diff options
| author | Luke Shumaker <lukeshu@lukeshu.com> | 2017-06-14 18:03:04 -0400 | 
|---|---|---|
| committer | Luke Shumaker <lukeshu@lukeshu.com> | 2017-06-16 17:06:57 -0400 | 
| commit | 40d39b0ff8e3e5c9f148bcd820a6a570001a7182 (patch) | |
| tree | 91eb87beffa8d42183e0b78c1c94841c63e8e851 /src/test/test-nss.c | |
| parent | 1108b2858019c82f165fffa7eb19826d4f5a1b79 (diff) | |
nspawn: Be more robust when deciding to create subcgroups or chown cgroups
To demonstrate the breakage in the chown part: Be using an interactive
terminal, go to spawn a shell in a container; using --register=no, and using
userns.  It will end up chown()ing the cgroup of your terminal session to the
container!  And you will be left with that after you quit the container!
Similarly. the subcgroup bit will try create subcgroups for the parent and
child even they share the cgroup with other processes (as they likely to if
--register=no); and will find only partial success, leaving the cgroup with all
controllers disabled.
What we really care about is if the child process is alone in the cgroup, so
we'll take a peek at cgroup.procs for that cgroup to find out.
Diffstat (limited to 'src/test/test-nss.c')
0 files changed, 0 insertions, 0 deletions
