summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2013-07-11 01:56:12 +0200
committerLennart Poettering <lennart@poettering.net>2013-07-11 01:56:12 +0200
commit8aa75193662d0e18d7c21ee9d546b7f3c8b8bc14 (patch)
tree1cbf2d39aefbef5e42105006caea4e7b0482d27d
parentbefb5b6a71c175d523644edbddd01b4b722fe956 (diff)
core: grant user@.service instances write access to their own cgroup
-rw-r--r--src/core/execute.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index cbeb0caf26..50d2d49ba8 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1258,6 +1258,23 @@ int exec_spawn(ExecCommand *command,
}
}
+#ifdef HAVE_PAM
+ if (cgroup_path && context->user && context->pam_name) {
+ err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
+ if (err < 0) {
+ r = EXIT_CGROUP;
+ goto fail_child;
+ }
+
+
+ err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
+ if (err < 0) {
+ r = EXIT_CGROUP;
+ goto fail_child;
+ }
+ }
+#endif
+
if (apply_permissions) {
err = enforce_groups(context, username, gid);
if (err < 0) {