[lxc-devel] [lxcfs/master] bindings: revert cgroup check
brauner on Github
lxc-bot at linuxcontainers.org
Fri Aug 26 08:04:40 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 1333 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160826/41a1ca8f/attachment.bin>
-------------- next part --------------
From 5ccc353f1fb14ce36ad6ec738ca709336fe4d312 Mon Sep 17 00:00:00 2001
From: Christian Brauner <cbrauner at suse.de>
Date: Thu, 25 Aug 2016 22:33:07 +0200
Subject: [PATCH] bindings: revert cgroup check
We do not need to check whether mode & W_OK is passed in. Even if the cgroup
root mount is writeable operations like cg_mkdir() et al. will fail with e.g.
EPERM. Basically all operations will fail on the cgroup root mount point because
the first operation they perform is pick_controller_from_path(). That is to say
they try to e.g. pick "blkio" from /var/lib/lxcfs/cgroup/blkio/some/cgroups an
similiar for all other controllers. If pick_controller_from_path() fails they
all return an appropriate errno. For example, cg_mkdir() does:
controller = pick_controller_from_path(fc, path);
if (!controller)
return errno == ENOENT ? -EPERM : -errno;
This means, we do not need to return an errno already in cg_access when
mode & W_OK is passed in. This has the advantage that users are still able to
descend into /var/lib/lxcfs/cgroup via:
cd /var/lib/lxcfs/cgroup
but are still blocked from doing any write operations.
Signed-off-by: Christian Brauner <cbrauner at suse.de>
---
bindings.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/bindings.c b/bindings.c
index 281aad2..8a5909a 100644
--- a/bindings.c
+++ b/bindings.c
@@ -1926,11 +1926,8 @@ int cg_access(const char *path, int mode)
struct cgfs_files *k = NULL;
struct fuse_context *fc = fuse_get_context();
- if (strcmp(path, "/cgroup") == 0) {
- if ((mode & W_OK) == 0)
- return -EACCES;
+ if (strcmp(path, "/cgroup") == 0)
return 0;
- }
if (!fc)
return -EIO;
More information about the lxc-devel
mailing list