Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / refs/heads/firmware-ultima-7287.131.B / . / germ / germ_init.cc
blob: a5ce554e99ff0a68eb8c258a5b7f4994373e91a1 [file] [log] [blame]
// Copyright 2015 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "germ/germ_init.h"
#include <errno.h>
#include <grp.h>
#include <signal.h>
#include <sys/signalfd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sysexits.h>
#include <unistd.h>
#include <string>
#include <vector>
#include <base/files/file_path.h>
#include <base/files/file_util.h>
#include <base/bind.h>
#include <base/bind_helpers.h>
#include <base/location.h>
#include <base/logging.h>
#include <base/message_loop/message_loop.h>
#include <chromeos/daemons/daemon.h>
#include "germ/init_process_reaper.h"
#include "germ/proto_bindings/soma_sandbox_spec.pb.h"
namespace germ {
GermInit::GermInit(const soma::SandboxSpec& spec)
: init_process_reaper_(base::Bind(&GermInit::Quit, base::Unretained(this))),
spec_(spec) {
}
GermInit::~GermInit() {}
int GermInit::OnInit() {
init_process_reaper_.RegisterWithDaemon(this);
int return_code = chromeos::Daemon::OnInit();
if (return_code != 0) {
LOG(ERROR) << "Error initializing chromeos::Daemon";
return return_code;
}
// Must happen after chromeos::Daemon::OnInit in order to override the SIGTERM
// handler which it installs.
RegisterHandler(SIGTERM,
base::Bind(&GermInit::HandleSIGTERM, base::Unretained(this)));
if (!SetUpContainerCgroups()) {
// TODO(jorgelo): Make this fatal.
LOG(ERROR) << "Failed to set up container cgroups";
}
// It is important that we start all processes in a single task, since
// otherwise |init_process_reaper_| might cause us to exit after only some of
// the processes have exited. This is because InitProcessReaper's behavior is:
// after reaping a child, if we have no more children, then exit. Thus, we
// need to ensure that it never reaps a process while we're still in the
// middle of starting them.
CHECK(base::MessageLoop::current()->task_runner()->PostTask(
FROM_HERE,
base::Bind(&GermInit::StartProcesses, base::Unretained(this))));
return EX_OK;
}
void GermInit::StartProcesses() {
size_t i = 0;
for (const auto& executable : spec_.executables()) {
const pid_t pid = fork();
PCHECK(pid != -1) << "fork() failed: " << spec_.name() << " executable "
<< i;
if (pid == 0) {
sigset_t mask;
PCHECK(sigemptyset(&mask) == 0);
PCHECK(sigprocmask(SIG_SETMASK, &mask, nullptr) == 0);
launcher_.ExecveInMinijail(executable);
LOG(FATAL) << "execve() failed: " << spec_.name() << " executable " << i;
}
++i;
}
}
bool GermInit::HandleSIGTERM(const struct signalfd_siginfo& sigfd_info) {
// Send SIGTERM to all processes we can signal. Children are given a set
// amount of time to terminate cleanly. If the init process is still running
// after time time (meaning that it has unterminated children), it will
// forcibly quit (equivalent to sending all of its children SIGKILL).
PCHECK(kill(-1, SIGTERM) == 0);
CHECK(base::MessageLoop::current()->task_runner()->PostDelayedTask(
FROM_HERE, QuitClosure(),
base::TimeDelta::FromMilliseconds(spec_.shutdown_timeout_ms())));
// Return false to indicate that our handler should not be uninstalled.
return false;
}
bool GermInit::SetUpContainerCgroups() {
base::FilePath cpuacct("/sys/fs/cgroup/cpuacct");
base::FilePath container_cgroup = cpuacct.Append(spec_.name());
if (mkdir(container_cgroup.MaybeAsASCII().c_str(), 0700) == -1) {
if (errno != EEXIST) {
PLOG(ERROR) << "mkdir(container_cgroup)";
return false;
}
PLOG(INFO) << "mkdir(container_cgroup)";
}
base::FilePath tasks = container_cgroup.Append("tasks");
pid_t current_pid = getpid();
std::string spid = std::to_string(current_pid);
int n = base::WriteFile(tasks, spid.c_str(), spid.size());
if (n < 0) {
LOG(ERROR) << "WriteFile(tasks, pid) failed";
return false;
}
if (static_cast<size_t>(n) < spid.size()) {
LOG(ERROR) << "Could not write PID to " << tasks.MaybeAsASCII();
return false;
}
return true;
}
} // namespace germ