Fix session management in run-in-cgroup.sh

Still WIP but some progress...
When moving a shell to a cgroup not associated with a session,
then subsequent calls to pam_systemd or pam_elogind create
a new session, and a new cgroup for that session, so that the
cgroup of the calling process is not used (this is a problem
with both systemd and elogind). For systemd, the problem can be
solved by passing --slice <user slice> to systemd-run. For elogind,
we need to first move the shell to a non session cgroup, then run
sudo so that a new session is created, then pass the cpuset to that
session's cgroup. Hopefully, if neither systemd nor elgind is used,
then the former solution should work (to be tested!!!).
This commit is contained in:
Pierre Labastie 2023-11-16 14:37:58 +01:00
parent 8e9343b632
commit cff36a77ba

View file

@ -7,13 +7,29 @@ fi
set +e set +e
if type systemd-run >/dev/null 2>&1 ; then if type systemd-run >/dev/null 2>&1 ; then # systemd
sudo systemd-run -G --pty -d --uid=$(whoami) -p AllowedCPUs="$CPUSPEC" "$@" sudo systemd-run -G --pty -d --uid=$(whoami) \
else -p AllowedCPUs="$CPUSPEC" \
sudo mkdir /sys/fs/cgroup/jhalfs --slice "user-$(whoami).slice" \
sudo sh -c "echo +cpuset > /sys/fs/cgroup/cgroup.subtree_control" "$@"
sudo sh -c "echo \"$CPUSPEC\" > /sys/fs/cgroup/jhalfs/cpuset.cpus" elif type loginctl >/dev/null 2>&1 ; then #elogind
(sudo sh -c "echo $BASHPID > /sys/fs/cgroup/jhalfs/cgroup.procs" && sudo mkdir /sys/fs/cgroup/jhalfs
exec "$@") sudo sh -c "echo +cpuset > /sys/fs/cgroup/cgroup.subtree_control"
sudo rmdir /sys/fs/cgroup/jhalfs (
sudo sh -c "echo $BASHPID > /sys/fs/cgroup/jhalfs/cgroup.procs"
sudo -u $(whoami) sh <<EOF
SESS_CGROUP=/sys/fs/cgroup/\$XDG_SESSION_ID
sudo sh -c "echo \\"$CPUSPEC\\" > \$SESS_CGROUP/cpuset.cpus"
(sudo sh -c "echo \$BASHPID > \$SESS_CGROUP/cgroup.procs" &&
exec $@)
EOF
)
sudo rmdir /sys/fs/cgroup/jhalfs
else # no session manager
sudo mkdir /sys/fs/cgroup/jhalfs
sudo sh -c "echo +cpuset > /sys/fs/cgroup/cgroup.subtree_control"
sudo sh -c "echo \"$CPUSPEC\" > /sys/fs/cgroup/jhalfs/cpuset.cpus"
(sudo sh -c "echo $BASHPID > /sys/fs/cgroup/jhalfs/cgroup.procs" &&
exec "$@")
sudo rmdir /sys/fs/cgroup/jhalfs
fi fi