check whether /sys/fs/cgroup is a mountpoint
The current check only tries to detect whether /sys/fs/cgroup exists and whether it is writable or not. But when the init system doesn't mount cgroups then /sys/fs/cgroup will just be an empty directory. When paired with unprivileged containers that mount sysfs this will cause misleading errors to be printed since /sys/fs/cgroup will be owned by user nobody:nogroup in this case. Independent of this specific problem this check will also be misleading when the /sys/fs/cgroup exists and is in fact writable by the init system but isn't actually a mountpoint. Note from William. "grep -qs" doesn't need to redirect output to /dev/null since it is completely silent. This fixes #209.
This commit is contained in:
Christian Brauner
William Hubbs
parent
38032626a6
commit
16ff3cd8df
@ -260,9 +260,12 @@ for _cmd; do
|
|||||||
# Apply cgroups settings if defined
|
# Apply cgroups settings if defined
|
||||||
if [ "$(command -v cgroup_add_service)" = "cgroup_add_service" ]
|
if [ "$(command -v cgroup_add_service)" = "cgroup_add_service" ]
|
||||||
then
|
then
|
||||||
if [ -d /sys/fs/cgroup -a ! -w /sys/fs/cgroup ]; then
|
if grep -qs /sys/fs/cgroup /proc/1/mountinfo
|
||||||
eerror "No permission to apply cgroup settings"
|
then
|
||||||
break
|
if [ -d /sys/fs/cgroup -a ! -w /sys/fs/cgroup ]; then
|
||||||
|
eerror "No permission to apply cgroup settings"
|
||||||
|
break
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
cgroup_add_service
|
cgroup_add_service
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user