cgroups/cgfsng: adapt to new cgroup2 delegation

In order to enable proper unprivileged cgroup delegation on newer kernels we not just need to delegate the "cgroup.procs" file but also "cgroup.threads". But don't report an error in case it doesn't exist. Also delegate "cgroup.subtree_control" to enable delegation of controllers to descendant cgroups. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: adapt to new cgroup2 delegation
b296cccc · Christian Brauner · 1ce9ea5b · b296cccc
Unverified Commit b296cccc authored Nov 08, 2017 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 0 deletions

cgfsng.c src/lxc/cgroups/cgfsng.c +19 -0

No files found.
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1476,6 +1476,25 @@ static int chown_cgroup_wrapper(void *data)
 		if (chmod(fullpath, 0664) < 0)
 			WARN("Error chmoding %s: %s", path, strerror(errno));
 		free(fullpath);
+
+		if (!hierarchies[i]->is_cgroup_v2)
+			continue;
+
+		fullpath = must_make_path(path, "cgroup.subtree_control", NULL);
+		if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
+			WARN("Failed chowning %s to %d: %s", fullpath, (int) destuid,
+			     strerror(errno));
+		if (chmod(fullpath, 0664) < 0)
+			WARN("Error chmoding %s: %s", path, strerror(errno));
+		free(fullpath);
+
+		fullpath = must_make_path(path, "cgroup.threads", NULL);
+		if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
+			WARN("Failed chowning %s to %d: %s", fullpath, (int) destuid,
+			     strerror(errno));
+		if (chmod(fullpath, 0664) < 0)
+			WARN("Error chmoding %s: %s", path, strerror(errno));
+		free(fullpath);
 	}

 	return 0;