From: Tycho Andersen <tycho@tycho.ws>
Date: Tue, 13 Mar 2018 15:57:10 +0000 (+0000)
Subject: cgroups: don't escape if we're not real root
X-Git-Tag: lxc-3.0.0.beta2~9^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d961e28f1d759669b477a659cbb694aaa2af915;p=thirdparty%2Flxc.git

cgroups: don't escape if we're not real root

If we're host unpriv but root in our userns, we can't really escape
cgroups. Let's switch the cgroup escape test to reflect this.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
---

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 10c7ab2cf..f337be449 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1368,7 +1368,7 @@ static char *cg_unified_get_current_cgroup(void)
 	bool will_escape;
 	char *copy = NULL;
 
-	will_escape = (geteuid() == 0);
+	will_escape = !am_host_unpriv();
 	if (will_escape)
 		basecginfo = read_file("/proc/1/cgroup");
 	else