From: Christian Brauner <brauner@kernel.org>
Date: Thu, 24 Nov 2022 11:41:04 +0000 (+0100)
Subject: cgroups: use userns_exec_full() during cgroup removal
X-Git-Tag: v6.0.0~83^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27f69d45bf82abadcbfe7faf3c6ba9b98d901097;p=thirdparty%2Flxc.git

cgroups: use userns_exec_full() during cgroup removal

When removing cgroups we can't always use the minimal idmap if the user has
specified a specific map for the container instead of just a simple one.
Execute cgroup removal under the full map.

Fixes: https://github.com/lxc/lxd/issues/11108
Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index d90e5385e..979deab19 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -567,8 +567,8 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops,
 			.hierarchies		= ops->hierarchies,
 			.origuid		= 0,
 		};
-		ret = userns_exec_1(handler->conf, cgroup_tree_remove_wrapper,
-				    &wrap, "cgroup_tree_remove_wrapper");
+		ret = userns_exec_full(handler->conf, cgroup_tree_remove_wrapper,
+				       &wrap, "cgroup_tree_remove_wrapper");
 	} else {
 		ret = cgroup_tree_remove(ops->hierarchies, ops->container_limit_cgroup);
 	}