[lxc-devel] [lxc/lxc] 509c07: cgmanager: chmod the container's base directory 77...

GitHub noreply at github.com
Fri Jan 31 13:57:53 UTC 2014


  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 509c077284324191e7768037a6b9edd65beacf18
      https://github.com/lxc/lxc/commit/509c077284324191e7768037a6b9edd65beacf18
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-01-31 (Fri, 31 Jan 2014)

  Changed paths:
    M src/lxc/cgmanager.c

  Log Message:
  -----------
  cgmanager: chmod the container's base directory 775

In order for attach to work, the container owner must be able to
write to the tasks file.  Therefore we make the container's cgroup
owned by the container root group, but the container owner uid.
So for the container root to be allowed to create new cgroups, it
needs group write perms.

With this patch, an unprivileged container with an
lxc.mount.auto = cgroup entry entry can run the cgproxy and pass
all cgmanager tests.

Acls would have been another way to do this, but are not yet being
used/exported by cgmanager.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>




More information about the lxc-devel mailing list