1. remember to chown the cgroup path when migrating a container
2. when restoring the cgroup path, try to compute the euid for root vs.
using geteuid(); geteuid works for start, but it doesn't work for
migration since we're still real root at that point.
Signed-off-by: Tycho Andersen <tycho.ander...@canonical.com>
---
src/lxc/cgmanager.c | 6 +++++-
src/lxc/criu.c | 5 +++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/lxc/cgmanager.c b/src/lxc/cgmanager.c
index 357182a..54e6912 100644
--- a/src/lxc/cgmanager.c
+++ b/src/lxc/cgmanager.c
@@ -488,7 +488,11 @@ static bool chown_cgroup(const char *cgroup_path, struct
lxc_conf *conf)
return true;
data.cgroup_path = cgroup_path;
- data.origuid = geteuid();
+ data.origuid = mapped_hostid(0, conf, ID_TYPE_UID);
+ if (data.origuid < 0) {
+ ERROR("failed to get mapped root id");
+ return false;
+ }
/* Unpriv users can't chown it themselves, so chown from
* a child namespace mapping both our own and the target uid
diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index 6ef4905..f442612 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -466,6 +466,11 @@ void do_restore(struct lxc_container *c, int pipe, char
*directory, bool verbose
goto out_fini_handler;
}
+ if (!cgroup_chown(handler)) {
+ ERROR("failed creating groups");
+ goto out_fini_handler;
+ }
+
if (!restore_net_info(c)) {
ERROR("failed restoring network info");
goto out_fini_handler;
--
2.6.4
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
