now alsoOC support all linux with both cgroup and cgroup2 enabled by …

…default
springzfx · Apr 24, 2020 · a440046 · a440046
1 parent 945222a
commit a440046
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 14 deletions.
diff --git a/cgattach.cpp b/cgattach.cpp
@@ -31,6 +31,14 @@ bool validate(string pid, string cgroup) {
   exit(EXIT_FAILURE);
 }
 
+string get_cgroup2_mount_point(){
+  char cgroup2_mount_point[100];
+  FILE* fp = popen("findmnt -t cgroup2 -n |cut -d' '  -f 1", "r");
+  fscanf(fp,"%s",&cgroup2_mount_point);
+  fclose(fp);
+  return cgroup2_mount_point;
+}
+
 int main(int argc, char *argv[]) {
   setuid(0);
   setgid(0);
@@ -48,7 +56,8 @@ int main(int argc, char *argv[]) {
   string pid = string(argv[1]);
   string cgroup_target = string(argv[2]);
   validate(pid, cgroup_target);
-  string cgroup_mount_point = "/sys/fs/cgroup";
+  // string cgroup_mount_point = "/sys/fs/cgroup";
+  string cgroup_mount_point = get_cgroup2_mount_point();
   string cgroup_target_path = cgroup_mount_point + cgroup_target;
   string cgroup_target_procs = cgroup_target_path + "/cgroup.procs";
 

diff --git a/cgroup-tproxy.sh b/cgroup-tproxy.sh
@@ -3,14 +3,14 @@ print_help(){
 cat << 'DOC'
 #############################################################################
 # 
-# 1. For now, linux default using cgroup v1 for compatibility
-#    this script need cgroup v2, you need enable cgroup v2 in your system. 
+# 1. This script need cgroup v2 
 # 
 # 2. Listening port is expected to accept iptables TPROXY, while REDIRECT 
 #    will not work in this script, because REDIRECT only support tcp/ipv4
 # 
-# 3. TPROXY need root or cap_net_admin capability whatever process is listening on port
-#    v2ray as example: sudo setcap cap_net_admin+ep /usr/lib/v2ray/v2ray
+# 3. TPROXY need root or special capability whatever process is listening on port
+#    v2ray as example: 
+#       sudo setcap "cap_net_bind_service=+ep cap_net_admin=+ep" /usr/lib/v2ray/v2ray
 # 
 # 4. this script will proxy anything running in specific cgroup
 # 
@@ -51,11 +51,10 @@ make_newin=0x02
 ## cgroup things
 # cgroup_mount_point=$(findmnt -t cgroup,cgroup2 -n -J|jq '.filesystems[0].target')
 # cgroup_type=$(findmnt -t cgroup,cgroup2 -n -J|jq '.filesystems[0].fstype')
-cgroup_mount_point="/sys/fs/cgroup"
+cgroup_mount_point=$(findmnt -t cgroup2 -n |cut -d' ' -f 1)
 cgroup_type="cgroup2"
 cgroup_procs_file="cgroup.procs"
 
-set -x
 ## parse parameter
 for i in "$@"
 do

diff --git a/readme.md b/readme.md
@@ -29,18 +29,14 @@ It aslo supports global transparent proxy. See [Global transparent proxy](#globa
 
 - cgroup2
 
-  Why cgroup v2?  Because simple, elegant and intuitive.
-
-  For now, linux default using cgroup v1 for compatibility, this project need cgroup v2, you need disable cgroup v1 and enable cgroup v2 in your system.  see [Disabling v1 cgroups](https://wiki.archlinux.org/index.php/Cgroups#Disabling_v1_cgroups).
-
-  - `findmnt -t cgroup,cgroup2` to find out your cgroup version
+  Both cgroup and cgroup2 are enable in linux by default. So you don't have to do anything about this.
   - `systemd-cgls` to see the cgroup hierarchical tree.
+  - Why cgroup v2?  Because simple, elegant and intuitive.
 
 - TPROXY
 
   A process listening on port (e.g.  12345)  to accept iptables TPROXY, for example v2ray's dokodemo-door  in tproxy mode.
-
-  Why not REDIRECT? Because REDIRECT only supports tcp and ipv4.
+  - Why not REDIRECT? Because REDIRECT only supports tcp and ipv4.
 
 ## How to install