proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-14 05:33:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #777 from hallyn/2016-01-28/cgns1

Browse Source 
cgroup ns: move the check for whether cgns is supported
This commit is contained in:
Stéphane Graber 2016-01-29 18:13:32 +01:00
commit b9f6d3f088
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/apparmor/abstractions/container-base.in
View File

@ -86,4 +86,5 @@
deny /sys/firmware/efi/efivars/** rwklx,
deny /sys/kernel/security/** rwklx,
mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
mount fstype=cgroup -> /sys/fs/cgroup/**,

7
src/lxc/attach.c
View File

@ -720,6 +720,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
int ipc_sockets[2];
int procfd;
signed long personality;
bool unshare_cgns = false;
if (!options)
options = &attach_static_default_options;
@ -930,6 +931,9 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
rexit(-1);
}
if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP && cgns_supported())
unshare_cgns = true;
procfd = open("/proc", O_DIRECTORY | O_RDONLY);
if (procfd < 0) {
SYSERROR("Unable to open /proc");
@ -957,11 +961,12 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
WARN("could not change directory to '%s'", new_cwd);
free(cwd);
if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP && cgns_supported()) {
if (unshare_cgns) {
if (unshare(CLONE_NEWCGROUP) != 0) {
SYSERROR("cgroupns unshare: permission denied");
rexit(-1);
}
INFO("Unshared cgroup namespace");
}
/* now create the real child process */