cgroups: strip LXC_AUTO_CGROUP_MIXED and LXC_AUTO_CGROUP_FULL_MIXED when cgroup names...

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 59ab79311b9e7bc791dd3c74b4a0cbd93927ae92..94f90bb91505a5ee6b80094afd944d9d0e133b41 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1910,8 +1910,19 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
                        wants_force_mount = true;
        }
 
-       if (cgns_supported() && container_uses_namespace(handler, CLONE_NEWCGROUP))
+       if (cgns_supported() && container_uses_namespace(handler, CLONE_NEWCGROUP)) {
                in_cgroup_ns = true;
+               /*
+                * When cgroup namespaces are supported and used by the
+                * container the LXC_AUTO_CGROUP_MIXED and
+                * LXC_AUTO_CGROUP_FULL_MIXED auto mount options don't apply
+                * since the parent directory of the container's cgroup is not
+                * accessible to the container.
+                */
+               cg_flags &= ~LXC_AUTO_CGROUP_MIXED;
+               cg_flags &= ~LXC_AUTO_CGROUP_FULL_MIXED;
+       }
+
        if (in_cgroup_ns && !wants_force_mount)
                return true;