[lxc-devel] [PATCH 7/8] cgroup: don't set devices cgroup if not in init_user_ns

Serge Hallyn Fri, 19 Jul 2013 09:41:25 -0700

From: Serge Hallyn <serge.hal...@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
---
 src/lxc/cgroup.c | 8 ++++++++
 1 file changed, 8 insertions(+)


diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index c707519..8a875b8 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -292,6 +292,14 @@ int lxc_cgroup_set_bypath(const char *cgrelpath, const 
char *filename, const cha
        char *cgabspath;
        char path[MAXPATHLEN];
 
+       /*
+        * exception: if in a user namespace, don't try to set devices cgroup.
+        * (a) a task in non-init userns can't use most devices anyway, and
+        * (b) a task in non-init userns cannot write to devices.{allow,deny}
+        */
+       if (strncmp(filename, "devices.", 8) == 0)
+               return 0;
+
        cgabspath = cgroup_path_get(filename, cgrelpath);
        if (!cgabspath)
                return -1;
-- 
1.8.3.2


------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 7/8] cgroup: don't set devices cgroup if not in init_user_ns

Reply via email to