Am 15.09.2014 um 01:50 schrieb Michael Biebl:
> Am 15.09.2014 um 01:30 schrieb Michael Biebl:
>> If you run a diff over those file, you'll see that cgmanager *did* mount
>> a new cgroupfs at /sys/fs/cgroup (and it created a
>> /sys/fs/cgroup/cgmanager directory).
>
> Attached is a complete strace. The relevant parts from setup_cgroup_dir():
>
>> stat("/sys/fs/cgroup/cgmanager/sock", 0x7fffe59e1a60) = -1 ENOENT (No such
>> file or directory)
>> unlink("/sys/fs/cgroup/cgprobe") = -1 EROFS (Read-only file system)
>> creat("/sys/fs/cgroup/cgprobe", 02) = -1 EROFS (Read-only file system)
>> mount("cgroup", "/sys/fs/cgroup", "tmpfs", 0, "size=10000") = 0
>
> /sys/fs/cgroup/ has 0755 as permissions, so it's unclear why the creat
> fails with -1Actually, it's obvious now This is with systemd v208 tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,mode=755) This is with systemd v215 tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) This is relevant systemd upstream commit [1] > commit 679142ce4a8def7da43c4d3b2a02bae8c0d21175 > Author: Lennart Poettering <[email protected]> > Date: Tue Mar 18 04:06:54 2014 +0100 > > core: remount /sys/fs/cgroup/ read-only after we mounted all controllers > > Given that glibc searches for /dev/shm by just looking for any tmpfs we > should be more careful with providing tmpfs instances arbitrary code > might end up writing to. [1] http://cgit.freedesktop.org/systemd/systemd/commit/?id=679142ce4a8def7da43c4d3b2a02bae8c0d21175 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
