[systemd-devel] [PATCH] cgroups: chown user slices
Kok, Auke-jan H
auke-jan.h.kok at intel.com
Wed Jul 10 20:07:36 PDT 2013
On Wed, Jul 10, 2013 at 5:48 PM, Lennart Poettering
<lennart at poettering.net> wrote:
> On Sat, 06.07.13 01:16, Marc-Antoine Perennou (Marc-Antoine at Perennou.com) wrote:
>
>> When creating the cgroup hierarchy for a user slice,
>> chown this slice to the user uid.
>>
>> Signed-off-by: Marc-Antoine Perennou <Marc-Antoine at Perennou.com>
>> ---
>> src/shared/cgroup-label.c | 8 ++++++++
>> 1 file changed, 8 insertions(+)
>>
>> diff --git a/src/shared/cgroup-label.c b/src/shared/cgroup-label.c
>> index 574a7be..1891c9a 100644
>> --- a/src/shared/cgroup-label.c
>> +++ b/src/shared/cgroup-label.c
>> @@ -41,6 +41,7 @@
>>
>> int cg_create(const char *controller, const char *path) {
>> _cleanup_free_ char *fs = NULL;
>> + uid_t uid = (uid_t) -1;
>> int r;
>>
>> r = cg_get_path_and_check(controller, path, NULL, &fs);
>> @@ -59,6 +60,13 @@ int cg_create(const char *controller, const char *path) {
>> return -errno;
>> }
>>
>> + r = cg_path_get_owner_uid(path, &uid);
>> + if (r < 0 && r != -ENOENT)
>> + return r;
>> +
>> + if (uid != (uid_t) -1)
>> + chown(fs, uid, (gid_t) -1);
>> +
>
> systemd in git will now grant access to the cgroup subtree in
> user at .service to the specific user. That should solve the issue. (Note
> that this means systemd --user will only work when run from
> user at .service, as access to the cgroup tree is *not* granted for normal
> sessions directly.)
can you elaborate what "normal" sessions are? Are we talking about
`PAMName=systemd-shared` being the part that distinguishes them?
Thanks,
Auke
More information about the systemd-devel
mailing list