Before that fix, when we first entered ve cgroup and then tried to
attach to unified cgroup, we saw vzctl exec/stop produce error:
Error writing to /sys/fs/cgroup/machine.slice/<ve>/cgroup.procs data='<pid>':
Operation not permitted
as we were already in ve and ve-restriction to attach to root ve unified
cgroup applied, we should just remove this restriction..
We only had it enabled for corresponding cgroup-v1 files, now let's also
enable for cgroup-v2 files too.
Fixes: ad418fb3f8775 ("ve/cgroup: Allow to write to several safe cgroup files
from CT")
Signed-off-by: Pavel Tikhomirov <[email protected]>
Feature: cgroup: whitelist of writeable files in CT
---
kernel/cgroup/cgroup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 067d7eb0f655e..9d75e0a7b675c 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5631,7 +5631,7 @@ static struct cftype cgroup_base_files[] = {
},
{
.name = "cgroup.procs",
- .flags = CFTYPE_NS_DELEGATABLE,
+ .flags = CFTYPE_NS_DELEGATABLE | CFTYPE_VE_WRITABLE,
.file_offset = offsetof(struct cgroup, procs_file),
.release = cgroup_procs_release,
.seq_start = cgroup_procs_start,
@@ -5641,7 +5641,7 @@ static struct cftype cgroup_base_files[] = {
},
{
.name = "cgroup.threads",
- .flags = CFTYPE_NS_DELEGATABLE,
+ .flags = CFTYPE_NS_DELEGATABLE | CFTYPE_VE_WRITABLE,
.release = cgroup_procs_release,
.seq_start = cgroup_threads_start,
.seq_next = cgroup_procs_next,
--
2.51.0
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
