nspawn: add SYSTEMD_NSPAWN_USE_CGNS env variable (#3809)

SYSTEMD_NSPAWN_USE_CGNS allows to disable the use of cgroup namespaces.
author: Christian Brauner <cbrauner@suse.de> 2016-07-26 16:49:15 +0200
committer: Lennart Poettering <lennart@poettering.net> 2016-07-26 16:49:15 +0200
commit: 5a8ff0e61dd8094b2b5d0b35df2ca13b489e0dfa (patch)
tree: 367e18e5aea7ae38ea4fd0d811a16a62987cbce5 /src/nspawn/nspawn.c
parent: 1d3c86c06fca8311923fcf81af0ab0bbb66e1edd (diff)
1 files changed, 13 insertions, 4 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index f8a43d89a2..6cc1b9177d 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -194,6 +194,7 @@ static int arg_settings_trusted = -1;
 static char **arg_parameters = NULL;
 static const char *arg_container_service_name = "systemd-nspawn";
 static bool arg_notify_ready = false;
+static bool arg_use_cgns = true;
 
 static void help(void) {
         printf("%s [OPTIONS...] [PATH] [ARGUMENTS...]\n\n"
@@ -1104,6 +1105,12 @@ static int parse_argv(int argc, char *argv[]) {
         if (e)
                 arg_container_service_name = e;
 
+        r = getenv_bool("SYSTEMD_NSPAWN_USE_CGNS");
+        if (r < 0)
+                arg_use_cgns = cg_ns_supported();
+        else
+                arg_use_cgns = r;
+
         return 1;
 }
 
@@ -2628,7 +2635,7 @@ static int inner_child(
                 return -ESRCH;
         }
 
-        if (cg_ns_supported()) {
+        if (arg_use_cgns && cg_ns_supported()) {
                 r = unshare(CLONE_NEWCGROUP);
                 if (r < 0)
                         return log_error_errno(errno, "Failed to unshare cgroup namespace");
@@ -2638,7 +2645,8 @@ static int inner_child(
                                 arg_userns_mode != USER_NAMESPACE_NO,
                                 arg_uid_shift,
                                 arg_uid_range,
-                                arg_selinux_apifs_context);
+                                arg_selinux_apifs_context,
+                                arg_use_cgns);
                 if (r < 0)
                         return r;
         } else {
@@ -3029,14 +3037,15 @@ static int outer_child(
         if (r < 0)
                 return r;
 
-        if (!cg_ns_supported()) {
+        if (!arg_use_cgns || !cg_ns_supported()) {
                 r = mount_cgroups(
                                 directory,
                                 arg_unified_cgroup_hierarchy,
                                 arg_userns_mode != USER_NAMESPACE_NO,
                                 arg_uid_shift,
                                 arg_uid_range,
-                                arg_selinux_apifs_context);
+                                arg_selinux_apifs_context,
+                                arg_use_cgns);
                 if (r < 0)
                         return r;
         }
author	Christian Brauner <cbrauner@suse.de>	2016-07-26 16:49:15 +0200
committer	Lennart Poettering <lennart@poettering.net>	2016-07-26 16:49:15 +0200
commit	5a8ff0e61dd8094b2b5d0b35df2ca13b489e0dfa (patch)
tree	367e18e5aea7ae38ea4fd0d811a16a62987cbce5 /src/nspawn/nspawn.c
parent	1d3c86c06fca8311923fcf81af0ab0bbb66e1edd (diff)