Isolation: wired up per-application cgroup support internally.

This commit hooks into the cgroup infrastructure added in the previous
commit to create per-application cgroups.

It does this by adding each "prototype process" into its own cgroup,
then each child process inherits its parents cgroup.

If we fail to create a cgroup we simply fail the process. This behaviour
may get enhanced in the future.

This won't actually do anything yet. Subsequent commits will hook this
up to the build and config systems.

Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>

1 files changed, 13 insertions, 0 deletions

diff --git a/src/nxt_process.h b/src/nxt_process.h
index 15fd4e7f..0db68d45 100644
--- a/src/nxt_process.h
+++ b/src/nxt_process.h
@@ -61,8 +61,11 @@ typedef enum {
 
 typedef struct nxt_port_mmap_s  nxt_port_mmap_t;
 typedef struct nxt_process_s    nxt_process_t;
+typedef struct nxt_cgroup_s     nxt_cgroup_t;
 typedef void (*nxt_isolation_cleanup_t)(nxt_task_t *task,
     nxt_process_t *process);
+typedef void (*nxt_cgroup_cleanup_t)(nxt_task_t *task,
+    const nxt_process_t *process);
 
 
 typedef struct {
@@ -80,6 +83,11 @@ typedef struct {
 } nxt_process_automount_t;
 
 
+struct nxt_cgroup_s {
+    char  *path;
+};
+
+
 typedef struct {
     u_char                   *rootfs;
     nxt_process_automount_t  automount;
@@ -87,6 +95,11 @@ typedef struct {
 
     nxt_isolation_cleanup_t  cleanup;
 
+    nxt_cgroup_cleanup_t     cgroup_cleanup;
+#if (NXT_HAVE_CGROUP)
+    nxt_cgroup_t             cgroup;
+#endif
+
 #if (NXT_HAVE_CLONE)
     nxt_clone_t              clone;
 #endif