[lxc-devel] [PATCH 1/1] cgmanager: have root escape to root cgroup before starting

Stéphane Graber stgraber at ubuntu.com
Mon Feb 3 21:30:58 UTC 2014 

On Mon, Feb 03, 2014 at 03:11:16PM -0600, Serge Hallyn wrote:
> If a user in cgroup /a/b/c does 'lxc-start -n u1', then u1
> should be started under /a/b/c/u1.  However if he does
> 'sudo lxc-start -n u1', then that cgroup shoudl start under
> /lxc/u1.
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  src/lxc/cgmanager.c | 26 +++++++++++++++++++++++++-
>  1 file changed, 25 insertions(+), 1 deletion(-)
> 
> diff --git a/src/lxc/cgmanager.c b/src/lxc/cgmanager.c
> index 60f9cbe..29a0b58 100644
> --- a/src/lxc/cgmanager.c
> +++ b/src/lxc/cgmanager.c
> @@ -171,6 +171,25 @@ static bool lxc_cgmanager_create(const char *controller, const char *cgroup_path
>  	return true;
>  }
>  
> +static bool lxc_cgmanager_escape(void)
> +{
> +	pid_t me = getpid();
> +	int i;
> +	for (i = 0; i < nr_subsystems; i++) {
> +		if (cgmanager_move_pid_abs_sync(NULL, cgroup_manager,
> +					subsystems[i], "/", me) != 0) {
> +			NihError *nerr;
> +			nerr = nih_error_get();
> +			ERROR("call to cgmanager_move_pid_abs_sync(%s) failed: %s",
> +					subsystems[i], nerr->message);
> +			nih_free(nerr);
> +			return false;
> +		}
> +	}
> +
> +	return true;
> +}
> +
>  struct chown_data {
>  	const char *controller;
>  	const char *cgroup_path;
> @@ -589,7 +608,12 @@ out_free:
>  
>  static inline bool cgm_init(struct lxc_handler *handler)
>  {
> -	return collect_subsytems();
> +	if (!collect_subsytems())
> +		return false;
> +	if (geteuid())
> +		return true;
> +	// root;  try to escape to root cgroup
> +	return lxc_cgmanager_escape();
>  }
>  
>  static bool cgm_unfreeze_fromhandler(struct lxc_handler *handler)
> -- 
> 1.9.rc1
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140203/ba4f9ac4/attachment.pgp>

More information about the lxc-devel mailing list