diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-09-04 09:23:07 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-09-04 09:23:07 +0200 |
commit | 19af675e99d32172b58f1c91c8281ba2efd5d863 (patch) | |
tree | b29563299c0bf3a80efda288cf4dbdda5f578f3f /src/core/cgroup.c | |
parent | 707b66c66381c899d7ef640e158ffdd5bcff4deb (diff) |
cgroups: delegation to unprivileged services is safe in the unified hierarchy
Delegation to unpriviliged processes is safe in the unified hierarchy,
hence allow it. This has the benefit of permitting "systemd --user"
instances to further partition their resources between user services.
Diffstat (limited to 'src/core/cgroup.c')
-rw-r--r-- | src/core/cgroup.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 0a5a08aeba..9a025cf929 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -507,15 +507,20 @@ CGroupMask unit_get_own_mask(Unit *u) { return 0; /* If delegation is turned on, then turn on all cgroups, - * unless the process we fork into it is known to drop - * privileges anyway, and shouldn't get access to the - * controllers anyway. */ + * unless we are on the legacy hierarchy and the process we + * fork into it is known to drop privileges, and hence + * shouldn't get access to the controllers. + * + * Note that on the unified hierarchy it is safe to delegate + * controllers to unprivileged services. */ if (c->delegate) { ExecContext *e; e = unit_get_exec_context(u); - if (!e || exec_context_maintains_privileges(e)) + if (!e || + exec_context_maintains_privileges(e) || + cg_unified() > 0) return _CGROUP_MASK_ALL; } |