[lxc-devel] [lxd/master] lxd/apparmor: Disable cgroup2 on legacy hosts

Thu, 13 Aug 2020 14:53:57 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7773

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>

From 8256b04c5a8ac98da9a8a7cef8ddf1ccac5dfd51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Tue, 11 Aug 2020 14:27:34 -0400
Subject: [PATCH] lxd/apparmor: Disable cgroup2 on legacy hosts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
 lxd/apparmor/instance.go     | 4 +++-
 lxd/apparmor/instance_lxc.go | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lxd/apparmor/instance.go b/lxd/apparmor/instance.go
index 1a2f9b23b7..1944f7bb4b 100644
--- a/lxd/apparmor/instance.go
+++ b/lxd/apparmor/instance.go
@@ -9,6 +9,7 @@ import (
        "path/filepath"
        "strings"
 
+       "github.com/lxc/lxd/lxd/cgroup"
        "github.com/lxc/lxd/lxd/project"
        "github.com/lxc/lxd/lxd/state"
        "github.com/lxc/lxd/shared"
@@ -159,7 +160,8 @@ func instanceProfile(state *state.State, inst instance) 
(string, error) {
        var sb *strings.Builder = &strings.Builder{}
        err = lxcProfileTpl.Execute(sb, map[string]interface{}{
                "feature_unix":     unixSupported,
-               "feature_cgns":     shared.PathExists("/proc/self/ns/cgroup"),
+               "feature_cgns":     state.OS.CGInfo.Namespacing,
+               "feature_cgroup2":  state.OS.CGInfo.Layout == 
cgroup.CgroupsUnified || state.OS.CGInfo.Layout == cgroup.CgroupsHybrid,
                "feature_stacking": state.OS.AppArmorStacking && 
!state.OS.AppArmorStacked,
                "namespace":        InstanceNamespaceName(inst),
                "nesting":          inst.IsNesting(),
diff --git a/lxd/apparmor/instance_lxc.go b/lxd/apparmor/instance_lxc.go
index 3962e4f0fb..b9c3fcb7db 100644
--- a/lxd/apparmor/instance_lxc.go
+++ b/lxd/apparmor/instance_lxc.go
@@ -453,8 +453,10 @@ profile "{{ .name }}" 
flags=(attach_disconnected,mediate_deleted) {
 
   ### Feature: cgroup namespace
   mount fstype=cgroup -> /sys/fs/cgroup/**,
+{{- if .feature_cgroup2 }}
   mount fstype=cgroup2 -> /sys/fs/cgroup/**,
 {{- end }}
+{{- end }}
 
 {{- if .feature_stacking }}
 

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to