send current cgroup to lxc_cgroup_create()

This is needed if we're going to have unprivileged users
create containers inside cgroups which they own.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index 38ed5149a3c3b89da607bd81b0e73222301204d1..c7075193b55411ac2c71b558a15df8bb9b767322 100644 (file)
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -706,10 +706,13 @@ again:
                if (ret < 0 || ret >= MAXPATHLEN)
                        goto fail;
 
+               INFO("lxcgroup %s name %s tail %s, makes path .%s.",
+                       lxcgroup ? lxcgroup : "lxc", name, tail, path);
+
                if (access(path, F_OK) == 0) goto next;
 
                if (mkdir(path, 0755)) {
-                       ERROR("Error creating cgroups");
+                       ERROR("Error creating cgroup %s", path);
                        goto fail;
                }
 
@@ -934,3 +937,49 @@ bool is_in_subcgroup(int pid, const char *subsystem, const char *cgpath)
        fclose(f);
        return false;
 }
+
+/*
+ * Return cgroup of current task.
+ * This assumes that task is in the same cgroup for each controller.  This
+ * may or may not *always* be a reasonable assumption - it generally is,
+ * and handling or at least checking for this condition is a TODO.
+ */
+int lxc_curcgroup(char *cgroup, int inlen)
+{
+       FILE *f;
+       char *line = NULL, *p, *p2;
+       int ret = 0;
+       size_t len;
+
+       f = fopen("/proc/self/cgroup", "r");
+       if (!f)
+               return -1;
+
+       while (getline(&line, &len, f) != -1) {
+               if (strstr(line, ":freezer:") == NULL && strstr(line, ":devices:") == NULL)
+                       continue;
+               p = rindex(line, ':');
+               if (!p)
+                       continue;
+               p++;
+               len = strlen(p) + 1;
+               p2 = p + len - 2;
+               while (*p2 == '\n') { len--; *p2 = '\0'; p2--; }
+               if (!cgroup || inlen <= 0) {
+                       ret = len;
+                       break;
+               }
+               if (cgroup && len > inlen) {
+                       ret = -1;
+                       break;
+               }
+               strncpy(cgroup, p, len);
+               ret = len;
+               cgroup[len-1] = '\0';
+               break;
+       }
+
+       if (line)
+               free(line);
+       return ret;
+}

diff --git a/src/lxc/cgroup.h b/src/lxc/cgroup.h
index c08b2f7da2d1b322e6d55a687a19a0fa49b0a9b6..77c44cd0cc14ec5dc22aee8eccbe2215c812e506 100644 (file)
--- a/src/lxc/cgroup.h
+++ b/src/lxc/cgroup.h
@@ -34,4 +34,5 @@ extern int lxc_cgroup_enter(const char *cgpath, pid_t pid);
 extern int lxc_cgroup_attach(pid_t pid, const char *name, const char *lxcpath);
 extern char *cgroup_path_get(const char *subsystem, const char *cgpath);
 extern bool is_in_subcgroup(int pid, const char *subsystem, const char *cgpath);
+extern int lxc_curcgroup(char *cgroup, int inlen);
 #endif

diff --git a/src/lxc/start.c b/src/lxc/start.c
index defa87b2864ebf49909fa9e47484e2e6d64c8abc..c91b231ac2a098702ae9f89fffdd0e92093901c8 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -600,8 +600,9 @@ int save_phys_nics(struct lxc_conf *conf)
 extern bool is_in_subcgroup(int pid, const char *subsystem, const char *cgpath);
 int lxc_spawn(struct lxc_handler *handler)
 {
-       int failed_before_rename = 0;
+       int failed_before_rename = 0, len;
        const char *name = handler->name;
+       char *curcgroup = NULL;
 
        if (lxc_sync_init(handler))
                return -1;
@@ -663,8 +664,12 @@ int lxc_spawn(struct lxc_handler *handler)
        if (lxc_sync_wait_child(handler, LXC_SYNC_CONFIGURE))
                failed_before_rename = 1;
 
-       /* TODO - pass lxc.cgroup.dir (or user's pam cgroup) in for first argument */
-       if ((handler->cgroup = lxc_cgroup_path_create(NULL, name)) == NULL)
+       if ((len = lxc_curcgroup(NULL, 0)) > 1) {
+               curcgroup = alloca(len);
+               if (lxc_curcgroup(curcgroup, len) <= 1)
+                       curcgroup = NULL;
+       }
+       if ((handler->cgroup = lxc_cgroup_path_create(curcgroup, name)) == NULL)
                goto out_delete_net;
 
        if (setup_cgroup(handler->cgroup, &handler->conf->cgroup)) {