From c6e5e33414f09c6a7f2bfa5ea2ffe7130fe012f8 Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Wed, 20 Jan 2016 10:27:36 -0700 Subject: [PATCH] cgroups: restore perms on tasks and cgroup.procs files Although we don't want to restore the values on these files, we definitely do want to restore the permissions, as certain container engines (lxc) make use of this. Signed-off-by: Tycho Andersen Signed-off-by: Pavel Emelyanov --- cgroup.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/cgroup.c b/cgroup.c index 3ddf33aed..d4b35807c 100644 --- a/cgroup.c +++ b/cgroup.c @@ -85,6 +85,8 @@ static const char *global_props[] = { "cgroup.clone_children", "cgroup.sane_behavior", "notify_on_release", + "cgroup.procs", + "tasks", NULL }; @@ -333,6 +335,20 @@ static int read_cgroup_prop(struct cgroup_prop *property, const char *fullpath) property->uid = sb.st_uid; property->gid = sb.st_gid; + /* skip dumping the value of these, since it doesn't make sense (we + * just want to restore the perms) */ + if (!strcmp(property->name, "cgroup.procs") || !strcmp(property->name, "tasks")) { + ret = 0; + /* libprotobuf segfaults if we leave a null pointer in a + * string, so let's not do that */ + property->value = xstrdup(""); + if (!property->value) + ret = -1; + + close(fd); + return ret; + } + ret = read(fd, buf, sizeof(buf) - 1); if (ret == -1) { pr_err("Failed scanning %s\n", fullpath); @@ -1123,6 +1139,12 @@ static int restore_cgroup_prop(const CgroupPropEntry * cg_prop_entry_p, return -1; } + /* skip these two since restoring their values doesn't make sense */ + if (!strcmp(cg_prop_entry_p->name, "cgroup.procs") || !strcmp(cg_prop_entry_p->name, "tasks")) { + fclose(f); + return 0; + } + if (fprintf(f, "%s", cg_prop_entry_p->value) < 0) { fclose(f); pr_err("Failed writing %s to %s\n", cg_prop_entry_p->value, path);