Struct CgroupV2Manager 

pub struct CgroupV2Manager { /* private fields */ }

cgroup v2 resource manager for a single agent.

One CgroupV2Manager is created per agent instance. It owns a sub-cgroup that is a sibling of the calling process’s cgroup, providing resource accounting, enforcement, and forcible termination.

Implementations

impl CgroupV2Manager

pub async fn is_available() -> bool

Check whether cgroup v2 is available on this system.

Returns true if /sys/fs/cgroup/cgroup.controllers exists.

pub async fn discover_cgroup_parent() -> Result<PathBuf, SandboxError>

Discover the parent of the calling process’s own cgroup.

Parses the 0:: entry (unified hierarchy) from /proc/self/cgroup to obtain the process’s current cgroup path, then returns its parent. Agent sub-cgroups are created there, making them siblings of the process’s cgroup and enabling resource controllers without violating the cgroup-v2 “no internal processes” constraint.

Falls back to the process’s own cgroup if it has no parent (e.g., running directly under the cgroup root — rare in practice).

Errors

Returns SandboxError::CgroupParseFailed if /proc/self/cgroup cannot be read or the 0:: entry is absent.

pub async fn new( agent_id: Uuid, resources: Option<&ResourceLimits>, ) -> Result<Self, SandboxError>

Create a new cgroup manager for the given agent UUID.

Discovers the process cgroup’s parent, creates the agent sub-cgroup directory, enables required controllers on the parent and on the synwire/ intermediate cgroup, and applies resource limits if provided.

Falls back gracefully (returns error, caller should log and disable cgroup tracking) if cgroup v2 is not available or the path is not writable.

Errors

Returns a SandboxError variant if cgroup setup fails.

pub fn base_path(&self) -> &Path

Absolute path to this agent’s cgroup directory.

pub async fn move_pid(&self, pid: u32) -> Result<(), SandboxError>

Move a process into this agent’s cgroup.

Errors

Returns SandboxError::CgroupIo if writing to cgroup.procs fails.

pub async fn read_stats(&self) -> Option<CgroupStats>

Read live CPU and memory stats for this cgroup.

Returns None if either file is missing or unparseable (non-fatal).

pub async fn kill_all(&self) -> Result<(), SandboxError>

Forcibly kill all processes in this cgroup.

Tries cgroup.kill (Linux 5.14+); falls back to reading cgroup.procs and sending SIGKILL to each PID via nix.

Errors

Returns SandboxError::CgroupIo if both kill mechanisms fail.

pub async fn destroy(&self)

Remove this agent’s cgroup directory.

Should only be called after all processes have exited. Logs a warning if removal fails (e.g., lingering processes).

Trait Implementations

impl Debug for CgroupV2Manager

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Drop for CgroupV2Manager

fn drop(&mut self)

Executes the destructor for this type.