[systemd-devel] Is it possible to change the cgroup uid/gid for a systemd slice?
Donald Buczek
buczek at molgen.mpg.de
Thu Aug 31 08:47:25 UTC 2023
On 8/31/23 1:08 AM, Julio Lajara wrote:
> Hi all, I have created a systemd slice to constrain CPU/mem resources for a service unit. The service unit runs as root (its a bash script) and it runs a subprocess using systemd-run that it also runs under the same slice but a different unprivileged user. The subprocess needs to read the cgroup memory data directly from the sysfs tree but it cant because its owned by root. Is there way I can change the permissions on it in the slice similar to how cgcreate has the -a option to set the uid/gid for the cgroup?
Can you demonstrate that? On the systems I've checked, all cgroup directories have o=rx and all files in it o=r.
>From a very quick look, systemd seems to always be using 0755 mode:
int cg_create(const char *controller, const char *path) {
_cleanup_free_ char *fs = NULL;
int r;
r = cg_get_path_and_check(controller, path, NULL, &fs);
if (r < 0)
return r;
r = mkdir_parents(fs, 0755);
if (r < 0)
return r;
r = RET_NERRNO(mkdir(fs, 0755));
D.
>
> Thanks,
>
--
Donald Buczek
buczek at molgen.mpg.de
Tel: +49 30 8413 1433
More information about the systemd-devel
mailing list