cgroups/cgfsng: log chown_cgroup_wrapper()

It's becoming more important on cgroup2 to properly delegate cgroups.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index f42bedd2704cc363100e5fe3c44cbf49a6decf0b..2eb0d0aee6fdb2cfa59e15b0ede6deaf8c1583d4 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1545,24 +1545,20 @@ static int chown_cgroup_wrapper(void *data)
        gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid;
 
        ret = setresgid(nsgid, nsgid, nsgid);
-       if (ret < 0) {
-               SYSERROR("Failed to setresgid(%d, %d, %d)",
-                        (int)nsgid, (int)nsgid, (int)nsgid);
-               return -1;
-       }
+       if (ret < 0)
+               return log_error_errno(-1, errno,
+                                      "Failed to setresgid(%d, %d, %d)",
+                                      (int)nsgid, (int)nsgid, (int)nsgid);
 
        ret = setresuid(nsuid, nsuid, nsuid);
-       if (ret < 0) {
-               SYSERROR("Failed to setresuid(%d, %d, %d)",
-                        (int)nsuid, (int)nsuid, (int)nsuid);
-               return -1;
-       }
+       if (ret < 0)
+               return log_error_errno(-1, errno,
+                                      "Failed to setresuid(%d, %d, %d)",
+                                      (int)nsuid, (int)nsuid, (int)nsuid);
 
        ret = setgroups(0, NULL);
-       if (ret < 0 && errno != EPERM) {
-               SYSERROR("Failed to setgroups(0, NULL)");
-               return -1;
-       }
+       if (ret < 0 && errno != EPERM)
+               return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)");
 
        destuid = get_ns_uid(arg->origuid);
        if (destuid == LXC_INVALID_UID)
@@ -1574,7 +1570,9 @@ static int chown_cgroup_wrapper(void *data)
 
                ret = chowmod(path, destuid, nsgid, 0775);
                if (ret < 0)
-                       return -1;
+                       log_info_errno(continue,
+                                      errno, "Failed to change %s to uid %d and gid %d and mode 0755",
+                                      path, destuid, nsgid);
 
                /* Failures to chown() these are inconvenient but not
                 * detrimental We leave these owned by the container launcher,
@@ -1585,18 +1583,27 @@ static int chown_cgroup_wrapper(void *data)
 
                if (arg->hierarchies[i]->version == CGROUP_SUPER_MAGIC) {
                        fullpath = must_make_path(path, "tasks", NULL);
-                       (void)chowmod(fullpath, destuid, nsgid, 0664);
+                       ret = chowmod(fullpath, destuid, nsgid, 0664);
+                       if (ret < 0)
+                               SYSINFO("Failed to change %s to uid %d and gid %d and mode 0664",
+                                       fullpath, destuid, nsgid);
                }
 
                fullpath = must_make_path(path, "cgroup.procs", NULL);
-               (void)chowmod(fullpath, destuid, nsgid, 0664);
+               ret = chowmod(fullpath, destuid, nsgid, 0664);
+               if (ret < 0)
+                       SYSINFO("Failed to change %s to uid %d and gid %d and mode 0664",
+                               fullpath, destuid, nsgid);
 
                if (arg->hierarchies[i]->version != CGROUP2_SUPER_MAGIC)
                        continue;
 
                for (char **p = arg->hierarchies[i]->cgroup2_chown; p && *p; p++) {
                        fullpath = must_make_path(path, *p, NULL);
-                       (void)chowmod(fullpath, destuid, nsgid, 0664);
+                       ret = chowmod(fullpath, destuid, nsgid, 0664);
+                       if (ret < 0)
+                               SYSINFO("Failed to change %s to uid %d and gid %d and mode 0664",
+                                       fullpath, destuid, nsgid);
                }
        }
 

diff --git a/src/lxc/log.h b/src/lxc/log.h
index 5305d55b62facc1079fcabc340547f93f06ef0f1..b5df492fecc0bb686b2c86b1c33f326bcebc2338 100644 (file)
--- a/src/lxc/log.h
+++ b/src/lxc/log.h
@@ -523,6 +523,13 @@ __unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,   \
                __ret__;                      \
        })
 
+#define log_info_errno(__ret__, __errno__, format, ...) \
+       ({                                              \
+               errno = __errno__;                      \
+               SYSINFO(format, ##__VA_ARGS__);         \
+               __ret__;                                \
+       })
+
 #define log_info(__ret__, format, ...)       \
        ({                                   \
                INFO(format, ##__VA_ARGS__); \