attach: unshare cgroupns if possible

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> --- Changelog 20160104: only try if kernel supports cgns.

attach: unshare cgroupns if possible
6cee93ac · Serge Hallyn · 12983ba4 · 6cee93ac
Commit 6cee93ac authored Nov 09, 2015 by Serge Hallyn
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

attach.c src/lxc/attach.c +7 -0

No files found.
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -957,6 +957,13 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
 		WARN("could not change directory to '%s'", new_cwd);
 	free(cwd);

+	if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP && cgns_supported()) {
+		if (unshare(CLONE_NEWCGROUP) != 0) {
+			SYSERROR("cgroupns unshare: permission denied");
+			rexit(-1);
+		}
+	}
+
 	/* now create the real child process */
 	{
 		struct attach_clone_payload payload = {