From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Sun, 6 Mar 2016 09:52:01 +0000 (-0800)
Subject: chmod container cgroup 775
X-Git-Tag: lxc-2.0.0.rc6~1^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0888dfe260a236c435748dbf6e562bfcc842e50;p=thirdparty%2Flxc.git

chmod container cgroup 775

so that container root can create sub-cgroups

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---

diff --git a/src/lxc/cgfsng.c b/src/lxc/cgfsng.c
index 221e7d5ab..b4519b2b0 100644
--- a/src/lxc/cgfsng.c
+++ b/src/lxc/cgfsng.c
@@ -1014,6 +1014,11 @@ struct chown_data {
 	uid_t origuid; // target uid in parent namespace
 };
 
+/*
+ * chgrp the container cgroups to container group.  We leave
+ * the container owner as cgroup owner.  So we must make the
+ * directories 775 so that the container can create sub-cgroups.
+ */
 static int chown_cgroup_wrapper(void *data)
 {
 	struct chown_data *arg = data;
@@ -1037,7 +1042,12 @@ static int chown_cgroup_wrapper(void *data)
 			free(fullpath);
 			return -1;
 		}
-		// TODO - do we need to chown tasks and cgroup.procs too?
+
+		if (chmod(fullpath, 0775) < 0) {
+			SYSERROR("Error chmoding %s\n", fullpath);
+			free(fullpath);
+			return -1;
+		}
 
 		free(fullpath);
 	}