On 8/31/23 1:08 AM, Julio Lajara wrote:

> Hi all, I have created a systemd slice to constrain CPU/mem resources for a 
> service unit. The service unit runs as root (its a bash script) and it runs a 
> subprocess using systemd-run that it also runs under the same slice but a 
> different unprivileged user. The subprocess needs to read the cgroup memory 
> data directly from the sysfs tree but it cant because its owned by root. Is 
> there way I can change the permissions on it in the slice similar to how 
> cgcreate has the -a option to set the uid/gid for the cgroup?

Can you demonstrate that? On the systems I've checked, all cgroup directories 
have o=rx and all files in it o=r.

>From a very quick look, systemd seems to always be using 0755 mode:

int cg_create(const char *controller, const char *path) {
        _cleanup_free_ char *fs = NULL;
        int r;

        r = cg_get_path_and_check(controller, path, NULL, &fs);
        if (r < 0)
                return r;

        r = mkdir_parents(fs, 0755);
        if (r < 0)
                return r;

        r = RET_NERRNO(mkdir(fs, 0755));


> Thanks,

Donald Buczek
Tel: +49 30 8413 1433

Reply via email to