[lxc-devel] [lxc/master] cgfs: do not automount if cgroup namespaces are supported

[hallyn on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 814 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160225/5e50bc39/attachment.bin>
-------------- next part --------------
From f48ef3ae257e98834d2aa2a98c302316bd5adcd3 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed, 24 Feb 2016 17:00:35 -0800
Subject: [PATCH] cgfs: do not automount if cgroup namespaces are supported

In that case containers will be able to mount cgroup filesystems
for themselves as they do on a host.

This fixes inability to start systemd based containers on cgns-enabled
kernels with cgmanager not running.

I've tested debianjessie, busybox, ubuntu trusty and xenial, all of
which booted ok.  However if there are some setups which require
premounted cgroupfs (i.e. they don't mount if they detect being in
a container), this may cause trouble.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
 src/lxc/cgfs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/lxc/cgfs.c b/src/lxc/cgfs.c
index d41e74c..97a4e6d 100644
--- a/src/lxc/cgfs.c
+++ b/src/lxc/cgfs.c
@@ -1356,6 +1356,9 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type)
 	struct cgroup_process_info *info, *base_info;
 	int r, saved_errno = 0;
 
+	if (cgns_supported())
+		return true;
+
 	cgfs_d = hdata;
 	if (!cgfs_d)
 		return false;