check whether /sys/fs/cgroup is a mountpoint

The current check only tries to detect whether /sys/fs/cgroup exists and whether it is writable or not. But when the init system doesn't mount cgroups then /sys/fs/cgroup will just be an empty directory. When paired with unprivileged containers that mount sysfs this will cause misleading errors to be printed since /sys/fs/cgroup will be owned by user nobody:nogroup in this case. Independent of this specific problem this check will also be misleading when the /sys/fs/cgroup exists and is in fact writable by the init system but isn't actually a mountpoint. Note from William. "grep -qs" doesn't need to redirect output to /dev/null since it is completely silent. This fixes #209.
2018-02-12 13:32:01 +01:00 · 2018-02-12 13:32:01 +01:00 · 16ff3cd8df
commit 16ff3cd8df
parent 38032626a6
1 changed files with 6 additions and 3 deletions
--- a/sh/openrc-run.sh.in
+++ b/sh/openrc-run.sh.in
@ -260,9 +260,12 @@ for _cmd; do
 		# Apply cgroups settings if defined
 		if [ "$(command -v cgroup_add_service)" = "cgroup_add_service" ]
 		then
-			if [ -d /sys/fs/cgroup -a ! -w /sys/fs/cgroup ]; then
-				eerror "No permission to apply cgroup settings"
-				break
+			if grep -qs /sys/fs/cgroup /proc/1/mountinfo
+			then
+				if [ -d /sys/fs/cgroup -a ! -w /sys/fs/cgroup ]; then
+					eerror "No permission to apply cgroup settings"
+					break
+				fi
 			fi
 			cgroup_add_service
 		fi