From c090dbedbd3042afb0407b981074fccb655d7f02 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 20 Feb 2022 15:47:28 +0100
Subject: [PATCH] cgroups: check that opened file descriptor is a cgroup
 filesystem

Link: https://discuss.linuxcontainers.org/t/lxd-4-23-unable-to-start-nested-containers/13416
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/cgroups/cgfsng.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index e82b56902..0b753daf3 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -3174,6 +3174,12 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 				SYSTRACE("Unified cgroup not mounted");
 				continue;
 			}
+
+			if (!fhas_fs_type(dfd_mnt, CGROUP2_SUPER_MAGIC)) {
+				SYSTRACE("Opened file descriptor %d is not a cgroup2 mountpoint", dfd_mnt);
+				continue;
+			}
+
 			dfd = dfd_mnt;
 
 			if (!is_empty_string(current_cgroup)) {
@@ -3239,6 +3245,12 @@ static int __initialize_cgroups(struct cgroup_ops *ops, bool relative,
 				SYSTRACE("%s not mounted", controllers);
 				continue;
 			}
+
+			if (!fhas_fs_type(dfd_mnt, CGROUP_SUPER_MAGIC)) {
+				SYSTRACE("Opened file descriptor %d is not a cgroup mountpoint", dfd_mnt);
+				continue;
+			}
+
 			dfd = dfd_mnt;
 
 			if (!abspath(__current_cgroup))
-- 
2.47.2