From 939d5a37530d194ee69751e57197bfa19add530e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 25 May 2018 11:31:41 +1000 Subject: [PATCH] cgroup: clean up isIgnorableError for skippable EROFS Include a rootless argument for isIgnorableError to avoid people accidentally using isIgnorableError when they shouldn't (we don't ignore any errors when running as root as that really isn't safe). Signed-off-by: Aleksa Sarai --- libcontainer/cgroups/fs/apply_raw.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libcontainer/cgroups/fs/apply_raw.go b/libcontainer/cgroups/fs/apply_raw.go index e93f6a96..09b96de5 100644 --- a/libcontainer/cgroups/fs/apply_raw.go +++ b/libcontainer/cgroups/fs/apply_raw.go @@ -106,11 +106,17 @@ type cgroupData struct { // sense of the word). This includes EROFS (which for an unprivileged user is // basically a permission error) and EACCES (for similar reasons) as well as // the normal EPERM. -func isIgnorableError(err error) bool { +func isIgnorableError(rootless bool, err error) bool { + // We do not ignore errors if we are root. + if !rootless { + return false + } + // Is it an ordinary EPERM? if os.IsPermission(errors.Cause(err)) { return true } + // Try to handle other errnos. var errno error switch err := errors.Cause(err).(type) { case *os.PathError: @@ -172,7 +178,7 @@ func (m *Manager) Apply(pid int) (err error) { // been set, we don't bail on error in case of permission problems. // Cases where limits have been set (and we couldn't create our own // cgroup) are handled by Set. - if m.Rootless && isIgnorableError(err) && m.Cgroups.Path == "" { + if isIgnorableError(m.Rootless, err) && m.Cgroups.Path == "" { delete(m.Paths, sys.Name()) continue }