git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Tue, 12 Nov 2024 10:59:40 +0000 (11:59 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 8 Jan 2025 14:27:25 +0000 (15:27 +0100)
commit	94634b4b0312e4cdb88e37cbbb4f2ec9273cb28a
tree	fc534a7c355f480a9b20a7f99179c83c1afacf44	tree \| snapshot
parent	59857b672ca6a3a9253ef9c888172c5e68243160	commit \| diff

pid1: add D-Bus API for removing delegated subcgroups

When running unprivileged containers, we run into a scenario where an
unpriv owned cgroup has a subcgroup delegated to another user (i.e. the
container's own UIDs). When the owner of that cgroup dies without
cleaning it up then the unpriv service manager might encounter a cgroup
it cannot delete anymore.

Let's address that: let's expose a method call on the service manager
(primarly in PID1) that can be used to delete a subcgroup of a unit one
owns. This would then allow the unpriv service manager to ask the priv
service manager to get rid of such a cgroup.

This commit only adds the method call, the next commit then adds the
code that makes use of this.

man/org.freedesktop.systemd1.xml		diff \| blob \| blame \| history
src/core/cgroup.c		diff \| blob \| blame \| history
src/core/cgroup.h		diff \| blob \| blame \| history
src/core/dbus-manager.c		diff \| blob \| blame \| history
src/core/dbus-unit.c		diff \| blob \| blame \| history
src/core/dbus-unit.h		diff \| blob \| blame \| history
src/core/org.freedesktop.systemd1.conf		diff \| blob \| blame \| history