From 0e17357c37c79323b067f42258b863e3dbb6c18a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 8 Nov 2017 01:50:55 +0100
Subject: [PATCH] cgroups/cgfsng: adapt to new cgroup2 delegation

In order to enable proper unprivileged cgroup delegation on newer kernels we not
just need to delegate the "cgroup.procs" file but also "cgroup.threads". But
don't report an error in case it doesn't exist. Also delegate
"cgroup.subtree_control" to enable delegation of controllers to descendant
cgroups.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/cgroups/cgfsng.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index cc11f12de..cf5b784b7 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1503,6 +1503,25 @@ static int chown_cgroup_wrapper(void *data)
 		if (chmod(fullpath, 0664) < 0)
 			WARN("Error chmoding %s: %s", path, strerror(errno));
 		free(fullpath);
+
+		if (!hierarchies[i]->is_cgroup_v2)
+			continue;
+
+		fullpath = must_make_path(path, "cgroup.subtree_control", NULL);
+		if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
+			WARN("Failed chowning %s to %d: %s", fullpath, (int) destuid,
+			     strerror(errno));
+		if (chmod(fullpath, 0664) < 0)
+			WARN("Error chmoding %s: %s", path, strerror(errno));
+		free(fullpath);
+
+		fullpath = must_make_path(path, "cgroup.threads", NULL);
+		if (chown(fullpath, destuid, 0) < 0 && errno != ENOENT)
+			WARN("Failed chowning %s to %d: %s", fullpath, (int) destuid,
+			     strerror(errno));
+		if (chmod(fullpath, 0664) < 0)
+			WARN("Error chmoding %s: %s", path, strerror(errno));
+		free(fullpath);
 	}
 
 	return 0;
-- 
2.47.2