cgroups: restore perms on tasks and cgroup.procs files

Although we don't want to restore the values on these files, we definitely do want to restore the permissions, as certain container engines (lxc) make use of this. Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
2025-08-30 05:48:05 +00:00 · 2016-01-20 10:27:36 -07:00 · 2016-01-20 10:27:36 -07:00 · c6e5e33414
commit c6e5e33414
parent fa433b7552
1 changed files with 22 additions and 0 deletions
--- a/cgroup.c
+++ b/cgroup.c
@ -85,6 +85,8 @@ static const char *global_props[] = {
 	"cgroup.clone_children",
 	"cgroup.sane_behavior",
 	"notify_on_release",
+	"cgroup.procs",
+	"tasks",
 	NULL
 };

@ -333,6 +335,20 @@ static int read_cgroup_prop(struct cgroup_prop *property, const char *fullpath)
 	property->uid = sb.st_uid;
 	property->gid = sb.st_gid;

+	/* skip dumping the value of these, since it doesn't make sense (we
+	 * just want to restore the perms) */
+	if (!strcmp(property->name, "cgroup.procs") || !strcmp(property->name, "tasks")) {
+		ret = 0;
+		/* libprotobuf segfaults if we leave a null pointer in a
+		 * string, so let's not do that */
+		property->value = xstrdup("");
+		if (!property->value)
+			ret = -1;
+
+		close(fd);
+		return ret;
+	}
+
 	ret = read(fd, buf, sizeof(buf) - 1);
 	if (ret == -1) {
 		pr_err("Failed scanning %s\n", fullpath);
@ -1123,6 +1139,12 @@ static int restore_cgroup_prop(const CgroupPropEntry * cg_prop_entry_p,
 		return -1;
 	}

+	/* skip these two since restoring their values doesn't make sense */
+	if (!strcmp(cg_prop_entry_p->name, "cgroup.procs") || !strcmp(cg_prop_entry_p->name, "tasks")) {
+		fclose(f);
+		return 0;
+	}
+
 	if (fprintf(f, "%s", cg_prop_entry_p->value) < 0) {
 		fclose(f);
 		pr_err("Failed writing %s to %s\n", cg_prop_entry_p->value, path);