proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-16 16:35:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #777 from hallyn/2016-01-28/cgns1

Browse Source 
cgroup ns: move the check for whether cgns is supported
This commit is contained in:
Stéphane Graber 2016-01-29 18:13:32 +01:00
commit b9f6d3f088
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/apparmor/abstractions/container-base.in
View File

@ -86,4 +86,5 @@
deny /sys/firmware/efi/efivars/** rwklx, deny /sys/firmware/efi/efivars/** rwklx,
deny /sys/kernel/security/** rwklx, deny /sys/kernel/security/** rwklx,
mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/, mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/,
mount fstype=cgroup -> /sys/fs/cgroup/**,

7
src/lxc/attach.c
View File

@ -720,6 +720,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
int ipc_sockets[2]; int ipc_sockets[2];
int procfd; int procfd;
signed long personality; signed long personality;
bool unshare_cgns = false;
if (!options) if (!options)
options = &attach_static_default_options; options = &attach_static_default_options;
@ -930,6 +931,9 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
rexit(-1); rexit(-1);
} }
if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP && cgns_supported())
unshare_cgns = true;
procfd = open("/proc", O_DIRECTORY | O_RDONLY); procfd = open("/proc", O_DIRECTORY | O_RDONLY);
if (procfd < 0) { if (procfd < 0) {
SYSERROR("Unable to open /proc"); SYSERROR("Unable to open /proc");
@ -957,11 +961,12 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
WARN("could not change directory to '%s'", new_cwd); WARN("could not change directory to '%s'", new_cwd);
free(cwd); free(cwd);
if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP && cgns_supported()) { if (unshare_cgns) {
if (unshare(CLONE_NEWCGROUP) != 0) { if (unshare(CLONE_NEWCGROUP) != 0) {
SYSERROR("cgroupns unshare: permission denied"); SYSERROR("cgroupns unshare: permission denied");
rexit(-1); rexit(-1);
} }
INFO("Unshared cgroup namespace");
} }
/* now create the real child process */ /* now create the real child process */