]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 942e193)
cgfsng: mount pure unified cgroup layout correctly 3120/head
authorChristian Brauner <christian.brauner@ubuntu.com>
Mon, 26 Aug 2019 14:16:16 +0000 (16:16 +0200)
committerChristian Brauner <christian.brauner@ubuntu.com>
Mon, 26 Aug 2019 14:40:51 +0000 (16:40 +0200)
When pure cgroup unified mode is used we cannot pre-mount a tmpfs as this
confuses systemd.
Users should also set lxc.mount.auto = cgroup:force to ensure that systemd in
the container and on the host use identical cgroup layouts.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/cgroups/cgfsng.c patch | blob | blame | history

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index cbdc11157360279cac5393d1316770727fe0cc1a..44ec5a0bec1f3f37b8a771876c47a58fd5cf8908 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1761,8 +1761,8 @@ static inline int cg_mount_cgroup_full(int type, struct hierarchy *h,
 }
 
 __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
-                                       struct lxc_handler *handler,
-                                       const char *root, int type)
+                                     struct lxc_handler *handler,
+                                     const char *root, int type)
 {
        __do_free char *tmpfspath = NULL;
        int ret;
@@ -1795,8 +1795,23 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
        else if (type == LXC_AUTO_CGROUP_FULL_NOSPEC)
                type = LXC_AUTO_CGROUP_FULL_MIXED;
 
-       /* Mount tmpfs */
-       tmpfspath = must_make_path(root, "/sys/fs/cgroup", NULL);
+       if (ops->cgroup_layout == CGROUP_LAYOUT_UNIFIED) {
+               __do_free char *unified_path = NULL;
+
+               unified_path = must_make_path(root, "/sys/fs/cgroup", NULL);
+               if (has_cgns && wants_force_mount) {
+                       /* If cgroup namespaces are supported but the container
+                        * will not have CAP_SYS_ADMIN after it has started we
+                        * need to mount the cgroups manually.
+                        */
+                       return cg_mount_in_cgroup_namespace(type, ops->unified,
+                                                           unified_path) == 0;
+               }
+
+               return cg_mount_cgroup_full(type, ops->unified, unified_path) == 0;
+       }
+
+       /* mount tmpfs */
        ret = safe_mount(NULL, tmpfspath, "tmpfs",
                         MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME,
                         "size=10240k,mode=755", root);
Mirror of https://github.com/lxc/lxc.git