I faced a problem about make build error and cgroup memory set.
I created Vagrantfile and ansible playbook.
[My repo] https://github.com/redtree0/Learning-C/tree/master/LinuxContainer/Setup
My development enviroment is as follow.
Enviroment:
OS : ubuntu 18.04 LTS
gcc : 7.3.0
docker : docker-ce=18.09.0
make : 4.1
Check out version.
vagrant@linuxcontainer:~$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 7.3.0-27ubuntu1~18.04' --with-bugurl=file:///usr/share/doc/gcc-7/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ --prefix=/usr --with-gcc-major-version-only --program-suffix=-7 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 7.3.0 (Ubuntu 7.3.0-27ubuntu1~18.04)
vagrant@linuxcontainer:~$ make -v
GNU Make 4.1
Built for x86_64-pc-linux-gnu
Copyright (C) 1988-2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
vagrant@linuxcontainer:~$ uname -a
Linux linuxcontainer 4.15.0-23-generic #25-Ubuntu SMP Wed May 23 18:02:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
vagrant@linuxcontainer:~$ docker version
Client:
Version: 18.09.0
API version: 1.39
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:49:01 2018
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.0
API version: 1.39 (minimum version 1.12)
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:16:44 2018
OS/Arch: linux/amd64
Experimental: false
About make build error:
What happend:
I git clone your repository. I run commands (make setup, make )
vagrant@linuxcontainer:~/diyC$ make setup
sudo iptables -A FORWARD -i enp0s3 -o veth -j ACCEPT || true
sudo iptables -A FORWARD -o enp0s3 -i veth -j ACCEPT || true
sudo iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -j MASQUERADE || true
sudo ip link add name diyc0 type bridge || true
sudo ip addr add dev diyc0 172.16.0.1/24 || true
sudo ip link set diyc0 up || true
sudo iptables -A FORWARD -i enp0s3 -o diyc0 -j ACCEPT || true
sudo iptables -A FORWARD -o enp0s3 -i diyc0 -j ACCEPT || true
sudo iptables -A FORWARD -o diyc0 -i diyc0 -j ACCEPT || true
mkdir -p containers
mkdir -p images
vagrant@linuxcontainer:~/diyC$ make
gcc -std=c99 -Wall -Werror -O2 src/diyc.c -o diyc
src/diyc.c: In function ‘container_exec’:
src/diyc.c:320:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&upper, "%s/upper", c->path);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:321:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&work, "%s/work", c->path);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:322:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&merged, "%s/merged", c->path);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:328:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&ovfs_opts, "lowerdir=%s/images/%s,upperdir=%s,workdir=%s",cwd, c->image, upper, work);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:370:5: error: ignoring return value of ‘setdomainname’, declared with attribute warn_unused_result [-Werror=unused-result]
setdomainname(domain, strlen(domain));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:371:5: error: ignoring return value of ‘sethostname’, declared with attribute warn_unused_result [-Werror=unused-result]
sethostname(c->id,strlen(c->id));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:382:9: error: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Werror=unused-result]
system("ip link set veth1 up");
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:383:9: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&ip_cmd, "ip addr add %s/24 dev veth1", c->ip);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:384:9: error: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Werror=unused-result]
system(ip_cmd);
^~~~~~~~~~~~~~
src/diyc.c:386:9: error: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Werror=unused-result]
system("ip route add default via 172.16.0.1");
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c: In function ‘change_root’:
src/diyc.c:176:5: error: ignoring return value of ‘realpath’, declared with attribute warn_unused_result [-Werror=unused-result]
realpath(path, newroot);
^~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:178:5: error: ignoring return value of ‘realpath’, declared with attribute warn_unused_result [-Werror=unused-result]
realpath(oldpath, oldroot);
^~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:185:5: error: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Werror=unused-result]
chdir("/");
^~~~~~~~~~
src/diyc.c: In function ‘create_peer’:
src/diyc.c:251:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&set_int, "ip link add veth%s type veth peer name veth1", id);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:252:5: error: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Werror=unused-result]
system(set_int);
^~~~~~~~~~~~~~~
src/diyc.c:255:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&set_int_up, "ip link set veth%s up", id);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:256:5: error: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Werror=unused-result]
system(set_int_up);
^~~~~~~~~~~~~~~~~~
src/diyc.c:259:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&add_to_bridge, "ip link set veth%s master %s", id, BRIDGE);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:260:5: error: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Werror=unused-result]
system(add_to_bridge);
^~~~~~~~~~~~~~~~~~~~~
src/diyc.c: In function ‘network_setup’:
src/diyc.c:275:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&set_pid_ns,"ip link set veth1 netns %d", pid);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/diyc.c:276:5: error: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Werror=unused-result]
system(set_pid_ns);
^~~~~~~~~~~~~~~~~~
In file included from /usr/include/fcntl.h:290:0,
from src/diyc.c:36:
In function ‘open’,
inlined from ‘copy_file’ at src/diyc.c:131:8:
/usr/include/x86_64-linux-gnu/bits/fcntl2.h:50:4: error: call to ‘__open_missing_mode’ declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
__open_missing_mode ();
^~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Makefile:12: recipe for target 'diyc' failed
make: *** [diyc] Error 1
I edit CFLAGS in Makefile keyword "-Wno-unused-result".
CFLAGS = -std=c99 -Wall -Wno-unused-result -Werror -O2
vagrant@linuxcontainer:~/diyC$ make
gcc -std=c99 -Wall -Wno-unused-result -Werror -O2 src/diyc.c -o diyc
In file included from /usr/include/fcntl.h:290:0,
from src/diyc.c:36:
In function ‘open’,
inlined from ‘copy_file’ at src/diyc.c:131:8:
/usr/include/x86_64-linux-gnu/bits/fcntl2.h:50:4: error: call to ‘__open_missing_mode’ declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
__open_missing_mode ();
^~~~~~~~~~~~~~~~~~~~~~
Makefile:12: recipe for target 'diyc' failed
make: *** [diyc] Error 1
I fix open() at 131 line. int open(const char *pathname, int flags, mode_t mode);
I set mode to S_IRWXU(owner 700 permission).
Then, I successed build.
vagrant@linuxcontainer:~/diyC$ make
gcc -std=c99 -Wall -Wno-unused-result -Werror -O2 src/diyc.c -o diyc
gcc -std=c99 -Wall -Wno-unused-result -Werror -O2 src/nsexec.c -o nsexec
vagrant@linuxcontainer:~/diyC$ ls
LICENSE README.md diyc images nsexec
Makefile containers docs mkdocs.yml src
What I fix to happen:
- edit CFLAGS in Makefile keyword "-Wno-unused-result".
CFLAGS = -std=c99 -Wall -Wno-unused-result -Werror -O2
2.fix open() at 131 line.
About cgroup setup error
What happend:
I test your example “Example: Limit memory used by cgroups”.
This error ocured about “Permission denied”.
vagrant@linuxcontainer:~/diyC$ sudo ./diyc -m 10 cgroup debian bash
Could not set swap limit: Permission denied
vagrant@linuxcontainer:~/diyC$ access bash failed No such file or directory:
root@cgroup:/# root@cgroup:/# root@cgroup:/# root@cgroup:/# root@cgroup:/# root@cgroup:/# root@cgroup:/# logout
Connection to 127.0.0.1 closed.
I remove at 225 ~ 229 lines.
because I don't see a file memory.memsw.limit_in_bytes in /sys/fs/cgroup/memory/.
/sys/fs/cgroup/memory
/sys/fs/cgroup/memory/
root@linuxcontainer:/sys/fs/cgroup/memory# ls
18397 memory.limit_in_bytes
cgroup.clone_children memory.max_usage_in_bytes
cgroup.event_control memory.move_charge_at_immigrate
cgroup.procs memory.numa_stat
cgroup.sane_behavior memory.oom_control
docker memory.pressure_level
memory.failcnt memory.soft_limit_in_bytes
memory.force_empty memory.stat
memory.kmem.failcnt memory.swappiness
memory.kmem.limit_in_bytes memory.usage_in_bytes
memory.kmem.max_usage_in_bytes memory.use_hierarchy
memory.kmem.slabinfo notify_on_release
memory.kmem.tcp.failcnt release_agent
memory.kmem.tcp.limit_in_bytes system.slice
memory.kmem.tcp.max_usage_in_bytes tasks
memory.kmem.tcp.usage_in_bytes user.slice
memory.kmem.usage_in_bytes
root@linuxcontainer:/sys/fs/cgroup/memory/18397# ls
cgroup.clone_children memory.limit_in_bytes
cgroup.event_control memory.max_usage_in_bytes
cgroup.procs memory.move_charge_at_immigrate
memory.failcnt memory.numa_stat
memory.force_empty memory.oom_control
memory.kmem.failcnt memory.pressure_level
memory.kmem.limit_in_bytes memory.soft_limit_in_bytes
memory.kmem.max_usage_in_bytes memory.stat
memory.kmem.slabinfo memory.swappiness
memory.kmem.tcp.failcnt memory.usage_in_bytes
memory.kmem.tcp.limit_in_bytes memory.use_hierarchy
memory.kmem.tcp.max_usage_in_bytes notify_on_release
memory.kmem.tcp.usage_in_bytes tasks
memory.kmem.usage_in_bytes
Then, I successed your example.
vagrant@linuxcontainer:~$ cp -r debian.tar test/diyC/
vagrant@linuxcontainer:~$ cd test/diyC/
vagrant@linuxcontainer:~/test/diyC$ ls
Dockerfile Makefile containers diyc images nsexec
LICENSE README.md debian.tar docs mkdocs.yml src
vagrant@linuxcontainer:~/test/diyC$ sudo ./diyc -m 10 cgroup debian /bin/bash
root@cgroup:/# python -c 'str = " " * 10000000'
Killed
root@cgroup:/# python -c 'str = " " * 1000000'
What I fix to happen:
I remove at 225 ~ 229 lines.
because I don't see memory.memsw.limit_in_bytes in /sys/fs/cgroup/memory/.
/sys/fs/cgroup/memory
/sys/fs/cgroup/memory/
[Reference]
open() http://man7.org/linux/man-pages/man2/open.2.html
int open(const char *pathname, int flags, mode_t mode);
mode_t https://jameshfisher.com/2017/02/24/what-is-mode_t.html
#define S_IRWXU 0000700 /* RWX mask for owner */
Finally, I add a Dockerfile for test.
(debian based images and install python and curl )
vagrant@linuxcontainer:~/image$ docker build -t test .
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM debian
---> 4879790bd60d
Step 2/3 : MAINTAINER redtree0 [email protected]
---> Using cache
---> b2d2b4fff2d8
Step 3/3 : RUN apt-get update && apt-get install -y software-properties-common python curl
---> Using cache
---> cbaf2c7f825d
Successfully built cbaf2c7f825d
Successfully tagged test:latest