cgmanager: have root escape to root cgroup before starting

If a user in cgroup /a/b/c does 'lxc-start -n u1', then u1 should be started under /a/b/c/u1. However if he does 'sudo lxc-start -n u1', then that cgroup shoudl start under /lxc/u1. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

cgmanager: have root escape to root cgroup before starting
04cb990d · Serge Hallyn · Stéphane Graber · c08a0b7c · 04cb990d
Commit 04cb990d authored Feb 03, 2014 by Serge Hallyn Committed by Stéphane Graber Feb 03, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 1 deletion

cgmanager.c src/lxc/cgmanager.c +25 -1

No files found.
--- a/src/lxc/cgmanager.c
+++ b/src/lxc/cgmanager.c
@@ -171,6 +171,25 @@ static bool lxc_cgmanager_create(const char *controller, const char *cgroup_path
 	return true;
 }

+static bool lxc_cgmanager_escape(void)
+{
+	pid_t me = getpid();
+	int i;
+	for (i = 0; i < nr_subsystems; i++) {
+		if (cgmanager_move_pid_abs_sync(NULL, cgroup_manager,
+					subsystems[i], "/", me) != 0) {
+			NihError *nerr;
+			nerr = nih_error_get();
+			ERROR("call to cgmanager_move_pid_abs_sync(%s) failed: %s",
+					subsystems[i], nerr->message);
+			nih_free(nerr);
+			return false;
+		}
+	}
+
+	return true;
+}
+
 struct chown_data {
 	const char *controller;
 	const char *cgroup_path;
@@ -589,7 +608,12 @@ out_free:

 static inline bool cgm_init(struct lxc_handler *handler)
 {
-	return collect_subsytems();
+	if (!collect_subsytems())
+		return false;
+	if (geteuid())
+		return true;
+	// root;  try to escape to root cgroup
+	return lxc_cgmanager_escape();
 }

 static bool cgm_unfreeze_fromhandler(struct lxc_handler *handler)