{
__do_close int dfd_mnt_cgroupfs = -EBADF, fd_fs = -EBADF;
__do_free char *cgroup_root = NULL;
- bool has_cgns = false, wants_force_mount = false;
+ bool in_cgroup_ns = false, wants_force_mount = false;
struct lxc_conf *conf = handler->conf;
struct lxc_rootfs *rootfs = &conf->rootfs;
const char *rootfs_mnt = get_rootfs_mnt(rootfs);
wants_force_mount = true;
}
- has_cgns = cgns_supported();
- if (has_cgns && !wants_force_mount)
+ if (cgns_supported() && container_uses_namespace(handler, CLONE_NEWCGROUP))
+ in_cgroup_ns = true;
+ if (in_cgroup_ns && !wants_force_mount)
return true;
if (type == LXC_AUTO_CGROUP_NOSPEC)
return log_error_errno(-errno, errno, "Failed to open %d(%s)",
rootfs->dfd_mnt, DEFAULT_CGROUP_MOUNTPOINT_RELATIVE);
- if (has_cgns && wants_force_mount) {
+ if (in_cgroup_ns && wants_force_mount) {
/*
* If cgroup namespaces are supported but the container
* will not have CAP_SYS_ADMIN after it has started we
if (ret < 0)
return log_error_errno(false, errno, "Failed to create cgroup mountpoint %d(%s)", dfd_mnt_cgroupfs, controller);
- if (has_cgns && wants_force_mount) {
+ if (in_cgroup_ns && wants_force_mount) {
/*
* If cgroup namespaces are supported but the container
* will not have CAP_SYS_ADMIN after it has started we
__hidden extern int resolve_clone_flags(struct lxc_handler *handler);
__hidden extern void lxc_expose_namespace_environment(const struct lxc_handler *handler);
+static inline bool container_uses_namespace(const struct lxc_handler *handler,
+ unsigned int ns_flag)
+{
+ return (handler->ns_clone_flags & ns_flag);
+}
+
#endif
projects / thirdparty / lxc.git / commitdiff
