Provided by: libpcp-pmda3-dev_3.10.8build1_amd64
pmdaRootConnect, pmdaRootShutdown, pmdaRootContainerHostName, pmdaRootContainerProcessID, pmdaRootContainerCGroupName - privileged PCP collector services
#include <pcp/pmapi.h> #include <pcp/pmda.h> int pmdaRootConnect(void); void pmdaRootShutdown(int fd); int pmdaRootContainerHostName(int fd, char *name, int namelen, char *buffer, int buflen); int pmdaRootContainerProcessID(int fd, char *name, int namelen); int pmdaRootContainerCGroupName(int fd, char *name, int namelen, char *buffer, int buflen); cc ... -lpcp_pmda -lpcp
pmdaRootConnect initializes an IPC channel between a PCP collector process - either a PMDA(3) or pmcd(1) itself - and the pmdaroot(1) server. On success, the return value from pmdaRootConnect is a unix(7) domain socket file descriptor, which can be subsequently passed to each of the other APIs described here. This channel can be used to perform limited privilege escalation for specific scenarios needed by PCP collector services. The channel can be deactivated using the pmdaRootShutdown interface. Currently, these services provide access to the container facilities of modern Linux distributions, as needed by various agents accessing kernel features related to containers. pmdaRootContainerHostName allows lookup of the current hostname for a named container on behalf of an unprivileged process, via the setns(3) system call on Linux. On success, the hostname is returned in the supplied buffer, of size buflen and the return value indicates the length of the hostname. pmdaRootContainerProcessID performs a name to process identifier translation - on success, the return value is the identifier of the first process started (process 1) in the named container. pmdaRootContainerCGroupName fills the supplied buffer with the engine-specific names of kernel control groups that have been used to build the container identified by name. When successful, the return value indicates the length of the cgroup name resolved for the container. The name of the container is interpreted by pmdaroot(1), which attempts to match up the specified name with one of the implementations of containers that it is aware of. Hence, the name argument is potentially interpreted differently, depending on the installed container engine, as determined internally by pmdaroot(1)). In the case of the Docker container engine, for example, a valid container name can be the unique hash identifier, the human-readable name, or any unique identifier substring. This is the algorithm used by the Docker client tools themselves.
All pmdaRoot interfaces will return negative status codes suitable for passing to pmErrStr_r(3).