From: Christian Brauner <brauner@kernel.org>
Date: Thu, 24 Nov 2022 11:41:04 +0000 (+0100)
Subject: cgroups: use userns_exec_full() during cgroup removal
X-Git-Tag: lxc-5.0.2~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2662959b8bba3657e5d02025932b0bf8a2f748e9;p=thirdparty%2Flxc.git

cgroups: use userns_exec_full() during cgroup removal

When removing cgroups we can't always use the minimal idmap if the user has
specified a specific map for the container instead of just a simple one.
Execute cgroup removal under the full map.

Fixes: https://github.com/lxc/lxd/issues/11108
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 9293f6dbd..08968703f 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -567,8 +567,8 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops,
 			.hierarchies		= ops->hierarchies,
 			.origuid		= 0,
 		};
-		ret = userns_exec_1(handler->conf, cgroup_tree_remove_wrapper,
-				    &wrap, "cgroup_tree_remove_wrapper");
+		ret = userns_exec_full(handler->conf, cgroup_tree_remove_wrapper,
+				       &wrap, "cgroup_tree_remove_wrapper");
 	} else {
 		ret = cgroup_tree_remove(ops->hierarchies, ops->container_limit_cgroup);
 	}