The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2212
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === If we're host unpriv but root in our userns, we can't really escape cgroups. Let's switch the cgroup escape test to reflect this. Signed-off-by: Tycho Andersen <ty...@tycho.ws>
From 8d961e28f1d759669b477a659cbb694aaa2af915 Mon Sep 17 00:00:00 2001 From: Tycho Andersen <ty...@tycho.ws> Date: Tue, 13 Mar 2018 15:57:10 +0000 Subject: [PATCH] cgroups: don't escape if we're not real root If we're host unpriv but root in our userns, we can't really escape cgroups. Let's switch the cgroup escape test to reflect this. Signed-off-by: Tycho Andersen <ty...@tycho.ws> --- src/lxc/cgroups/cgfsng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index 10c7ab2cf..f337be449 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -1368,7 +1368,7 @@ static char *cg_unified_get_current_cgroup(void) bool will_escape; char *copy = NULL; - will_escape = (geteuid() == 0); + will_escape = !am_host_unpriv(); if (will_escape) basecginfo = read_file("/proc/1/cgroup"); else
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel