From b12afc8c5c5c3ee5720780df9a602288bbcc24ea Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 30 Dec 2014 01:57:23 +0100
Subject: nspawn: mount most of the cgroup tree read-only in nspawn containers
 except for the container's own subtree in the name=systemd hierarchy

More specifically mount all other hierarchies in their entirety and the
name=systemd above the container's subtree read-only.
---
 src/shared/cgroup-util.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/shared/cgroup-util.h')

diff --git a/src/shared/cgroup-util.h b/src/shared/cgroup-util.h
index 5e1e445c33..89dc2b1135 100644
--- a/src/shared/cgroup-util.h
+++ b/src/shared/cgroup-util.h
@@ -132,3 +132,5 @@ int cg_migrate_everywhere(CGroupControllerMask supported, const char *from, cons
 int cg_trim_everywhere(CGroupControllerMask supported, const char *path, bool delete_root);
 
 CGroupControllerMask cg_mask_supported(void);
+
+int cg_kernel_controllers(Set *controllers);
-- 
cgit v1.2.3-54-g00ecf