def dummy(cgroup_name):
pid = os.getpid()
print('My pid: ', pid)
cg = Cgroup(cgroup_name)
print(cg.pids)
print('dummy groups', cg.cgroups)
print('dummy user', cg.user)
print('dummy cpu limit', cg.cpu_limit)
print('dummy memory limit', cg.memory_limit)
cg.add(pid)
print('leaving dummy')
def in_cgroup():
try:
pid = os.getpid()
cg = Cgroup(uuid1)
netns.setns(netns_name)
cg.add(pid)
except Exception as e:
traceback.print_exc()
file_log.write("Failed to preexecute function")
file_log.write(e)
def put(self, request, cgname, pid):
"""Add process to the cgroup and return a list of processes in the group"""
try:
# Init or create cgroup
cg = Cgroup(cgname)
# Add process to the group
# For security reasons you have to be root or the process has to
# belong to user under which you're running this api.
cg.add(int(pid))
serializer = CgroupSerializer(cg)
data = serializer.data
except CgroupsException as e:
raise CgroupsError(e)
return Response(data)
def in_cgroup():
try:
pid = os.getpid()
cg = Cgroup(name)
for env in env_vars:
#log.info('Setting ENV %s' % env)
os.putenv(*env.split('=', 1))
# Set network namespace
netns.setns(netns_name)
# add process to cgroup
cg.add(pid)
os.chroot(layer_dir)
if working_dir != '':
#log.info("Setting working directory to %s" % working_dir)
os.chdir(working_dir)
except Exception as e:
traceback.print_exc()
def in_cgroup():
try:
pid = os.getpid()
cg = Cgroup(name)
for env in env_vars:
log.info('Setting ENV %s' % env)
os.putenv(*env.split('=', 1))
# Set network namespace
netns.setns(netns_name)
# add process to cgroup
cg.add(pid)
os.chroot(layer_dir)
if working_dir != '':
log.info("Setting working directory to %s" % working_dir)
os.chdir(working_dir)
except Exception as e:
traceback.print_exc()
log.error("Failed to preexecute function")
log.error(e)
# Ensure a very conservative umask
old_umask = os.umask(0o77)
if __name__ == '__main__':
server_class = HTTPServer
httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler)
# Creating cgroup with wanted limitations
cg = Cgroup('jppapin')
cg.set_cpu_limit(1)
cg.set_memory_limit(700, unit="kilobytes")
# Adding this process in the cgroup
pid = os.getpid()
cg.add(pid)
print("Before dropping privileges")
drop_privileges()
print("After dropping privileges")
print(time.asctime(), 'Server Starts - %s:%s' % (HOST_NAME, PORT_NUMBER))
try:
httpd.serve_forever()
except KeyboardInterrupt:
pass
httpd.server_close()
print(time.asctime(), 'Server Stops - %s:%s' % (HOST_NAME, PORT_NUMBER))
def memory_reserve(mbytes):
# http://man7.org/linux/man-pages/man7/cgroups.7.html
# system memory to be reserved to the script
cg = Cgroup('my-container')
cg.set_memory_limit(mbytes)
cg.add(os.getpid())
def in_my_cgroup():
if not is_windows:
pid = os.getpid()
cg = Cgroup('thesy_cgroup')
cg.add(pid)
def in_my_cgroup():
pid = os.getpid()
cg = Cgroup('hipster_cgroup')
cg.add(pid)
server_class = HTTPServer
httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler)
print(time.asctime(), 'Server Starts - %s:%s' % (HOST_NAME, PORT_NUMBER))
newpid = os.fork()
if newpid == 0:
# Drop capabilities
print("=-" * 50)
os.system("capsh --print")
print("=-" * 50)
drop_privileges()
print("PRIVILEGES DROPPED")
print("=-" * 50)
os.system("capsh --print")
print("=-" * 50)
try:
httpd.serve_forever()
except KeyboardInterrupt:
pass
httpd.server_close()
print(time.asctime(),
'Server Stops - %s:%s' % (HOST_NAME, PORT_NUMBER))
else:
# CGroups
cg = Cgroup('charlie', user='******')
cg.set_cpu_limit(0.1)
cg.set_memory_limit(100, unit='megabytes')
cg.add(newpid)
print(os.getpid(), newpid)