[systemd-devel] [PATCH] cgroups: chown user slices
Lennart Poettering
lennart at poettering.net
Wed Jul 10 17:48:29 PDT 2013
On Sat, 06.07.13 01:16, Marc-Antoine Perennou (Marc-Antoine at Perennou.com) wrote:
> When creating the cgroup hierarchy for a user slice,
> chown this slice to the user uid.
>
> Signed-off-by: Marc-Antoine Perennou <Marc-Antoine at Perennou.com>
> ---
> src/shared/cgroup-label.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/src/shared/cgroup-label.c b/src/shared/cgroup-label.c
> index 574a7be..1891c9a 100644
> --- a/src/shared/cgroup-label.c
> +++ b/src/shared/cgroup-label.c
> @@ -41,6 +41,7 @@
>
> int cg_create(const char *controller, const char *path) {
> _cleanup_free_ char *fs = NULL;
> + uid_t uid = (uid_t) -1;
> int r;
>
> r = cg_get_path_and_check(controller, path, NULL, &fs);
> @@ -59,6 +60,13 @@ int cg_create(const char *controller, const char *path) {
> return -errno;
> }
>
> + r = cg_path_get_owner_uid(path, &uid);
> + if (r < 0 && r != -ENOENT)
> + return r;
> +
> + if (uid != (uid_t) -1)
> + chown(fs, uid, (gid_t) -1);
> +
systemd in git will now grant access to the cgroup subtree in
user at .service to the specific user. That should solve the issue. (Note
that this means systemd --user will only work when run from
user at .service, as access to the cgroup tree is *not* granted for normal
sessions directly.)
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list