cgroup: clean up isIgnorableError for skippable EROFS

Include a rootless argument for isIgnorableError to avoid people accidentally using isIgnorableError when they shouldn't (we don't ignore any errors when running as root as that really isn't safe). Signed-off-by: Aleksa Sarai <asarai@suse.de>
2018-05-25 11:31:41 +10:00 · 2018-05-25 11:31:41 +10:00 · 939d5a3753
parent dd67ab10d7
commit 939d5a3753
1 changed files with 8 additions and 2 deletions
--- a/libcontainer/cgroups/fs/apply_raw.go
+++ b/libcontainer/cgroups/fs/apply_raw.go
@ -106,11 +106,17 @@ type cgroupData struct {
 // sense of the word). This includes EROFS (which for an unprivileged user is
 // basically a permission error) and EACCES (for similar reasons) as well as
 // the normal EPERM.
-func isIgnorableError(err error) bool {
+func isIgnorableError(rootless bool, err error) bool {
+	// We do not ignore errors if we are root.
+	if !rootless {
+		return false
+	}
+	// Is it an ordinary EPERM?
 	if os.IsPermission(errors.Cause(err)) {
 		return true
 	}

+	// Try to handle other errnos.
 	var errno error
 	switch err := errors.Cause(err).(type) {
 	case *os.PathError:
@ -172,7 +178,7 @@ func (m *Manager) Apply(pid int) (err error) {
 			// been set, we don't bail on error in case of permission problems.
 			// Cases where limits have been set (and we couldn't create our own
 			// cgroup) are handled by Set.
-			if m.Rootless && isIgnorableError(err) && m.Cgroups.Path == "" {
+			if isIgnorableError(m.Rootless, err) && m.Cgroups.Path == "" {
 				delete(m.Paths, sys.Name())
 				continue
 			}