cgroup2: allow mounting /sys/fs/cgroup in UserNS without unsharing CgroupNS
Bind-mount /sys/fs/cgroup when we are in UserNS but CgroupNS is not unshared, because we cannot mount cgroup2. This behavior correspond to crun v0.10.2. Fix #2158 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
parent
c4d8e1688c
commit
9c81440fb5
|
@ -279,8 +279,14 @@ func mountCgroupV2(m *configs.Mount, rootfs, mountLabel string, enableCgroupns b
|
||||||
if err := os.MkdirAll(cgroupPath, 0755); err != nil {
|
if err := os.MkdirAll(cgroupPath, 0755); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err := unix.Mount(m.Source, cgroupPath, "cgroup2", uintptr(m.Flags), m.Data); err != nil {
|
||||||
return unix.Mount(m.Source, cgroupPath, "cgroup2", uintptr(m.Flags), m.Data)
|
// when we are in UserNS but CgroupNS is not unshared, we cannot mount cgroup2 (#2158)
|
||||||
|
if err == unix.EPERM || err == unix.EBUSY {
|
||||||
|
return unix.Mount("/sys/fs/cgroup", cgroupPath, "", uintptr(m.Flags)|unix.MS_BIND, "")
|
||||||
|
}
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func mountToRootfs(m *configs.Mount, rootfs, mountLabel string, enableCgroupns bool) error {
|
func mountToRootfs(m *configs.Mount, rootfs, mountLabel string, enableCgroupns bool) error {
|
||||||
|
|
Loading…
Reference in New Issue