From: Christian Brauner Date: Mon, 26 Aug 2019 14:16:16 +0000 (+0200) Subject: cgfsng: mount pure unified cgroup layout correctly X-Git-Tag: lxc-4.0.0~126^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d661d380fa1c993f424d9331865ef38f105b465;p=thirdparty%2Flxc.git cgfsng: mount pure unified cgroup layout correctly When pure cgroup unified mode is used we cannot pre-mount a tmpfs as this confuses systemd. Users should also set lxc.mount.auto = cgroup:force to ensure that systemd in the container and on the host use identical cgroup layouts. Signed-off-by: Christian Brauner --- diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index cbdc11157..44ec5a0be 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -1761,8 +1761,8 @@ static inline int cg_mount_cgroup_full(int type, struct hierarchy *h, } __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops, - struct lxc_handler *handler, - const char *root, int type) + struct lxc_handler *handler, + const char *root, int type) { __do_free char *tmpfspath = NULL; int ret; @@ -1795,8 +1795,23 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops, else if (type == LXC_AUTO_CGROUP_FULL_NOSPEC) type = LXC_AUTO_CGROUP_FULL_MIXED; - /* Mount tmpfs */ - tmpfspath = must_make_path(root, "/sys/fs/cgroup", NULL); + if (ops->cgroup_layout == CGROUP_LAYOUT_UNIFIED) { + __do_free char *unified_path = NULL; + + unified_path = must_make_path(root, "/sys/fs/cgroup", NULL); + if (has_cgns && wants_force_mount) { + /* If cgroup namespaces are supported but the container + * will not have CAP_SYS_ADMIN after it has started we + * need to mount the cgroups manually. + */ + return cg_mount_in_cgroup_namespace(type, ops->unified, + unified_path) == 0; + } + + return cg_mount_cgroup_full(type, ops->unified, unified_path) == 0; + } + + /* mount tmpfs */ ret = safe_mount(NULL, tmpfspath, "tmpfs", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME, "size=10240k,mode=755", root);