]> git.ipfire.org Git - thirdparty/lxc.git/commit
projects / thirdparty / lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a52e315) | patch
cgmanager: chmod the container's base directory 775
authorSerge Hallyn <serge.hallyn@ubuntu.com>
Fri, 31 Jan 2014 13:03:44 +0000 (13:03 +0000)
committerStéphane Graber <stgraber@ubuntu.com>
Fri, 31 Jan 2014 13:57:46 +0000 (13:57 +0000)
commit509c077284324191e7768037a6b9edd65beacf18
tree4a2e85857a74d49025f42b7d84d669900b6f4dc7tree
parenta52e315d12fa8ea682b7f58c999dab6d74c60e33commit | diff
cgmanager: chmod the container's base directory 775

In order for attach to work, the container owner must be able to
write to the tasks file.  Therefore we make the container's cgroup
owned by the container root group, but the container owner uid.
So for the container root to be allowed to create new cgroups, it
needs group write perms.

With this patch, an unprivileged container with an
lxc.mount.auto = cgroup entry entry can run the cgproxy and pass
all cgmanager tests.

Acls would have been another way to do this, but are not yet being
used/exported by cgmanager.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
src/lxc/cgmanager.c diff | blob | blame | history
Mirror of https://github.com/lxc/lxc.git