pub trait CgroupManager: Send + Sync {
// Required methods
fn create_hierarchy(&self) -> Result<(), CgroupError>;
fn create_scope(
&self,
parent_slice: &str,
name: &str,
limits: &ResourceLimits,
) -> Result<CgroupHandle, CgroupError>;
fn destroy_scope(&self, handle: &CgroupHandle) -> Result<(), CgroupError>;
fn read_metrics(&self, path: &str) -> Result<CgroupMetrics, CgroupError>;
fn is_scope_empty(&self, handle: &CgroupHandle) -> Result<bool, CgroupError>;
}Expand description
Trait for cgroup hierarchy management.
Both pact (direct cgroup v2 filesystem) and lattice (standalone mode) implement this. The trait defines the contract; ownership enforcement (RI1) and emergency override (RI3) are the implementer’s responsibility.
§Invariants enforced
- RI2: every supervised process has a scope (caller must use
create_scopebefore spawn) - RI5: callback on failure (caller must call
destroy_scopeon spawn failure) - RI6: shared read (any path readable via
read_metrics)
Required Methods§
Sourcefn create_hierarchy(&self) -> Result<(), CgroupError>
fn create_hierarchy(&self) -> Result<(), CgroupError>
Create the top-level slice hierarchy.
Called once at boot. Idempotent — safe to call if hierarchy already exists.
Creates pact.slice/ and workload.slice/ with their sub-slices.
Sourcefn create_scope(
&self,
parent_slice: &str,
name: &str,
limits: &ResourceLimits,
) -> Result<CgroupHandle, CgroupError>
fn create_scope( &self, parent_slice: &str, name: &str, limits: &ResourceLimits, ) -> Result<CgroupHandle, CgroupError>
Create a scoped cgroup for a service or allocation.
Returns a handle for process placement. The scope is created under
parent_slice with the given name and resource limits applied.
§Errors
Returns CgroupError::CreationFailed if the scope cannot be created.
Returns CgroupError::PermissionDenied if the caller doesn’t own the parent slice.
Sourcefn destroy_scope(&self, handle: &CgroupHandle) -> Result<(), CgroupError>
fn destroy_scope(&self, handle: &CgroupHandle) -> Result<(), CgroupError>
Kill all processes in a scope and release it.
Uses cgroup.kill (Linux 5.14+) for immediate cleanup. No grace period
for child processes (PS3). Falls back to iterating cgroup.procs + SIGKILL
on older kernels.
§Errors
Returns CgroupError::KillFailed if processes cannot be killed (e.g., D-state).
The scope should be marked as zombie in this case (F30).
Sourcefn read_metrics(&self, path: &str) -> Result<CgroupMetrics, CgroupError>
fn read_metrics(&self, path: &str) -> Result<CgroupMetrics, CgroupError>
Read metrics from any cgroup path.
Shared read access across all slices (RI6) — no ownership check.
Sourcefn is_scope_empty(&self, handle: &CgroupHandle) -> Result<bool, CgroupError>
fn is_scope_empty(&self, handle: &CgroupHandle) -> Result<bool, CgroupError>
Check if a scope is empty (no processes).
Used by the supervision loop to detect completed allocations (WI5).