On Mon, 2021-03-08 at 10:50 +0000, Daniel P. Berrangé wrote:
On Fri, Mar 05, 2021 at 08:13:59PM +0100, Andrea Bolognani wrote:
+ if (!(label = virProcessLimitResourceToLabel(resource))) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unknown resource %d requested for process %lld"), + resource, (long long)pid); + return -1;
Setting errors on -1
This is only hit if virProcessGetLimitFromProc() has been asked to obtain limits for a resource it doesn't know how to fetch, which indicates a bug in libvirt and is thus reported as internal error.
+ procfile = g_strdup_printf("/proc/%lld/limits", (long long)pid); + + if (!g_file_get_contents(procfile, &buf, &len, NULL)) + return -1;
Not setting errors on -1
This is simply "file couldn't be read", which would be the case on FreeBSD for example.
+ /* For whatever reason, using prlimit() on another process - even + * when it's just to obtain the current limit rather than changing + * it - requires CAP_SYS_RESOURCE, which we might not have in a + * containerized environment; on the other hand, no particular + * permission is needed to poke around /proc, so try that if going + * through the syscall didn't work */ + if (virProcessGetLimitFromProc(pid, resource, old_limit) == 0) + return 0;
This ought to be conditional for Linux only and error reporting needs to be made consistent.
The intent above was to have this fail quietly on non-Linux without adding checks for it, but sure I can have an actual stub on other platforms instead. -- Andrea Bolognani / Red Hat / Virtualization