From 3486d9935a531be98d7f6006f6166552d20eeb94 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Tue, 16 Feb 2021 13:36:13 +0100
Subject: [PATCH] cgroups: stash fds for the controller mountpoint and base
 cgroup path

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/cgroups/cgfsng.c | 13 +++++++++++++
 src/lxc/cgroups/cgroup.c |  4 ++++
 src/lxc/cgroups/cgroup.h |  6 ++++++
 3 files changed, 23 insertions(+)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index b237b75a9..873435688 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -696,6 +696,7 @@ static struct hierarchy *add_hierarchy(struct cgroup_ops *ops,
 				       char **clist, char *mountpoint,
 				       char *container_base_path, int type)
 {
+	__do_close int dfd_base = -EBADF, dfd_mnt = -EBADF;
 	__do_free struct hierarchy *new = NULL;
 	int newentry;
 
@@ -714,6 +715,16 @@ static struct hierarchy *add_hierarchy(struct cgroup_ops *ops,
 	new->cgfd_limit			= -EBADF;
 	new->cgfd_mon			= -EBADF;
 
+	dfd_mnt = open_at(-EBADF, mountpoint, PROTECT_OPATH_DIRECTORY,
+			  PROTECT_LOOKUP_ABSOLUTE_XDEV, 0);
+	if (dfd_mnt < 0)
+		return syserrno(NULL, "Failed to open %s", mountpoint);
+
+	dfd_base = open_at(dfd_mnt, container_base_path, PROTECT_OPATH_DIRECTORY,
+			   PROTECT_LOOKUP_BENEATH_XDEV, 0);
+	if (dfd_base < 0)
+		return syserrno(NULL, "Failed to open %d(%s)", dfd_base, container_base_path);
+
 	TRACE("Adding cgroup hierarchy with mountpoint %s and base cgroup %s %s",
 	      mountpoint, container_base_path,
 	      clist ? "with controllers " : "without any controllers");
@@ -721,6 +732,8 @@ static struct hierarchy *add_hierarchy(struct cgroup_ops *ops,
 		TRACE("%s", *it);
 
 	newentry = append_null_to_list((void ***)&ops->hierarchies);
+	new->dfd_mnt = move_fd(dfd_mnt);
+	new->dfd_base = move_fd(dfd_base);
 	(ops->hierarchies)[newentry] = new;
 	return move_ptr(new);
 }
diff --git a/src/lxc/cgroups/cgroup.c b/src/lxc/cgroups/cgroup.c
index 9ba7a1860..b83879b62 100644
--- a/src/lxc/cgroups/cgroup.c
+++ b/src/lxc/cgroups/cgroup.c
@@ -92,6 +92,10 @@ void cgroup_exit(struct cgroup_ops *ops)
 			close((*it)->cgfd_con);
 		if ((*it)->cgfd_mon >= 0)
 			close((*it)->cgfd_mon);
+		if ((*it)->dfd_mnt >= 0)
+			close((*it)->dfd_mnt);
+		if ((*it)->dfd_base >= 0)
+			close((*it)->dfd_base);
 		free(*it);
 	}
 	free(ops->hierarchies);
diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
index f8060c06d..2ec5f0a7c 100644
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -103,6 +103,12 @@ struct hierarchy {
 
 	/* File descriptor for the monitor's cgroup @monitor_full_path. */
 	int cgfd_mon;
+
+	/* File descriptor for the controller's mountpoint @mountpoint. */
+	int dfd_mnt;
+
+	/* File descriptor for the controller's base cgroup path @container_base_path. */
+	int dfd_base;
 };
 
 struct cgroup_ops {
-- 
2.47.2