[lxc-devel] [lxc/lxc] d1783e: cgroups: handle older kernels (e.g. v4.9)
Stéphane Graber
noreply at github.com
Mon Mar 30 18:13:02 UTC 2020
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: d1783ef4d0fb1c6e1e9ab9876c46bb6814da4d18
https://github.com/lxc/lxc/commit/d1783ef4d0fb1c6e1e9ab9876c46bb6814da4d18
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-30 (Mon, 30 Mar 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
M src/lxc/conf.c
M src/lxc/conf.h
Log Message:
-----------
cgroups: handle older kernels (e.g. v4.9)
On olders kernels the restrictions to move processes between cgroups are
different than they are on newer kernels. Specifically, we're running into the
following check:
if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
!uid_eq(cred->euid, tcred->uid) &&
!uid_eq(cred->euid, tcred->suid))
ret = -EACCES;
which dictates that in order to move a process into a cgroup one either needs
to be global root (no restrictions apply) or the effective uid of the process
trying to move the process and the {saved}uid of the process that is supposed
to be moved need to be identical. The new attaching logic we did didn't
fulfill this criterion for because it's not present on new kernels.
Closes https://github.com/lxc/lxd/issues/7104.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: b1ee458e9b15547fcc78484a43af8a8ce71f5330
https://github.com/lxc/lxc/commit/b1ee458e9b15547fcc78484a43af8a8ce71f5330
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-30 (Mon, 30 Mar 2020)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: log error when failing to create cgroup
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 49df620bc2637cf4037c2b84a2b450ee101d7032
https://github.com/lxc/lxc/commit/49df620bc2637cf4037c2b84a2b450ee101d7032
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-30 (Mon, 30 Mar 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: send two attach fds
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 7d8491638845feb12755fa2489d2eaa4c4d12623
https://github.com/lxc/lxc/commit/7d8491638845feb12755fa2489d2eaa4c4d12623
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-30 (Mon, 30 Mar 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: send two fds to attach to unified cgroup
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: c51c757042209cb9c047179ccf374a74c52939f4
https://github.com/lxc/lxc/commit/c51c757042209cb9c047179ccf374a74c52939f4
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2020-03-30 (Mon, 30 Mar 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/start.c
Log Message:
-----------
Merge pull request #3340 from brauner/2020-03-30/fixes
cgroups: handle older kernels (e.g. v4.9)
Compare: https://github.com/lxc/lxc/compare/4446e0fa7c04...c51c75704220
More information about the lxc-devel
mailing list