Bug#866863: cgroup-tools: cgrulesengd not moving processes to perf_event and freezer

[Andrea]

Package: cgroup-tools
Version: 0.41-8
Severity: important

I use cgrulesengd to automatically move processes owned by my user (karimo) 
into corresponding
cgroup trees. I am using systemd 233-9 without cgmanager.

I've created the groups by using cgconfigparser /usr/sbin/cgconfigparser -l 
/etc/cgconfig.conf -s
1664 with the following configuration:

-------------------------------------------
$ cat /etc/cgconfig.conf
group karimo {  
  perm {
    task {
      uid = karimo;
      gid = karimo;
    }
    admin {
      uid = karimo;
      gid = karimo;
    }
  }

  cpu {}
  blkio {}
  cpuacct {}
  cpuset {
    cgroup.clone_children = 1;
    cpuset.mems = 0;
    cpuset.cpus = 0-3;
  }
  devices {}
  freezer {}
  perf_event {}
  net_cls {}
  net_prio {}

  memory { memory.use_hierarchy = 1; }
}
-------------------------------------------

I then use cgrulesengd to automatically move my processes into those.

-------------------------------------------
$ cat /etc/cgrules.conf 
# <user>:<process_name>  <controllers> <destination>
karimo   *        karimo
-------------------------------------------

But the daemon fails to move under perf_event and freezer!

-------------------------------------------
$ cat /proc/self/cgroup 
10:perf_event:/
9:freezer:/
8:pids:/user.slice/user-1000.slice/session-2.scope
7:blkio:/karimo
6:memory:/karimo
5:devices:/karimo
4:cpu,cpuacct:/karimo
3:cpuset:/karimo
2:net_cls,net_prio:/karimo
1:name=systemd:/user.slice/user-1000.slice/session-2.scope
0::/user.slice/user-1000.slice/session-2.scope
-------------------------------------------

I can confirm that the cgroups are mounted and the trees correctly created by 
cgconfigparser:

-------------------------------------------
$ mount | grep -E 'freezer|perf_event'
cgroup on /sys/fs/cgroup/freezer type cgroup 
(rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/perf_event type cgroup 
(rw,nosuid,nodev,noexec,relatime,perf_event)

$ find /sys/fs/cgroup/ -type d -name 'karimo' 
/sys/fs/cgroup/perf_event/karimo
/sys/fs/cgroup/freezer/karimo
/sys/fs/cgroup/blkio/karimo
/sys/fs/cgroup/memory/karimo
/sys/fs/cgroup/devices/karimo
/sys/fs/cgroup/cpu,cpuacct/karimo
/sys/fs/cgroup/cpuset/karimo
/sys/fs/cgroup/net_cls,net_prio/karimo
-------------------------------------------

Do you know what is causing this? It is preventing me to run unpriviledged LXC 
containers.

-- Package-specific info:

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cgroup-tools depends on:
ii  libc6       2.24-12
ii  libcgroup1  0.41-8

cgroup-tools recommends no packages.

cgroup-tools suggests no packages.

-- no debconf information