diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-07-25 22:23:00 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-07-25 22:23:00 +0200 |
| commit | 1a0b98c43797ce96e47b110a58f0b4c55f3256f5 (patch) | |
| tree | de31763744776a796fa929009a79eafafb2d2964 /src/nspawn/nspawn.c | |
| parent | c92fcc4f4375b0aebc5919311bbf703138b21918 (diff) | |
| parent | 0996ef00fb5c0770d49670f81a230fcc2552af89 (diff) | |
Merge pull request #3589 from brauner/cgroup_namespace
Cgroup namespace
Diffstat (limited to 'src/nspawn/nspawn.c')
| -rw-r--r-- | src/nspawn/nspawn.c | 41 |
1 files changed, 29 insertions, 12 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index b1c012a9e4..d5093a6d17 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -2589,9 +2589,24 @@ static int inner_child( return -ESRCH; } - r = mount_systemd_cgroup_writable("", arg_unified_cgroup_hierarchy); - if (r < 0) - return r; + if (cg_ns_supported()) { + r = unshare(CLONE_NEWCGROUP); + if (r < 0) + return log_error_errno(errno, "Failed to unshare cgroup namespace"); + r = mount_cgroups( + "", + arg_unified_cgroup_hierarchy, + arg_userns_mode != USER_NAMESPACE_NO, + arg_uid_shift, + arg_uid_range, + arg_selinux_apifs_context); + if (r < 0) + return r; + } else { + r = mount_systemd_cgroup_writable("", arg_unified_cgroup_hierarchy); + if (r < 0) + return r; + } r = reset_uid_gid(); if (r < 0) @@ -2973,15 +2988,17 @@ static int outer_child( if (r < 0) return r; - r = mount_cgroups( - directory, - arg_unified_cgroup_hierarchy, - arg_userns_mode != USER_NAMESPACE_NO, - arg_uid_shift, - arg_uid_range, - arg_selinux_apifs_context); - if (r < 0) - return r; + if (!cg_ns_supported()) { + r = mount_cgroups( + directory, + arg_unified_cgroup_hierarchy, + arg_userns_mode != USER_NAMESPACE_NO, + arg_uid_shift, + arg_uid_range, + arg_selinux_apifs_context); + if (r < 0) + return r; + } r = mount_move_root(directory); if (r < 0) |