From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Fri, 11 Mar 2016 04:24:43 +0000 (-0800)
Subject: cgfsng: chmod the tasks and procns files
X-Git-Tag: lxc-2.0.0.rc10~1^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab8f5424cee7564edaa521562a8fa9426dd3e9f2;p=thirdparty%2Flxc.git

cgfsng: chmod the tasks and procns files

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
 Changelog - stgraber points out s/chgrp/chmod and wrong perms
---

diff --git a/src/lxc/cgfsng.c b/src/lxc/cgfsng.c
index add95fc0a..ea90903fe 100644
--- a/src/lxc/cgfsng.c
+++ b/src/lxc/cgfsng.c
@@ -1167,24 +1167,34 @@ static int chown_cgroup_wrapper(void *data)
 		char *fullpath, *path = d->hierarchies[i]->fullcgpath;
 
 		if (chown(path, destuid, 0) < 0) {
-			SYSERROR("Error chowning %s to %d: %m", path, (int) destuid);
+			SYSERROR("Error chowning %s to %d", path, (int) destuid);
 			return -1;
 		}
 
 		if (chmod(path, 0775) < 0) {
-			SYSERROR("Error chmoding %s: %m", path);
+			SYSERROR("Error chmoding %s", path);
 			return -1;
 		}
 
-		/* Failures to chown these are inconvenient but not detrimental */
+		/*
+		 * Failures to chown these are inconvenient but not detrimental
+		 * We leave these owned by the container launcher, so that container
+		 * root can write to the files to attach.  We chmod them 664 so that
+		 * container systemd can write to the files (which systemd in wily
+		 * insists on doing)
+		 */
 		fullpath = must_make_path(path, "tasks", NULL);
 		if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
 			WARN("Failed chowning %s to %d: %m", fullpath, (int) destuid);
+		if (chmod(fullpath, 0664) < 0)
+			WARN("Error chmoding %s: %m", path);
 		free(fullpath);
 
 		fullpath = must_make_path(path, "cgroup.procs", NULL);
 		if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
 			WARN("Failed chowning %s to %d: %m", fullpath, (int) destuid);
+		if (chmod(fullpath, 0664) < 0)
+			WARN("Error chmoding %s: %m", path);
 		free(fullpath);
 	}