diff options
| -rw-r--r-- | src/nspawn/nspawn-cgroup.c | 15 | ||||
| -rw-r--r-- | src/nspawn/nspawn-cgroup.h | 2 | ||||
| -rw-r--r-- | src/nspawn/nspawn.c | 2 |
3 files changed, 16 insertions, 3 deletions
diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c index 4b07b38163..d51585a652 100644 --- a/src/nspawn/nspawn-cgroup.c +++ b/src/nspawn/nspawn-cgroup.c @@ -57,7 +57,7 @@ static int chown_cgroup_path(const char *path, uid_t uid_shift) { return 0; } -int chown_cgroup(pid_t pid, uid_t uid_shift) { +int chown_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift) { _cleanup_free_ char *path = NULL, *fs = NULL; int r; @@ -73,6 +73,19 @@ int chown_cgroup(pid_t pid, uid_t uid_shift) { if (r < 0) return log_error_errno(r, "Failed to chown() cgroup %s: %m", fs); + if (unified_requested == CGROUP_UNIFIED_SYSTEMD) { + _cleanup_free_ char *lfs = NULL; + /* Always propagate access rights from unified to legacy controller */ + + r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, NULL, &lfs); + if (r < 0) + return log_error_errno(r, "Failed to get file system path for container cgroup: %m"); + + r = chown_cgroup_path(lfs, uid_shift); + if (r < 0) + return log_error_errno(r, "Failed to chown() cgroup %s: %m", lfs); + } + return 0; } diff --git a/src/nspawn/nspawn-cgroup.h b/src/nspawn/nspawn-cgroup.h index e66a854843..3855e5b4ea 100644 --- a/src/nspawn/nspawn-cgroup.h +++ b/src/nspawn/nspawn-cgroup.h @@ -25,6 +25,6 @@ #include "cgroup-util.h" -int chown_cgroup(pid_t pid, uid_t uid_shift); +int chown_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift); int sync_cgroup(pid_t pid, CGroupUnified unified_requested, uid_t uid_shift); int create_subcgroup(pid_t pid, CGroupUnified unified_requested); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index dfe48bcf56..ccf5418ceb 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -3619,7 +3619,7 @@ static int run(int master, return r; } - r = chown_cgroup(*pid, arg_uid_shift); + r = chown_cgroup(*pid, arg_unified_cgroup_hierarchy, arg_uid_shift); if (r < 0) return r; |