cgfsng: mount pure unified cgroup layout correctly

When pure cgroup unified mode is used we cannot pre-mount a tmpfs as this confuses systemd. Users should also set lxc.mount.auto = cgroup:force to ensure that systemd in the container and on the host use identical cgroup layouts. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: mount pure unified cgroup layout correctly
8d661d38 · Christian Brauner · 942e193e · 8d661d38
Unverified Commit 8d661d38 authored Aug 26, 2019 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 4 deletions

cgfsng.c src/lxc/cgroups/cgfsng.c +19 -4

No files found.
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1761,8 +1761,8 @@ static inline int cg_mount_cgroup_full(int type, struct hierarchy *h,
 }
 __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
-					struct lxc_handler *handler,
+				      struct lxc_handler *handler,
-					const char *root, int type)
+				      const char *root, int type)
 {
 	__do_free char *tmpfspath = NULL;
 	int ret;
@@ -1795,8 +1795,23 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 	else if (type == LXC_AUTO_CGROUP_FULL_NOSPEC)
 		type = LXC_AUTO_CGROUP_FULL_MIXED;
-	/* Mount tmpfs */
+	if (ops->cgroup_layout == CGROUP_LAYOUT_UNIFIED) {
-	tmpfspath = must_make_path(root, "/sys/fs/cgroup", NULL);
+		__do_free char *unified_path = NULL;
+		unified_path = must_make_path(root, "/sys/fs/cgroup", NULL);
+		if (has_cgns && wants_force_mount) {
+			/* If cgroup namespaces are supported but the container
+			 * will not have CAP_SYS_ADMIN after it has started we
+			 * need to mount the cgroups manually.
+			 */
+			return cg_mount_in_cgroup_namespace(type, ops->unified,
+							    unified_path) == 0;
+		}
+		return cg_mount_cgroup_full(type, ops->unified, unified_path) == 0;
+	}
+	/* mount tmpfs */
 	ret = safe_mount(NULL, tmpfspath, "tmpfs",
 			 MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME,
 			 "size=10240k,mode=755", root);