Re: [libvirt] [PATCH v3] Ensure systemd cgroup ownership is delegated to container with userns

From: Richard Weinberger <richard(a)nod.at&gt; This function is needed for user namespaces, where we need to chmod() the cgroup to the initial uid/gid such that systemd is allowed to use the cgroup. Signed-off-by: Richard Weinberger <richard(a)nod.at&gt; Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; Changed in v3: - Centralized all error reporting - Use virReportSystemError not VIR_WARN/VIR_ERROR --- src/libvirt_private.syms | 1 + src/lxc/lxc_cgroup.c | 12 +++++++++ src/util/vircgroup.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++++ src/util/vircgroup.h | 5 ++++ 4 files changed, 88 insertions(+)

diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index a6d60c5..18c891c 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -3253,6 +3253,76 @@ cleanup: } +int virCgroupSetOwner(virCgroupPtr cgroup, + uid_t uid, + gid_t gid, + int controllers) +{ + int ret = -1; + size_t i; + char *base = NULL, *entry = NULL; + DIR *dh = NULL; + + for (i = 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) { + struct dirent *de; + + if (!((1 << i) & controllers)) + continue; + + if (!cgroup->controllers[i].mountPoint) + continue; + + if (virAsprintf(&base, "%s%s", cgroup->controllers[i].mountPoint, + cgroup->controllers[i].placement) < 0)