From e9195050b4abd0bc4c207457cb2f1f161b583fc8 Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho.andersen@canonical.com>
Date: Tue, 8 Dec 2015 16:08:10 -0700
Subject: [PATCH] c/r: escape cgroups before exec()ing criu

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
 src/lxc/criu.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index aa1b52ca2..6f48493ae 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -56,6 +56,18 @@ void exec_criu(struct criu_opts *opts)
 
 	char buf[4096];
 
+	/* If we are currently in a cgroup /foo/bar, and the container is in a
+	 * cgroup /lxc/foo, lxcfs will give us an ENOENT if some task in the
+	 * container has an open fd that points to one of the cgroup files
+	 * (systemd always opens its "root" cgroup). So, let's escape to the
+	 * /actual/ root cgroup so that lxcfs thinks criu has enough rights to
+	 * see all cgroups.
+	 */
+	if (!cgroup_escape()) {
+		ERROR("failed to escape cgroups");
+		return;
+	}
+
 	/* The command line always looks like:
 	 * criu $(action) --tcp-established --file-locks --link-remap --force-irmap \
 	 * --manage-cgroups action-script foo.sh -D $(directory) \