cgroups: use userns_exec_full() during cgroup removal

When removing cgroups we can't always use the minimal idmap if the user has
specified a specific map for the container instead of just a simple one.
Execute cgroup removal under the full map.

Fixes: https://github.com/lxc/lxd/issues/11108
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 9293f6dbd4fc95e37a13e02d12721e06813de113..08968703f3186c8b5bc68ff210edf259b8628868 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -567,8 +567,8 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops,
                        .hierarchies            = ops->hierarchies,
                        .origuid                = 0,
                };
-               ret = userns_exec_1(handler->conf, cgroup_tree_remove_wrapper,
-                                   &wrap, "cgroup_tree_remove_wrapper");
+               ret = userns_exec_full(handler->conf, cgroup_tree_remove_wrapper,
+                                      &wrap, "cgroup_tree_remove_wrapper");
        } else {
                ret = cgroup_tree_remove(ops->hierarchies, ops->container_limit_cgroup);
        }