From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 20 Feb 2022 14:47:28 +0000 (+0100)
Subject: cgroups: check that opened file descriptor is a cgroup filesystem
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7446b4e10d71f79f9f3952255608268842ee1f3;p=thirdparty%2Flxc.git

cgroups: check that opened file descriptor is a cgroup filesystem

Link: https://discuss.linuxcontainers.org/t/lxd-4-23-unable-to-start-nested-containers/13416
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index e82b56902..0b753daf3 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -3174,6 +3174,12 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 				SYSTRACE("Unified cgroup not mounted");
 				continue;
 			}
+
+			if (!fhas_fs_type(dfd_mnt, CGROUP2_SUPER_MAGIC)) {
+				SYSTRACE("Opened file descriptor %d is not a cgroup2 mountpoint", dfd_mnt);
+				continue;
+			}
+
 			dfd = dfd_mnt;
 
 			if (!is_empty_string(current_cgroup)) {
@@ -3239,6 +3245,12 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 				SYSTRACE("%s not mounted", controllers);
 				continue;
 			}
+
+			if (!fhas_fs_type(dfd_mnt, CGROUP_SUPER_MAGIC)) {
+				SYSTRACE("Opened file descriptor %d is not a cgroup mountpoint", dfd_mnt);
+				continue;
+			}
+
 			dfd = dfd_mnt;
 
 			if (!abspath(__current_cgroup))