Re: [systemd-devel] Is it possible to change the cgroup uid/gid for a systemd slice?
On Mi, 30.08.23 23:08, Julio Lajara (julio.laj...@protonmail.com) wrote: > Hi all, I have created a systemd slice to constrain CPU/mem > resources for a service unit. The service unit runs as root (its a > bash script) and it runs a subprocess using systemd-run that it also > runs under the same slice but a different unprivileged user. The > subprocess needs to read the cgroup memory data directly from the > sysfs tree but it cant because its owned by root. sysfs tree? You mean cgroupfs tree? But the memory attributes are world readable, so no need to chown. > Is there way I can change the permissions on it in the slice similar > to how cgcreate has the -a option to set the uid/gid for the cgroup? There's not. chowing of cgroups is pretty much about the ability to change them or create subgroups in them, but we do not allow either to client programs for slices. Lennart -- Lennart Poettering, Berlin
Re: [systemd-devel] Is it possible to change the cgroup uid/gid for a systemd slice?
On 8/31/23 1:08 AM, Julio Lajara wrote:
> Hi all, I have created a systemd slice to constrain CPU/mem resources for a
> service unit. The service unit runs as root (its a bash script) and it runs a
> subprocess using systemd-run that it also runs under the same slice but a
> different unprivileged user. The subprocess needs to read the cgroup memory
> data directly from the sysfs tree but it cant because its owned by root. Is
> there way I can change the permissions on it in the slice similar to how
> cgcreate has the -a option to set the uid/gid for the cgroup?
Can you demonstrate that? On the systems I've checked, all cgroup directories
have o=rx and all files in it o=r.
>From a very quick look, systemd seems to always be using 0755 mode:
int cg_create(const char *controller, const char *path) {
_cleanup_free_ char *fs = NULL;
int r;
r = cg_get_path_and_check(controller, path, NULL, );
if (r < 0)
return r;
r = mkdir_parents(fs, 0755);
if (r < 0)
return r;
r = RET_NERRNO(mkdir(fs, 0755));
D.
>
> Thanks,
>
--
Donald Buczek
buc...@molgen.mpg.de
Tel: +49 30 8413 1433
[systemd-devel] Is it possible to change the cgroup uid/gid for a systemd slice?
Hi all, I have created a systemd slice to constrain CPU/mem resources for a service unit. The service unit runs as root (its a bash script) and it runs a subprocess using systemd-run that it also runs under the same slice but a different unprivileged user. The subprocess needs to read the cgroup memory data directly from the sysfs tree but it cant because its owned by root. Is there way I can change the permissions on it in the slice similar to how cgcreate has the -a option to set the uid/gid for the cgroup? Thanks,
