[lxc-devel] [lxc/master] cgfsng: chmod the tasks and procns files

hallyn on Github lxc-bot at linuxcontainers.org
Fri Mar 11 04:26:34 UTC 2016


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 353 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160311/b379f08e/attachment.bin>
-------------- next part --------------
From 564c1dfbbb6a84f61ae3b62c1dee47a25c8bf262 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu, 10 Mar 2016 20:24:43 -0800
Subject: [PATCH] cgfsng: chmod the tasks and procns files

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
 src/lxc/cgfsng.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/lxc/cgfsng.c b/src/lxc/cgfsng.c
index add95fc..2faefee 100644
--- a/src/lxc/cgfsng.c
+++ b/src/lxc/cgfsng.c
@@ -1167,24 +1167,34 @@ static int chown_cgroup_wrapper(void *data)
 		char *fullpath, *path = d->hierarchies[i]->fullcgpath;
 
 		if (chown(path, destuid, 0) < 0) {
-			SYSERROR("Error chowning %s to %d: %m", path, (int) destuid);
+			SYSERROR("Error chowning %s to %d", path, (int) destuid);
 			return -1;
 		}
 
 		if (chmod(path, 0775) < 0) {
-			SYSERROR("Error chmoding %s: %m", path);
+			SYSERROR("Error chmoding %s", path);
 			return -1;
 		}
 
-		/* Failures to chown these are inconvenient but not detrimental */
+		/*
+		 * Failures to chown these are inconvenient but not detrimental
+		 * We leave these owned by the container launcher, so that container
+		 * root can write to the files to attach.  We chgrp them 775 so that
+		 * container systemd can write to the files (which systemd in wily
+		 * insists on doing)
+		 */
 		fullpath = must_make_path(path, "tasks", NULL);
 		if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
 			WARN("Failed chowning %s to %d: %m", fullpath, (int) destuid);
+		if (chmod(fullpath, 0775) < 0)
+			WARN("Error chmoding %s: %m", path);
 		free(fullpath);
 
 		fullpath = must_make_path(path, "cgroup.procs", NULL);
 		if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
 			WARN("Failed chowning %s to %d: %m", fullpath, (int) destuid);
+		if (chmod(fullpath, 0775) < 0)
+			WARN("Error chmoding %s: %m", path);
 		free(fullpath);
 	}
 


More information about the lxc-devel mailing list