[lxc-devel] [lxc/master] cgroups/cgfsng: adapt to new cgroup2 delegation

brauner on Github lxc-bot at linuxcontainers.org
Wed Nov 8 00:52:57 UTC 2017


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 675 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171108/467f153a/attachment.bin>
-------------- next part --------------
From 9d5c0da620ad1f7ede2963f39a0485a7c633f5b9 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 8 Nov 2017 01:50:55 +0100
Subject: [PATCH] cgroups/cgfsng: adapt to new cgroup2 delegation

In order to enable proper unprivileged cgroup delegation on newer kernels we not
just need to delegate the "cgroup.procs" file but also "cgroup.threads". But
don't report an error in case it doesn't exist. Also delegate
"cgroup.subtree_control" to enable delegation of controllers to descendant
cgroups.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/cgroups/cgfsng.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index cc11f12de..e28dc30ed 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1503,6 +1503,29 @@ static int chown_cgroup_wrapper(void *data)
 		if (chmod(fullpath, 0664) < 0)
 			WARN("Error chmoding %s: %s", path, strerror(errno));
 		free(fullpath);
+
+		if (!hierarchies[i]->is_cgroup_v2)
+			continue;
+
+		fullpath = must_make_path(path, "cgroup.subtree_control", NULL);
+		if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
+			WARN("Failed chowning %s to %d: %s", fullpath, (int) destuid,
+			     strerror(errno));
+		if (chmod(fullpath, 0664) < 0)
+			WARN("Error chmoding %s: %s", path, strerror(errno));
+		free(fullpath);
+
+		fullpath = must_make_path(path, "cgroup.threads", NULL);
+		if (!file_exists(fullpath)) {
+			free(fullpath);
+			continue;
+		}
+		if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
+			WARN("Failed chowning %s to %d: %s", fullpath, (int) destuid,
+			     strerror(errno));
+		if (chmod(fullpath, 0664) < 0)
+			WARN("Error chmoding %s: %s", path, strerror(errno));
+		free(fullpath);
 	}
 
 	return 0;


More information about the lxc-devel mailing list