cgroups: check that opened file descriptor is a cgroup filesystem

Link: https://discuss.linuxcontainers.org/t/lxd-4-23-unable-to-start-nested-containers/13416
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index e82b5690291873e2dd54402fdf7c7e3320d675cc..0b753daf3d49c80588d144ea9ff1c74d73aef605 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -3174,6 +3174,12 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
                                SYSTRACE("Unified cgroup not mounted");
                                continue;
                        }
+
+                       if (!fhas_fs_type(dfd_mnt, CGROUP2_SUPER_MAGIC)) {
+                               SYSTRACE("Opened file descriptor %d is not a cgroup2 mountpoint", dfd_mnt);
+                               continue;
+                       }
+
                        dfd = dfd_mnt;
 
                        if (!is_empty_string(current_cgroup)) {
@@ -3239,6 +3245,12 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
                                SYSTRACE("%s not mounted", controllers);
                                continue;
                        }
+
+                       if (!fhas_fs_type(dfd_mnt, CGROUP_SUPER_MAGIC)) {
+                               SYSTRACE("Opened file descriptor %d is not a cgroup mountpoint", dfd_mnt);
+                               continue;
+                       }
+
                        dfd = dfd_mnt;
 
                        if (!abspath(__current_cgroup))