From 04cb990db544f11aa9dea866b5ca2865fdc8c527 Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Mon, 3 Feb 2014 15:11:16 -0600 Subject: [PATCH] cgmanager: have root escape to root cgroup before starting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If a user in cgroup /a/b/c does 'lxc-start -n u1', then u1 should be started under /a/b/c/u1. However if he does 'sudo lxc-start -n u1', then that cgroup shoudl start under /lxc/u1. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber --- src/lxc/cgmanager.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/src/lxc/cgmanager.c b/src/lxc/cgmanager.c index 60f9cbe98..29a0b58fe 100644 --- a/src/lxc/cgmanager.c +++ b/src/lxc/cgmanager.c @@ -171,6 +171,25 @@ static bool lxc_cgmanager_create(const char *controller, const char *cgroup_path return true; } +static bool lxc_cgmanager_escape(void) +{ + pid_t me = getpid(); + int i; + for (i = 0; i < nr_subsystems; i++) { + if (cgmanager_move_pid_abs_sync(NULL, cgroup_manager, + subsystems[i], "/", me) != 0) { + NihError *nerr; + nerr = nih_error_get(); + ERROR("call to cgmanager_move_pid_abs_sync(%s) failed: %s", + subsystems[i], nerr->message); + nih_free(nerr); + return false; + } + } + + return true; +} + struct chown_data { const char *controller; const char *cgroup_path; @@ -589,7 +608,12 @@ out_free: static inline bool cgm_init(struct lxc_handler *handler) { - return collect_subsytems(); + if (!collect_subsytems()) + return false; + if (geteuid()) + return true; + // root; try to escape to root cgroup + return lxc_cgmanager_escape(); } static bool cgm_unfreeze_fromhandler(struct lxc_handler *handler)