git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Wed, 16 Mar 2022 13:58:57 +0000 (14:58 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 16 Mar 2022 15:32:44 +0000 (16:32 +0100)
commit	d9bc1c36141e247d5f78eaeefeab92e9302449fc
tree	0753e89dec69f85e1d99b1c9504055025326c3d4	tree \| snapshot
parent	bde2607563678de28d6cf16e14e7d40bf3fb895a	commit \| diff

cgroup: also indicate cgroup delegation state in user-accessible xattr

So far we set the "trusted.delegate" xattr on cgroups where delegation
is on. This duplicates this behaviour with the "user.delegate" xattr.
This has two benefits:

1. unprivileged clients can *read* the xattr. "systemd-cgls" can thus
   show delegated cgroups as such properly, even when invoked without
   privs

2. unprivileged systemd instances can set the xattr, i.e. when systemd
   --user delegates a cgroup to further payloads.

This weakens security a tiny bit, given that code that got a cgroup
delegated can manipulate the xattr, but I think that's OK, given they
have a higher trust level regarding cgroups anyway, if they got a
subtree delegated, and access controls on the cgroup itself are still
enforced. Moreover PID 1 as the cgroup manager only sets these xattrs,
never reads them — the xattr is primarily a way to tell payloads about
the delegation, and it's strictly this one way.

src/core/cgroup.c		diff \| blob \| blame \| history
src/shared/cgroup-show.c		diff \| blob \| blame \| history