cgmanager: put unprivileged containers under $(curcgroup)/lxc/$(container0

Currently if we are in /user.slice/user-1000.slice/session-c2.scope,
and we start an unprivileged container t1, it will be in cgroup
3:memory:/user.slice/user-1000.slice/session-c2.scope/t1.  If
we then do a 'lxc-cgroup -n t1 freezer.tasks', cgm_get will
first switch to 3:memory:/user.slice/user-1000.slice/session-c2.scope
then look up 't1's values.  The reasons for this are

1. cgmanager get_value is relative to your own cgroup, so we need
to be sure to be in t1's cgroup or an ancestor
2. we don't want to be in the container's cgroup bc it might freeze us.

But in Ubuntu 15.04 it was decided that
3:memory:/user.slice/user-1000.slice/session-c2.scope/tasks should
not be writeable by the user, making this fail.

Therefore put all unprivileged cgroups under "lxc/%n".  That way
the "lxc" cgroup should always be owned by the user so that he can
enter.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 5ef04fc6974a19af9f5e5259071d42b5fc94f02a..abbec6c9d0cf7ac65f297918350152c2d1e8571e 100644 (file)
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -273,7 +273,7 @@ const char *lxc_global_config_value(const char *option_name)
                sprintf(user_config_path, "%s/.config/lxc/lxc.conf", user_home);
                sprintf(user_default_config_path, "%s/.config/lxc/default.conf", user_home);
                sprintf(user_lxc_path, "%s/.local/share/lxc/", user_home);
-               user_cgroup_pattern = strdup("%n");
+               user_cgroup_pattern = strdup("lxc/%n");
        }
        else {
                user_config_path = strdup(LXC_GLOBAL_CONF);