fix cgroup handling for Incus containers (#224)

Author: def

cgroup/cgroup.go

@@ -25,6 +25,7 @@ var (
 	lxcIdRegexp         = regexp.MustCompile(`/lxc/([^/]+)`)
 	systemSliceIdRegexp = regexp.MustCompile(`(/(system|runtime|reserved)\.slice/([^/]+))`)
 	talosIdRegexp       = regexp.MustCompile(`/(system|podruntime)/([^/]+)`)
+	lxcPayloadRegexp    = regexp.MustCompile(`/lxc\.payload\.([^/]+)`)
 )
 
 type ContainerType uint8
@@ -129,7 +130,14 @@ func NewFromProcessCgroupFile(filePath string) (*Cgroup, error) {
 			continue
 		}
 		for _, cgType := range strings.Split(parts[1], ",") {
-			p := path.Join(baseCgroupPath, parts[2])
+			cgPath := parts[2]
+			if strings.HasPrefix(parts[2], "/lxc.payload.") {
+				pp := strings.Split(cgPath, "/")
+				if len(parts) > 2 {
+					cgPath = "/" + pp[1]
+				}
+			}
+			p := path.Join(baseCgroupPath, cgPath)
 			switch p {
 			case "/", "/init.scope":
 				continue
@@ -147,24 +155,22 @@ func NewFromProcessCgroupFile(filePath string) (*Cgroup, error) {
 
 func containerByCgroup(cgroupPath string) (ContainerType, string, error) {
 	parts := strings.Split(strings.TrimLeft(cgroupPath, "/"), "/")
-	if cgroupPath == "/init" {
-		return ContainerTypeTalosRuntime, "/talos/init", nil
-	}
-	if len(parts) < 2 {
+	if len(parts) == 0 {
 		return ContainerTypeStandaloneProcess, "", nil
 	}
 	prefix := parts[0]
-	if prefix == "user.slice" || prefix == "init.scope" {
+	switch {
+	case cgroupPath == "/init":
+		return ContainerTypeTalosRuntime, "/talos/init", nil
+	case prefix == "user.slice" || prefix == "init.scope":
 		return ContainerTypeStandaloneProcess, "", nil
-	}
-	if prefix == "docker" || (prefix == "system.slice" && strings.HasPrefix(parts[1], "docker-")) {
+	case prefix == "docker" || (prefix == "system.slice" && len(parts) > 1 && strings.HasPrefix(parts[1], "docker-")):
 		matches := dockerIdRegexp.FindStringSubmatch(cgroupPath)
 		if matches == nil {
 			return ContainerTypeUnknown, "", fmt.Errorf("invalid docker cgroup %s", cgroupPath)
 		}
 		return ContainerTypeDocker, matches[1], nil
-	}
-	if strings.Contains(cgroupPath, "kubepods") {
+	case strings.Contains(cgroupPath, "kubepods"):
 		crioMatches := crioIdRegexp.FindStringSubmatch(cgroupPath)
 		if crioMatches != nil {
 			return ContainerTypeCrio, crioMatches[1], nil
@@ -181,27 +187,33 @@ func containerByCgroup(cgroupPath string) (ContainerType, string, error) {
 			return ContainerTypeSandbox, "", nil
 		}
 		return ContainerTypeDocker, matches[1], nil
-	}
-	if prefix == "lxc" {
-		matches := lxcIdRegexp.FindStringSubmatch(cgroupPath)
-		if matches == nil {
-			return ContainerTypeUnknown, "", fmt.Errorf("invalid lxc cgroup %s", cgroupPath)
-		}
-		return ContainerTypeLxc, matches[1], nil
-	}
-	if prefix == "system" || prefix == "podruntime" {
+	case prefix == "system" || prefix == "podruntime":
 		matches := talosIdRegexp.FindStringSubmatch(cgroupPath)
 		if matches == nil {
 			return ContainerTypeUnknown, "", fmt.Errorf("invalid talos runtime cgroup %s", cgroupPath)
 		}
 		return ContainerTypeTalosRuntime, path.Join("/talos/", matches[2]), nil
-	}
-	if prefix == "system.slice" || prefix == "runtime.slice" || prefix == "reserved.slice" {
+	case prefix == "system.slice" || prefix == "runtime.slice" || prefix == "reserved.slice":
 		matches := systemSliceIdRegexp.FindStringSubmatch(cgroupPath)
 		if matches == nil {
 			return ContainerTypeUnknown, "", fmt.Errorf("invalid systemd cgroup %s", cgroupPath)
 		}
 		return ContainerTypeSystemdService, strings.Replace(matches[1], "\\x2d", "-", -1), nil
+	case prefix == "lxc":
+		matches := lxcIdRegexp.FindStringSubmatch(cgroupPath)
+		if matches == nil {
+			return ContainerTypeUnknown, "", fmt.Errorf("invalid lxc cgroup %s", cgroupPath)
+		}
+		return ContainerTypeLxc, matches[1], nil
+	case strings.HasPrefix(prefix, "lxc.payload."):
+		matches := lxcPayloadRegexp.FindStringSubmatch(cgroupPath)
+		if matches == nil {
+			return ContainerTypeUnknown, "", fmt.Errorf("invalid lxc payload cgroup %s", cgroupPath)
+		}
+		return ContainerTypeLxc, "/lxc/" + matches[1], nil
+	case len(parts) < 2:
+		return ContainerTypeStandaloneProcess, "", nil
 	}
+
 	return ContainerTypeUnknown, "", fmt.Errorf("unknown container: %s", cgroupPath)
 }

cgroup/cgroup_test.go

@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestNewFromProcessCgroupFile(t *testing.T) {
@@ -75,6 +76,12 @@ func TestNewFromProcessCgroupFile(t *testing.T) {
 	assert.Equal(t, "95cbe853416f52d927dec41f1406dd75015ea131244a1ca875a7cd4ebe927ac8", cg.ContainerId)
 	assert.Equal(t, ContainerTypeDocker, cg.ContainerType)
 
+	cg, err = NewFromProcessCgroupFile(path.Join("fixtures/proc/3000/cgroup"))
+	require.Nil(t, err)
+	assert.Equal(t, "/lxc.payload.first", cg.Id)
+	assert.Equal(t, "/lxc/first", cg.ContainerId)
+	assert.Equal(t, ContainerTypeLxc, cg.ContainerType)
+
 	baseCgroupPath = "/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podc83d0428_58af_41eb_8dba_b9e6eddffe7b.slice/docker-0e612005fd07e7f47e2cd07df99a2b4e909446814d71d0b5e4efc7159dd51252.scope"
 	defer func() {
 		baseCgroupPath = ""
@@ -178,4 +185,14 @@ func TestContainerByCgroup(t *testing.T) {
 	as.Equal(typ, ContainerTypeTalosRuntime)
 	as.Equal("/talos/init", id)
 	as.Nil(err)
+
+	typ, id, err = containerByCgroup("/lxc.payload.first")
+	as.Equal(typ, ContainerTypeLxc)
+	as.Equal("/lxc/first", id)
+	as.Nil(err)
+
+	typ, id, err = containerByCgroup("/lxc.monitor.first")
+	as.Equal(ContainerTypeStandaloneProcess, typ)
+	as.Equal("", id)
+	as.Nil(err)
 }

cgroup/fixtures/proc/3000/cgroup

@@ -0,0 +1 @@
+0::/lxc.payload.first/system.slice/systemd-logind.service