From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 5 Feb 2021 16:20:27 +0000 (+0100)
Subject: cgroups: switch __cg_mount_direct() to use the new mount api
X-Git-Tag: lxc-5.0.0~298^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a099c5db1c1a3a3ce20b717a3d7269d3a55a18b3;p=thirdparty%2Flxc.git

cgroups: switch __cg_mount_direct() to use the new mount api

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 7a7e62838..45c2c0622 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1763,42 +1763,62 @@ static int __cg_mount_direct(int type, struct hierarchy *h,
 			     struct lxc_rootfs *rootfs,
 			     int dfd_mnt_cgroupfs, const char *hierarchy_mnt)
 {
-	__do_free char *controllers = NULL;
-	unsigned long flags = 0;
+	__do_close int fd_fs = -EBADF;
+	unsigned int flags = 0;
 	char *fstype;
 	int ret;
 
 	if (dfd_mnt_cgroupfs < 0)
 		return ret_errno(EINVAL);
 
-	flags |= MS_NOSUID;
-	flags |= MS_NOEXEC;
-	flags |= MS_NODEV;
-	flags |= MS_RELATIME;
+	flags |= MOUNT_ATTR_NOSUID;
+	flags |= MOUNT_ATTR_NOEXEC;
+	flags |= MOUNT_ATTR_NODEV;
+	flags |= MOUNT_ATTR_RELATIME;
 
 	if (type == LXC_AUTO_CGROUP_RO || type == LXC_AUTO_CGROUP_FULL_RO)
-		flags |= MS_RDONLY;
+		flags |= MOUNT_ATTR_RDONLY;
 
 	if (is_unified_hierarchy(h)) {
 		fstype = "cgroup2";
 	} else {
 		fstype = "cgroup";
-
-		controllers = lxc_string_join(",", (const char **)h->controllers, false);
-		if (!controllers)
-			return ret_errno(ENOMEM);
 	}
 
-	ret = mount_at(dfd_mnt_cgroupfs, NULL, hierarchy_mnt,
-		       PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_BENEATH, fstype,
-		       flags, controllers);
-	if (ret < 0 && errno == ENOSYS) {
-		__do_free char *target = NULL;
+	fd_fs = fs_prepare(fstype, -EBADF, "", 0, 0);
+	if (fd_fs < 0) {
+		__do_free char *controllers = NULL, *target = NULL;
+		unsigned int old_flags = 0;
 		const char *rootfs_mnt;
 
+		if (!is_unified_hierarchy(h)) {
+			controllers = lxc_string_join(",", (const char **)h->controllers, false);
+			if (!controllers)
+				return ret_errno(ENOMEM);
+		}
+
 		rootfs_mnt = get_rootfs_mnt(rootfs);
+		ret = mnt_attributes_old(flags, &old_flags);
+		if (ret)
+			return log_error_errno(-EINVAL, EINVAL, "Unsupported mount properties specified");
+
 		target = must_make_path(rootfs_mnt, DEFAULT_CGROUP_MOUNTPOINT, hierarchy_mnt, NULL);
-		ret = safe_mount(NULL, target, fstype, flags, controllers, rootfs_mnt);
+		ret = safe_mount(NULL, target, fstype, old_flags, controllers, rootfs_mnt);
+	} else {
+		if (!is_unified_hierarchy(h)) {
+			for (const char **it = (const char **)h->controllers; it && *it; it++) {
+				if (strncmp(*it, "name=", STRLITERALLEN("name=")) == 0)
+					ret = fs_set_property(fd_fs, "name", *it + STRLITERALLEN("name="));
+				else
+					ret = fs_set_property(fd_fs, *it, "");
+				if (ret < 0)
+					return log_error_errno(-errno, errno, "Failed to add %s controller to cgroup filesystem context %d(dev)", *it, fd_fs);
+			}
+		}
+
+		ret = fs_attach(fd_fs, dfd_mnt_cgroupfs, hierarchy_mnt,
+				PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_BENEATH,
+				flags);
 	}
 	if (ret < 0)
 		return log_error_errno(ret, errno, "Failed to mount %s filesystem onto %d(%s)",