While parts of QEMU's CGroup code were moved under hypervisor agnostic location (src/hypervisor/) a typo sneaked in. The inspiration for virDomainCgroupConnectCgroup() comes from qemuConnectCgroup(). The former is called upon reconnecting to a running domain (after daemon restart). While the latter returned early if the daemon was running unprivileged, the former returns early if the daemon runs privileged. This is obviously wrong, because root can set up CGroups.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2075765 Fixes: 788e2b58cb1896f1c25ebbdbde4bafddc5ed4dc9 Signed-off-by: Michal Privoznik <mpriv...@redhat.com> --- src/hypervisor/domain_cgroup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/hypervisor/domain_cgroup.c b/src/hypervisor/domain_cgroup.c index 5af88155bc..8072465615 100644 --- a/src/hypervisor/domain_cgroup.c +++ b/src/hypervisor/domain_cgroup.c @@ -485,7 +485,7 @@ virDomainCgroupConnectCgroup(const char *prefix, bool privileged, char *machineName) { - if (privileged) + if (!privileged) return 0; if (!virCgroupAvailable()) -- 2.35.1
