cgroups/cgfsng: adapt to new cgroup2 delegation

In order to enable proper unprivileged cgroup delegation on newer kernels we not
just need to delegate the "cgroup.procs" file but also "cgroup.threads". But
don't report an error in case it doesn't exist. Also delegate
"cgroup.subtree_control" to enable delegation of controllers to descendant
cgroups.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 77df4c3d14c55bc274d55c02fe1aaac1a759fdd6..e1a9b771051cd08a1c4a594b7ce7571e1d347e66 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1476,6 +1476,25 @@ static int chown_cgroup_wrapper(void *data)
                if (chmod(fullpath, 0664) < 0)
                        WARN("Error chmoding %s: %s", path, strerror(errno));
                free(fullpath);
+
+               if (!hierarchies[i]->is_cgroup_v2)
+                       continue;
+
+               fullpath = must_make_path(path, "cgroup.subtree_control", NULL);
+               if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
+                       WARN("Failed chowning %s to %d: %s", fullpath, (int) destuid,
+                            strerror(errno));
+               if (chmod(fullpath, 0664) < 0)
+                       WARN("Error chmoding %s: %s", path, strerror(errno));
+               free(fullpath);
+
+               fullpath = must_make_path(path, "cgroup.threads", NULL);
+               if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
+                       WARN("Failed chowning %s to %d: %s", fullpath, (int) destuid,
+                            strerror(errno));
+               if (chmod(fullpath, 0664) < 0)
+                       WARN("Error chmoding %s: %s", path, strerror(errno));
+               free(fullpath);
        }
 
        return 0;