From: Christian Brauner Date: Mon, 15 Feb 2021 12:54:10 +0000 (+0100) Subject: cgroups: strip LXC_AUTO_CGROUP_MIXED and LXC_AUTO_CGROUP_FULL_MIXED when cgroup names... X-Git-Tag: lxc-5.0.0~287^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6768700d24a8cab63ea0b839b5ef42fed4cb6c56;p=thirdparty%2Flxc.git cgroups: strip LXC_AUTO_CGROUP_MIXED and LXC_AUTO_CGROUP_FULL_MIXED when cgroup namespaces are supported and used Signed-off-by: Christian Brauner --- diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index 59ab79311..94f90bb91 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -1910,8 +1910,19 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops, wants_force_mount = true; } - if (cgns_supported() && container_uses_namespace(handler, CLONE_NEWCGROUP)) + if (cgns_supported() && container_uses_namespace(handler, CLONE_NEWCGROUP)) { in_cgroup_ns = true; + /* + * When cgroup namespaces are supported and used by the + * container the LXC_AUTO_CGROUP_MIXED and + * LXC_AUTO_CGROUP_FULL_MIXED auto mount options don't apply + * since the parent directory of the container's cgroup is not + * accessible to the container. + */ + cg_flags &= ~LXC_AUTO_CGROUP_MIXED; + cg_flags &= ~LXC_AUTO_CGROUP_FULL_MIXED; + } + if (in_cgroup_ns && !wants_force_mount) return true;