cgmanager: put unprivileged containers under $(curcgroup)/lxc/$(container0

Currently if we are in /user.slice/user-1000.slice/session-c2.scope, and we start an unprivileged container t1, it will be in cgroup 3:memory:/user.slice/user-1000.slice/session-c2.scope/t1. If we then do a 'lxc-cgroup -n t1 freezer.tasks', cgm_get will first switch to 3:memory:/user.slice/user-1000.slice/session-c2.scope then look up 't1's values. The reasons for this are 1. cgmanager get_value is relative to your own cgroup, so we need to be sure to be in t1's cgroup or an ancestor 2. we don't want to be in the container's cgroup bc it might freeze us. But in Ubuntu 15.04 it was decided that 3:memory:/user.slice/user-1000.slice/session-c2.scope/tasks should not be writeable by the user, making this fail. Therefore put all unprivileged cgroups under "lxc/%n". That way the "lxc" cgroup should always be owned by the user so that he can enter. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

cgmanager: put unprivileged containers under $(curcgroup)/lxc/$(container0
5999ce64 · Serge Hallyn · Stéphane Graber · 46932d01 · 5999ce64
Commit 5999ce64 authored Mar 17, 2015 by Serge Hallyn Committed by Stéphane Graber Apr 10, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

utils.c src/lxc/utils.c +1 -1

No files found.
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -322,7 +322,7 @@ const char *lxc_global_config_value(const char *option_name)
 		sprintf(user_config_path, "%s/.config/lxc/lxc.conf", user_home);
 		sprintf(user_default_config_path, "%s/.config/lxc/default.conf", user_home);
 		sprintf(user_lxc_path, "%s/.local/share/lxc/", user_home);
-		user_cgroup_pattern = strdup("%n");
+		user_cgroup_pattern = strdup("lxc/%n");
 	}
 	else {
 		user_config_path = strdup(LXC_GLOBAL_CONF);