cgroup-util: add cg_is_delegated_fd() helper

This is just like cg_is_delegate() but operates on an fd instead of a
cgroup path.

Sooner or later we should access cgroupfs mostly via fds rather than
paths, but we aren't there yet. But let's at least get started.

diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index 37f776adbe87f1e834c1cef3a64724c31e2ef144..4c82552904243f9825cd4c639fc9cb24ff05c2bd 100644 (file)
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -2263,17 +2263,27 @@ int cg_is_delegated(const char *path) {
         assert(path);
 
         r = cg_get_xattr_bool(path, "trusted.delegate");
-        if (ERRNO_IS_NEG_XATTR_ABSENT(r)) {
-                /* If the trusted xattr isn't set (preferred), then check the
-                 * untrusted one. Under the assumption that whoever is trusted
-                 * enough to own the cgroup, is also trusted enough to decide
-                 * if it is delegated or not this should be safe. */
-                r = cg_get_xattr_bool(path, "user.delegate");
-                if (ERRNO_IS_NEG_XATTR_ABSENT(r))
-                        return false;
-        }
+        if (!ERRNO_IS_NEG_XATTR_ABSENT(r))
+                return r;
 
-        return r;
+        /* If the trusted xattr isn't set (preferred), then check the untrusted one. Under the assumption
+         * that whoever is trusted enough to own the cgroup, is also trusted enough to decide if it is
+         * delegated or not this should be safe. */
+        r = cg_get_xattr_bool(path, "user.delegate");
+        return ERRNO_IS_NEG_XATTR_ABSENT(r) ? false : r;
+}
+
+int cg_is_delegated_fd(int fd) {
+        int r;
+
+        assert(fd >= 0);
+
+        r = getxattr_at_bool(fd, /* path= */ NULL, "trusted.delegate", /* flags= */ 0);
+        if (!ERRNO_IS_NEG_XATTR_ABSENT(r))
+                return r;
+
+        r = getxattr_at_bool(fd, /* path= */ NULL, "user.delegate", /* flags= */ 0);
+        return ERRNO_IS_NEG_XATTR_ABSENT(r) ? false : r;
 }
 
 int cg_has_coredump_receive(const char *path) {

diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
index 1022caf23c958bb8443041530a9d3e093441913b..bfb383052079860f1f0141805e0938a2d4a9719d 100644 (file)
--- a/src/basic/cgroup-util.h
+++ b/src/basic/cgroup-util.h
@@ -211,6 +211,7 @@ int cg_rmdir(const char *controller, const char *path);
 int cg_is_threaded(const char *path);
 
 int cg_is_delegated(const char *path);
+int cg_is_delegated_fd(int fd);
 
 int cg_has_coredump_receive(const char *path);