From c1ece8951856dd5357e31df9ec38bd7e3c46f624 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Wed, 17 Feb 2021 10:30:30 +0100 Subject: [PATCH] cgroups: ensure we don't remove cgroups we didn't create Signed-off-by: Christian Brauner --- src/lxc/cgroups/cgfsng.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index 4323c79f3..84ae3bf0e 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -1178,9 +1178,13 @@ static bool cgroup_tree_create(struct cgroup_ops *ops, struct lxc_conf *conf, static void cgroup_tree_prune_leaf(struct hierarchy *h, const char *path_prune, bool payload) { - int ret; + bool prune = true; if (payload) { + /* Check whether we actually created the cgroup to prune. */ + if (h->cgfd_limit < 0) + prune = false; + if (h->container_full_path != h->container_limit_path) free_disarm(h->container_limit_path); free_disarm(h->container_full_path); @@ -1188,12 +1192,19 @@ static void cgroup_tree_prune_leaf(struct hierarchy *h, const char *path_prune, close_prot_errno_disarm(h->cgfd_con); close_prot_errno_disarm(h->cgfd_limit); } else { + /* Check whether we actually created the cgroup to prune. */ + if (h->cgfd_mon < 0) + prune = false; + free_disarm(h->monitor_full_path); close_prot_errno_disarm(h->cgfd_mon); } - ret = cgroup_tree_prune(h->dfd_base, path_prune); - if (ret < 0) + /* We didn't create this cgroup. */ + if (!prune) + return; + + if (cgroup_tree_prune(h->dfd_base, path_prune)) SYSWARN("Failed to destroy %d(%s)", h->dfd_base, path_prune); else TRACE("Removed cgroup tree %d(%s)", h->dfd_base, path_prune); -- 2.47.2