_fair_queuing_controlled_delay_usec, 0, 0
|
||||
TrafficControlQueueingDiscipline.FairQueuingControlledDelayECN, config_parse_tc_fair_queuing_controlled_delay_bool, 0, 0
|
||||
TrafficControlQueueingDiscipline.FairQueuingControlledDelayPacketLimit, config_parse_tc_fair_queuing_controlled_delay_limit, 0, 0
|
||||
TrafficControlQueueingDiscipline.FairQueueTrafficPolicingPacketLimit, config_parse_tc_fair_queue_traffic_policing_packet_limit, 0, 0
|
||||
/* backwards compatibility: do not add new entries to this section */
|
||||
Network.IPv4LL, config_parse_ipv4ll, 0, offsetof(Network, link_local)
|
||||
|
|
|
@ -10,20 +10,6 @@
|
|||
#include "qdisc.h"
|
||||
#include "string-util.h"
|
||||
|
||||
static int fair_queuing_controlled_delay_init(QDisc *qdisc) {
|
||||
FairQueuingControlledDelay *fqcd;
|
||||
|
||||
assert(qdisc);
|
||||
|
||||
fqcd = FQ_CODEL(qdisc);
|
||||
|
||||
fqcd->memory_limit = UINT32_MAX;
|
||||
fqcd->ce_threshold_usec = USEC_INFINITY;
|
||||
fqcd->ecn = -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int fair_queuing_controlled_delay_fill_message(Link *link, QDisc *qdisc, sd_netlink_message *req) {
|
||||
FairQueuingControlledDelay *fqcd;
|
||||
int r;
|
||||
|
@ -38,53 +24,9 @@ static int fair_queuing_controlled_delay_fill_message(Link *link, QDisc *qdisc,
|
|||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not open container TCA_OPTIONS: %m");
|
||||
|
||||
if (fqcd->packet_limit > 0) {
|
||||
r = sd_netlink_message_append_u32(req, TCA_FQ_CODEL_LIMIT, fqcd->packet_limit);
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not append TCA_FQ_CODEL_LIMIT attribute: %m");
|
||||
}
|
||||
|
||||
if (fqcd->flows > 0) {
|
||||
r = sd_netlink_message_append_u32(req, TCA_FQ_CODEL_FLOWS, fqcd->flows);
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not append TCA_FQ_CODEL_FLOWS attribute: %m");
|
||||
}
|
||||
|
||||
if (fqcd->quantum > 0) {
|
||||
r = sd_netlink_message_append_u32(req, TCA_FQ_CODEL_QUANTUM, fqcd->quantum);
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not append TCA_FQ_CODEL_QUANTUM attribute: %m");
|
||||
}
|
||||
|
||||
if (fqcd->interval_usec > 0) {
|
||||
r = sd_netlink_message_append_u32(req, TCA_FQ_CODEL_INTERVAL, fqcd->interval_usec);
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not append TCA_FQ_CODEL_INTERVAL attribute: %m");
|
||||
}
|
||||
|
||||
if (fqcd->target_usec > 0) {
|
||||
r = sd_netlink_message_append_u32(req, TCA_FQ_CODEL_TARGET, fqcd->target_usec);
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not append TCA_FQ_CODEL_TARGET attribute: %m");
|
||||
}
|
||||
|
||||
if (fqcd->ecn >= 0) {
|
||||
r = sd_netlink_message_append_u32(req, TCA_FQ_CODEL_ECN, fqcd->ecn);
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not append TCA_FQ_CODEL_ECN attribute: %m");
|
||||
}
|
||||
|
||||
if (fqcd->ce_threshold_usec != USEC_INFINITY) {
|
||||
r = sd_netlink_message_append_u32(req, TCA_FQ_CODEL_CE_THRESHOLD, fqcd->ce_threshold_usec);
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not append TCA_FQ_CODEL_CE_THRESHOLD attribute: %m");
|
||||
}
|
||||
|
||||
if (fqcd->memory_limit != UINT32_MAX) {
|
||||
r = sd_netlink_message_append_u32(req, TCA_FQ_CODEL_MEMORY_LIMIT, fqcd->memory_limit);
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not append TCA_FQ_CODEL_MEMORY_LIMIT attribute: %m");
|
||||
}
|
||||
r = sd_netlink_message_append_u32(req, TCA_FQ_CODEL_LIMIT, fqcd->limit);
|
||||
if (r < 0)
|
||||
return log_link_error_errno(link, r, "Could not append TCA_FQ_CODEL_LIMIT attribute: %m");
|
||||
|
||||
r = sd_netlink_message_close_container(req);
|
||||
if (r < 0)
|
||||
|
@ -93,130 +35,7 @@ static int fair_queuing_controlled_delay_fill_message(Link *link, QDisc *qdisc,
|
|||
return 0;
|
||||
}
|
||||
|
||||
int config_parse_tc_fair_queuing_controlled_delay_u32(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
const char *section,
|
||||
unsigned section_line,
|
||||
const char *lvalue,
|
||||
int ltype,
|
||||
const char *rvalue,
|
||||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
_cleanup_(qdisc_free_or_set_invalidp) QDisc *qdisc = NULL;
|
||||
FairQueuingControlledDelay *fqcd;
|
||||
Network *network = data;
|
||||
uint32_t *p;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
assert(lvalue);
|
||||
assert(rvalue);
|
||||
assert(data);
|
||||
|
||||
r = qdisc_new_static(QDISC_KIND_FQ_CODEL, network, filename, section_line, &qdisc);
|
||||
if (r == -ENOMEM)
|
||||
return log_oom();
|
||||
if (r < 0)
|
||||
return log_syntax(unit, LOG_ERR, filename, line, r,
|
||||
"More than one kind of queueing discipline, ignoring assignment: %m");
|
||||
|
||||
fqcd = FQ_CODEL(qdisc);
|
||||
|
||||
if (streq(lvalue, "FairQueuingControlledDelayPacketLimit"))
|
||||
p = &fqcd->packet_limit;
|
||||
else if (streq(lvalue, "FairQueuingControlledDelayFlows"))
|
||||
p = &fqcd->flows;
|
||||
else
|
||||
assert_not_reached("Invalid lvalue.");
|
||||
|
||||
if (isempty(rvalue)) {
|
||||
*p = 0;
|
||||
|
||||
qdisc = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = safe_atou32(rvalue, p);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_ERR, filename, line, r,
|
||||
"Failed to parse '%s=', ignoring assignment: %s",
|
||||
lvalue, rvalue);
|
||||
return 0;
|
||||
}
|
||||
|
||||
qdisc = NULL;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int config_parse_tc_fair_queuing_controlled_delay_usec(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
const char *section,
|
||||
unsigned section_line,
|
||||
const char *lvalue,
|
||||
int ltype,
|
||||
const char *rvalue,
|
||||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
_cleanup_(qdisc_free_or_set_invalidp) QDisc *qdisc = NULL;
|
||||
FairQueuingControlledDelay *fqcd;
|
||||
Network *network = data;
|
||||
usec_t *p;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
assert(lvalue);
|
||||
assert(rvalue);
|
||||
assert(data);
|
||||
|
||||
r = qdisc_new_static(QDISC_KIND_FQ_CODEL, network, filename, section_line, &qdisc);
|
||||
if (r == -ENOMEM)
|
||||
return log_oom();
|
||||
if (r < 0)
|
||||
return log_syntax(unit, LOG_ERR, filename, line, r,
|
||||
"More than one kind of queueing discipline, ignoring assignment: %m");
|
||||
|
||||
fqcd = FQ_CODEL(qdisc);
|
||||
|
||||
if (streq(lvalue, "FairQueuingControlledDelayTargetSec"))
|
||||
p = &fqcd->target_usec;
|
||||
else if (streq(lvalue, "FairQueuingControlledDelayIntervalSec"))
|
||||
p = &fqcd->interval_usec;
|
||||
else if (streq(lvalue, "FairQueuingControlledDelayCEThresholdSec"))
|
||||
p = &fqcd->ce_threshold_usec;
|
||||
else
|
||||
assert_not_reached("Invalid lvalue.");
|
||||
|
||||
if (isempty(rvalue)) {
|
||||
if (streq(lvalue, "FairQueuingControlledDelayCEThresholdSec"))
|
||||
*p = USEC_INFINITY;
|
||||
else
|
||||
*p = 0;
|
||||
|
||||
qdisc = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = parse_sec(rvalue, p);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_ERR, filename, line, r,
|
||||
"Failed to parse '%s=', ignoring assignment: %s",
|
||||
lvalue, rvalue);
|
||||
return 0;
|
||||
}
|
||||
|
||||
qdisc = NULL;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int config_parse_tc_fair_queuing_controlled_delay_bool(
|
||||
int config_parse_tc_fair_queuing_controlled_delay_limit(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
|
@ -248,13 +67,13 @@ int config_parse_tc_fair_queuing_controlled_delay_bool(
|
|||
fqcd = FQ_CODEL(qdisc);
|
||||
|
||||
if (isempty(rvalue)) {
|
||||
fqcd->ecn = -1;
|
||||
fqcd->limit = 0;
|
||||
|
||||
qdisc = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = parse_boolean(rvalue);
|
||||
r = safe_atou32(rvalue, &fqcd->limit);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_ERR, filename, line, r,
|
||||
"Failed to parse '%s=', ignoring assignment: %s",
|
||||
|
@ -262,77 +81,6 @@ int config_parse_tc_fair_queuing_controlled_delay_bool(
|
|||
return 0;
|
||||
}
|
||||
|
||||
fqcd->ecn = r;
|
||||
qdisc = NULL;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int config_parse_tc_fair_queuing_controlled_delay_size(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
const char *section,
|
||||
unsigned section_line,
|
||||
const char *lvalue,
|
||||
int ltype,
|
||||
const char *rvalue,
|
||||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
_cleanup_(qdisc_free_or_set_invalidp) QDisc *qdisc = NULL;
|
||||
FairQueuingControlledDelay *fqcd;
|
||||
Network *network = data;
|
||||
uint64_t sz;
|
||||
uint32_t *p;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
assert(lvalue);
|
||||
assert(rvalue);
|
||||
assert(data);
|
||||
|
||||
r = qdisc_new_static(QDISC_KIND_FQ_CODEL, network, filename, section_line, &qdisc);
|
||||
if (r == -ENOMEM)
|
||||
return log_oom();
|
||||
if (r < 0)
|
||||
return log_syntax(unit, LOG_ERR, filename, line, r,
|
||||
"More than one kind of queueing discipline, ignoring assignment: %m");
|
||||
|
||||
fqcd = FQ_CODEL(qdisc);
|
||||
|
||||
if (streq(lvalue, "FairQueuingControlledDelayMemoryLimit"))
|
||||
p = &fqcd->memory_limit;
|
||||
else if (streq(lvalue, "FairQueuingControlledDelayQuantum"))
|
||||
p = &fqcd->quantum;
|
||||
else
|
||||
assert_not_reached("Invalid lvalue.");
|
||||
|
||||
if (isempty(rvalue)) {
|
||||
if (streq(lvalue, "FairQueuingControlledMemoryLimit"))
|
||||
*p = UINT32_MAX;
|
||||
else
|
||||
*p = 0;
|
||||
|
||||
qdisc = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = parse_size(rvalue, 1024, &sz);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_ERR, filename, line, r,
|
||||
"Failed to parse '%s=', ignoring assignment: %s",
|
||||
lvalue, rvalue);
|
||||
return 0;
|
||||
}
|
||||
if (sz >= UINT32_MAX) {
|
||||
log_syntax(unit, LOG_ERR, filename, line, r,
|
||||
"Specified '%s=' is too large, ignoring assignment: %s",
|
||||
lvalue, rvalue);
|
||||
return 0;
|
||||
}
|
||||
|
||||
*p = sz;
|
||||
qdisc = NULL;
|
||||
|
||||
return 0;
|
||||
|
@ -341,6 +89,5 @@ int config_parse_tc_fair_queuing_controlled_delay_size(
|
|||
const QDiscVTable fq_codel_vtable = {
|
||||
.object_size = sizeof(FairQueuingControlledDelay),
|
||||
.tca_kind = "fq_codel",
|
||||
.init = fair_queuing_controlled_delay_init,
|
||||
.fill_message = fair_queuing_controlled_delay_fill_message,
|
||||
};
|
||||
|
|
|
@ -4,25 +4,13 @@
|
|||
|
||||
#include "conf-parser.h"
|
||||
#include "qdisc.h"
|
||||
#include "time-util.h"
|
||||
|
||||
typedef struct FairQueuingControlledDelay {
|
||||
QDisc meta;
|
||||
|
||||
uint32_t packet_limit;
|
||||
uint32_t flows;
|
||||
uint32_t quantum;
|
||||
uint32_t memory_limit;
|
||||
usec_t target_usec;
|
||||
usec_t interval_usec;
|
||||
usec_t ce_threshold_usec;
|
||||
int ecn;
|
||||
uint32_t limit;
|
||||
} FairQueuingControlledDelay;
|
||||
|
||||
DEFINE_QDISC_CAST(FQ_CODEL, FairQueuingControlledDelay);
|
||||
extern const QDiscVTable fq_codel_vtable;
|
||||
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_tc_fair_queuing_controlled_delay_u32);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_tc_fair_queuing_controlled_delay_usec);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_tc_fair_queuing_controlled_delay_bool);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_tc_fair_queuing_controlled_delay_size);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_tc_fair_queuing_controlled_delay_limit);
|
||||
|
|
|
@ -23,7 +23,6 @@ const QDiscVTable * const qdisc_vtable[_QDISC_KIND_MAX] = {
|
|||
|
||||
static int qdisc_new(QDiscKind kind, QDisc **ret) {
|
||||
QDisc *qdisc;
|
||||
int r;
|
||||
|
||||
if (kind == _QDISC_KIND_INVALID) {
|
||||
qdisc = new(QDisc, 1);
|
||||
|
@ -43,12 +42,6 @@ static int qdisc_new(QDiscKind kind, QDisc **ret) {
|
|||
qdisc->family = AF_UNSPEC;
|
||||
qdisc->parent = TC_H_ROOT;
|
||||
qdisc->kind = kind;
|
||||
|
||||
if (QDISC_VTABLE(qdisc)->init) {
|
||||
r = QDISC_VTABLE(qdisc)->init(qdisc);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
*ret = TAKE_PTR(qdisc);
|
||||
|
|
|
@ -32,8 +32,6 @@ typedef struct QDisc {
|
|||
typedef struct QDiscVTable {
|
||||
size_t object_size;
|
||||
const char *tca_kind;
|
||||
/* called in qdisc_new() */
|
||||
int (*init)(QDisc *qdisc);
|
||||
int (*fill_message)(Link *link, QDisc *qdisc, sd_netlink_message *m);
|
||||
int (*verify)(QDisc *qdisc);
|
||||
} QDiscVTable;
|
||||
|
|
|
@ -222,6 +222,8 @@ int bind_mount_parse(CustomMount **l, size_t *n, const char *s, bool read_only)
|
|||
|
||||
if (!path_is_absolute(destination))
|
||||
return -EINVAL;
|
||||
if (empty_or_root(destination))
|
||||
return -EINVAL;
|
||||
|
||||
m = custom_mount_add(l, n, CUSTOM_MOUNT_BIND);
|
||||
if (!m)
|
||||
|
@ -260,6 +262,8 @@ int tmpfs_mount_parse(CustomMount **l, size_t *n, const char *s) {
|
|||
|
||||
if (!path_is_absolute(path))
|
||||
return -EINVAL;
|
||||
if (empty_or_root(path))
|
||||
return -EINVAL;
|
||||
|
||||
m = custom_mount_add(l, n, CUSTOM_MOUNT_TMPFS);
|
||||
if (!m)
|
||||
|
@ -319,6 +323,9 @@ int overlay_mount_parse(CustomMount **l, size_t *n, const char *s, bool read_onl
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (empty_or_root(destination))
|
||||
return -EINVAL;
|
||||
|
||||
m = custom_mount_add(l, n, CUSTOM_MOUNT_OVERLAY);
|
||||
if (!m)
|
||||
return -ENOMEM;
|
||||
|
@ -415,7 +422,7 @@ int mount_sysfs(const char *dest, MountSettingsMask mount_settings) {
|
|||
|
||||
(void) mkdir(full, 0755);
|
||||
|
||||
if (FLAGS_SET(mount_settings, MOUNT_APPLY_APIVFS_RO))
|
||||
if (mount_settings & MOUNT_APPLY_APIVFS_RO)
|
||||
extra_flags |= MS_RDONLY;
|
||||
|
||||
r = mount_verbose(LOG_ERR, "sysfs", full, "sysfs",
|
||||
|
@ -601,29 +608,29 @@ int mount_all(const char *dest,
|
|||
#endif
|
||||
};
|
||||
|
||||
bool use_userns = FLAGS_SET(mount_settings, MOUNT_USE_USERNS);
|
||||
bool netns = FLAGS_SET(mount_settings, MOUNT_APPLY_APIVFS_NETNS);
|
||||
bool ro = FLAGS_SET(mount_settings, MOUNT_APPLY_APIVFS_RO);
|
||||
bool in_userns = FLAGS_SET(mount_settings, MOUNT_IN_USERNS);
|
||||
bool tmpfs_tmp = FLAGS_SET(mount_settings, MOUNT_APPLY_TMPFS_TMP);
|
||||
bool use_userns = (mount_settings & MOUNT_USE_USERNS);
|
||||
bool netns = (mount_settings & MOUNT_APPLY_APIVFS_NETNS);
|
||||
bool ro = (mount_settings & MOUNT_APPLY_APIVFS_RO);
|
||||
bool in_userns = (mount_settings & MOUNT_IN_USERNS);
|
||||
bool tmpfs_tmp = (mount_settings & MOUNT_APPLY_TMPFS_TMP);
|
||||
size_t k;
|
||||
int r;
|
||||
|
||||
for (k = 0; k < ELEMENTSOF(mount_table); k++) {
|
||||
_cleanup_free_ char *where = NULL, *options = NULL;
|
||||
const char *o;
|
||||
bool fatal = FLAGS_SET(mount_table[k].mount_settings, MOUNT_FATAL);
|
||||
bool fatal = (mount_table[k].mount_settings & MOUNT_FATAL);
|
||||
|
||||
if (in_userns != FLAGS_SET(mount_table[k].mount_settings, MOUNT_IN_USERNS))
|
||||
if (in_userns != (bool)(mount_table[k].mount_settings & MOUNT_IN_USERNS))
|
||||
continue;
|
||||
|
||||
if (!netns && FLAGS_SET(mount_table[k].mount_settings, MOUNT_APPLY_APIVFS_NETNS))
|
||||
if (!netns && (bool)(mount_table[k].mount_settings & MOUNT_APPLY_APIVFS_NETNS))
|
||||
continue;
|
||||
|
||||
if (!ro && FLAGS_SET(mount_table[k].mount_settings, MOUNT_APPLY_APIVFS_RO))
|
||||
if (!ro && (bool)(mount_table[k].mount_settings & MOUNT_APPLY_APIVFS_RO))
|
||||
continue;
|
||||
|
||||
if (!tmpfs_tmp && FLAGS_SET(mount_table[k].mount_settings, MOUNT_APPLY_TMPFS_TMP))
|
||||
if (!tmpfs_tmp && (bool)(mount_table[k].mount_settings & MOUNT_APPLY_TMPFS_TMP))
|
||||
continue;
|
||||
|
||||
r = chase_symlinks(mount_table[k].where, dest, CHASE_NONEXISTENT|CHASE_PREFIX_ROOT, &where, NULL);
|
||||
|
@ -775,7 +782,11 @@ static int mount_bind(const char *dest, CustomMount *m) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int mount_tmpfs(const char *dest, CustomMount *m, uid_t uid_shift, const char *selinux_apifs_context) {
|
||||
static int mount_tmpfs(
|
||||
const char *dest,
|
||||
CustomMount *m,
|
||||
bool userns, uid_t uid_shift, uid_t uid_range,
|
||||
const char *selinux_apifs_context) {
|
||||
|
||||
const char *options;
|
||||
_cleanup_free_ char *buf = NULL, *where = NULL;
|
||||
|
@ -910,9 +921,9 @@ static int mount_arbitrary(const char *dest, CustomMount *m) {
|
|||
int mount_custom(
|
||||
const char *dest,
|
||||
CustomMount *mounts, size_t n,
|
||||
uid_t uid_shift,
|
||||
bool userns, uid_t uid_shift, uid_t uid_range,
|
||||
const char *selinux_apifs_context,
|
||||
MountSettingsMask mount_settings) {
|
||||
bool in_userns) {
|
||||
|
||||
size_t i;
|
||||
int r;
|
||||
|
@ -922,13 +933,7 @@ int mount_custom(
|
|||
for (i = 0; i < n; i++) {
|
||||
CustomMount *m = mounts + i;
|
||||
|
||||
if (FLAGS_SET(mount_settings, MOUNT_IN_USERNS) != m->in_userns)
|
||||
continue;
|
||||
|
||||
if (FLAGS_SET(mount_settings, MOUNT_ROOT_ONLY) && !path_equal(m->destination, "/"))
|
||||
continue;
|
||||
|
||||
if (FLAGS_SET(mount_settings, MOUNT_NON_ROOT_ONLY) && path_equal(m->destination, "/"))
|
||||
if (m->in_userns != in_userns)
|
||||
continue;
|
||||
|
||||
switch (m->type) {
|
||||
|
@ -938,7 +943,7 @@ int mount_custom(
|
|||
break;
|
||||
|
||||
case CUSTOM_MOUNT_TMPFS:
|
||||
r = mount_tmpfs(dest, m, uid_shift, selinux_apifs_context);
|
||||
r = mount_tmpfs(dest, m, userns, uid_shift, uid_range, selinux_apifs_context);
|
||||
break;
|
||||
|
||||
case CUSTOM_MOUNT_OVERLAY:
|
||||
|
@ -964,7 +969,10 @@ int mount_custom(
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int setup_volatile_state(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) {
|
||||
static int setup_volatile_state(
|
||||
const char *directory,
|
||||
bool userns, uid_t uid_shift, uid_t uid_range,
|
||||
const char *selinux_apifs_context) {
|
||||
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
const char *p, *options;
|
||||
|
@ -993,7 +1001,10 @@ static int setup_volatile_state(const char *directory, uid_t uid_shift, const ch
|
|||
return mount_verbose(LOG_ERR, "tmpfs", p, "tmpfs", MS_STRICTATIME, options);
|
||||
}
|
||||
|
||||
static int setup_volatile_yes(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) {
|
||||
static int setup_volatile_yes(
|
||||
const char *directory,
|
||||
bool userns, uid_t uid_shift, uid_t uid_range,
|
||||
const char *selinux_apifs_context) {
|
||||
|
||||
bool tmpfs_mounted = false, bind_mounted = false;
|
||||
char template[] = "/tmp/nspawn-volatile-XXXXXX";
|
||||
|
@ -1080,7 +1091,10 @@ fail:
|
|||
return r;
|
||||
}
|
||||
|
||||
static int setup_volatile_overlay(const char *directory, uid_t uid_shift, const char *selinux_apifs_context) {
|
||||
static int setup_volatile_overlay(
|
||||
const char *directory,
|
||||
bool userns, uid_t uid_shift, uid_t uid_range,
|
||||
const char *selinux_apifs_context) {
|
||||
|
||||
_cleanup_free_ char *buf = NULL, *escaped_directory = NULL, *escaped_upper = NULL, *escaped_work = NULL;
|
||||
char template[] = "/tmp/nspawn-volatile-XXXXXX";
|
||||
|
@ -1145,19 +1159,19 @@ finish:
|
|||
int setup_volatile_mode(
|
||||
const char *directory,
|
||||
VolatileMode mode,
|
||||
uid_t uid_shift,
|
||||
bool userns, uid_t uid_shift, uid_t uid_range,
|
||||
const char *selinux_apifs_context) {
|
||||
|
||||
switch (mode) {
|
||||
|
||||
case VOLATILE_YES:
|
||||
return setup_volatile_yes(directory, uid_shift, selinux_apifs_context);
|
||||
return setup_volatile_yes(directory, userns, uid_shift, uid_range, selinux_apifs_context);
|
||||
|
||||
case VOLATILE_STATE:
|
||||
return setup_volatile_state(directory, uid_shift, selinux_apifs_context);
|
||||
return setup_volatile_state(directory, userns, uid_shift, uid_range, selinux_apifs_context);
|
||||
|
||||
case VOLATILE_OVERLAY:
|
||||
return setup_volatile_overlay(directory, uid_shift, selinux_apifs_context);
|
||||
return setup_volatile_overlay(directory, userns, uid_shift, uid_range, selinux_apifs_context);
|
||||
|
||||
default:
|
||||
return 0;
|
||||
|
|
|
@ -14,8 +14,6 @@ typedef enum MountSettingsMask {
|
|||
MOUNT_APPLY_APIVFS_NETNS = 1 << 4, /* if set, /proc/sys/net will be mounted read-write.
|
||||
Works only if MOUNT_APPLY_APIVFS_RO is also set. */
|
||||
MOUNT_APPLY_TMPFS_TMP = 1 << 5, /* if set, /tmp will be mounted as tmpfs */
|
||||
MOUNT_ROOT_ONLY = 1 << 6, /* if set, only root mounts are mounted */
|
||||
MOUNT_NON_ROOT_ONLY = 1 << 7, /* if set, only non-root mounts are mounted */
|
||||
} MountSettingsMask;
|
||||
|
||||
typedef enum CustomMountType {
|
||||
|
@ -54,9 +52,9 @@ int inaccessible_mount_parse(CustomMount **l, size_t *n, const char *s);
|
|||
int mount_all(const char *dest, MountSettingsMask mount_settings, uid_t uid_shift, const char *selinux_apifs_context);
|
||||
int mount_sysfs(const char *dest, MountSettingsMask mount_settings);
|
||||
|
||||
int mount_custom(const char *dest, CustomMount *mounts, size_t n, uid_t uid_shift, const char *selinux_apifs_context, MountSettingsMask mount_settings);
|
||||
int mount_custom(const char *dest, CustomMount *mounts, size_t n, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context, bool in_userns);
|
||||
|
||||
int setup_volatile_mode(const char *directory, VolatileMode mode, uid_t uid_shift, const char *selinux_apifs_context);
|
||||
int setup_volatile_mode(const char *directory, VolatileMode mode, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context);
|
||||
|
||||
int pivot_root_parse(char **pivot_root_new, char **pivot_root_old, const char *s);
|
||||
int setup_pivot_root(const char *directory, const char *pivot_root_new, const char *pivot_root_old);
|
||||
|
|
|
@ -2975,9 +2975,11 @@ static int inner_child(
|
|||
"/",
|
||||
arg_custom_mounts,
|
||||
arg_n_custom_mounts,
|
||||
false,
|
||||
0,
|
||||
0,
|
||||
arg_selinux_apifs_context,
|
||||
MOUNT_NON_ROOT_ONLY | MOUNT_IN_USERNS);
|
||||
true);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -3343,6 +3345,13 @@ static int outer_child(
|
|||
return r;
|
||||
|
||||
directory = "/run/systemd/nspawn-root";
|
||||
|
||||
} else if (!dissected_image) {
|
||||
/* Turn directory into bind mount (we need that so that we can move the bind mount to root
|
||||
* later on). */
|
||||
r = mount_verbose(LOG_ERR, directory, directory, NULL, MS_BIND|MS_REC, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
r = setup_pivot_root(
|
||||
|
@ -3355,28 +3364,13 @@ static int outer_child(
|
|||
r = setup_volatile_mode(
|
||||
directory,
|
||||
arg_volatile_mode,
|
||||
arg_userns_mode != USER_NAMESPACE_NO,
|
||||
arg_uid_shift,
|
||||
arg_uid_range,
|
||||
arg_selinux_apifs_context);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = mount_custom(
|
||||
directory,
|
||||
arg_custom_mounts,
|
||||
arg_n_custom_mounts,
|
||||
arg_uid_shift,
|
||||
arg_selinux_apifs_context,
|
||||
MOUNT_ROOT_ONLY);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
/* Make sure we always have a mount that we can move to root later on. */
|
||||
if (!path_is_mount_point(directory, NULL, 0)) {
|
||||
r = mount_verbose(LOG_ERR, directory, directory, NULL, MS_BIND|MS_REC, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (dissected_image) {
|
||||
/* Now we know the uid shift, let's now mount everything else that might be in the image. */
|
||||
r = dissected_image_mount(dissected_image, directory, arg_uid_shift,
|
||||
|
@ -3407,12 +3401,7 @@ static int outer_child(
|
|||
* inside the container that create a new mount namespace.
|
||||
* See https://github.com/systemd/systemd/issues/3860
|
||||
* Further submounts (such as /dev) done after this will inherit the
|
||||
* shared propagation mode.
|
||||
*
|
||||
* IMPORTANT: Do not overmount the root directory anymore from now on to
|
||||
* enable moving the root directory mount to root later on.
|
||||
* https://github.com/systemd/systemd/issues/3847#issuecomment-562735251
|
||||
*/
|
||||
* shared propagation mode. */
|
||||
r = mount_verbose(LOG_ERR, NULL, directory, NULL, MS_SHARED|MS_REC, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -3481,9 +3470,11 @@ static int outer_child(
|
|||
directory,
|
||||
arg_custom_mounts,
|
||||
arg_n_custom_mounts,
|
||||
arg_userns_mode != USER_NAMESPACE_NO,
|
||||
arg_uid_shift,
|
||||
arg_uid_range,
|
||||
arg_selinux_apifs_context,
|
||||
MOUNT_NON_ROOT_ONLY);
|
||||
false);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -279,11 +279,4 @@ TokenBufferFilterPeakRate=
|
|||
TokenBufferFilterLatencySec=
|
||||
StochasticFairnessQueueingPerturbPeriodSec=
|
||||
FairQueuingControlledDelayPacketLimit=
|
||||
FairQueuingControlledDelayMemoryLimit=
|
||||
FairQueuingControlledDelayFlows=
|
||||
FairQueuingControlledDelayQuantum=
|
||||
FairQueuingControlledDelayTargetSec=
|
||||
FairQueuingControlledDelayIntervalSec=
|
||||
FairQueuingControlledDelayCEThresholdSec=
|
||||
FairQueuingControlledDelayECN=
|
||||
FairQueueTrafficPolicingPacketLimit=
|
||||
|
|
|
@ -15,10 +15,3 @@ NetworkEmulatorPacketLimit=100
|
|||
[TrafficControlQueueingDiscipline]
|
||||
Parent=ingress
|
||||
FairQueuingControlledDelayPacketLimit=20480
|
||||
FairQueuingControlledDelayMemoryLimit=64M
|
||||
FairQueuingControlledDelayFlows=2048
|
||||
FairQueuingControlledDelayTargetSec=10ms
|
||||
FairQueuingControlledDelayIntervalSec=200ms
|
||||
FairQueuingControlledDelayQuantum=1400
|
||||
FairQueuingControlledDelayECN=yes
|
||||
FairQueuingControlledDelayCEThresholdSec=100ms
|
||||
|
|
|
@ -2095,7 +2095,7 @@ class NetworkdNetworkTests(unittest.TestCase, Utilities):
|
|||
self.assertRegex(output, 'qdisc netem')
|
||||
self.assertRegex(output, 'limit 100 delay 50.0ms 10.0ms loss 20%')
|
||||
self.assertRegex(output, 'qdisc fq_codel')
|
||||
self.assertRegex(output, 'limit 20480p flows 2048 quantum 1400 target 10.0ms ce_threshold 100.0ms interval 200.0ms memory_limit 64Mb ecn')
|
||||
self.assertRegex(output, 'limit 20480p')
|
||||
output = check_output('tc qdisc show dev test1')
|
||||
print(output)
|
||||
self.assertRegex(output, 'qdisc tbf')
|
||||
|
|
Loading…
Reference in New Issue