The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2213
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === This reverts commit 8d961e28f1d759669b477a659cbb694aaa2af915. Unfortunately I don't believe the check is correct in the general case. (not in the actual commit msg) - in particular, root-started containers in an unprivileged container will end up starting under the cgroup which systemd assigned (for instance) or, worse, which the user calling 'sudo lxc-start mailcontainer -d' logged in as.
From 80c689220df4db001e9d3ec9c5c1936cdc59ec3d Mon Sep 17 00:00:00 2001 From: Serge Hallyn <shal...@cisco.com> Date: Tue, 13 Mar 2018 12:55:02 -0500 Subject: [PATCH] Revert "cgroups: don't escape if we're not real root" This reverts commit 8d961e28f1d759669b477a659cbb694aaa2af915. Unfortunately I don't believe the check is correct in the general case. --- src/lxc/cgroups/cgfsng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index f337be449..10c7ab2cf 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -1368,7 +1368,7 @@ static char *cg_unified_get_current_cgroup(void) bool will_escape; char *copy = NULL; - will_escape = !am_host_unpriv(); + will_escape = (geteuid() == 0); if (will_escape) basecginfo = read_file("/proc/1/cgroup"); else
_______________________________________________ lxc-devel mailing list email@example.com http://lists.linuxcontainers.org/listinfo/lxc-devel