diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-09-12 19:04:07 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-12 19:04:07 +0200 |
| commit | 8c3349bc08b6f4e48751f61dd342cbf9828eca85 (patch) | |
| tree | a9f5e374cb1060a0ef6577436b6bf24b783764c3 /pkg | |
| parent | 2de49870861be00cbd92108a1642796170a0aad1 (diff) | |
| parent | 7e88bf7fd0207783e8feecb7ec7206df96897f4e (diff) | |
| download | podman-8c3349bc08b6f4e48751f61dd342cbf9828eca85.tar.gz podman-8c3349bc08b6f4e48751f61dd342cbf9828eca85.tar.bz2 podman-8c3349bc08b6f4e48751f61dd342cbf9828eca85.zip | |
Merge pull request #3959 from giuseppe/rootless-use-systemd-scope
rootless: automatically create a systemd scope
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/cgroups/cgroups_supported.go | 62 | ||||
| -rw-r--r-- | pkg/cgroups/cgroups_unsupported.go | 6 |
2 files changed, 68 insertions, 0 deletions
diff --git a/pkg/cgroups/cgroups_supported.go b/pkg/cgroups/cgroups_supported.go index fcd44dfc8..2a36777d4 100644 --- a/pkg/cgroups/cgroups_supported.go +++ b/pkg/cgroups/cgroups_supported.go @@ -3,8 +3,15 @@ package cgroups import ( + "bufio" + "fmt" + "os" + "path/filepath" + "strings" "sync" "syscall" + + "github.com/pkg/errors" ) var ( @@ -25,3 +32,58 @@ func IsCgroup2UnifiedMode() (bool, error) { }) return isUnified, isUnifiedErr } + +// UserOwnsCurrentSystemdCgroup checks whether the current EUID owns the +// current cgroup. +func UserOwnsCurrentSystemdCgroup() (bool, error) { + uid := os.Geteuid() + + cgroup2, err := IsCgroup2UnifiedMode() + if err != nil { + return false, err + } + + f, err := os.Open("/proc/self/cgroup") + if err != nil { + return false, errors.Wrapf(err, "open file /proc/self/cgroup") + } + defer f.Close() + + scanner := bufio.NewScanner(f) + for scanner.Scan() { + line := scanner.Text() + parts := strings.SplitN(line, ":", 3) + + if len(parts) < 3 { + continue + } + + var cgroupPath string + + if cgroup2 { + cgroupPath = filepath.Join(cgroupRoot, parts[2]) + } else { + if parts[1] != "name=systemd" { + continue + } + cgroupPath = filepath.Join(cgroupRoot, "systemd", parts[2]) + } + + st, err := os.Stat(cgroupPath) + if err != nil { + return false, err + } + s := st.Sys() + if s == nil { + return false, fmt.Errorf("error stat cgroup path %s", cgroupPath) + } + + if int(s.(*syscall.Stat_t).Uid) != uid { + return false, nil + } + } + if err := scanner.Err(); err != nil { + return false, errors.Wrapf(err, "parsing file /proc/self/cgroup") + } + return true, nil +} diff --git a/pkg/cgroups/cgroups_unsupported.go b/pkg/cgroups/cgroups_unsupported.go index 9dc196e42..cd140fbf3 100644 --- a/pkg/cgroups/cgroups_unsupported.go +++ b/pkg/cgroups/cgroups_unsupported.go @@ -6,3 +6,9 @@ package cgroups func IsCgroup2UnifiedMode() (bool, error) { return false, nil } + +// UserOwnsCurrentSystemdCgroup checks whether the current EUID owns the +// current cgroup. +func UserOwnsCurrentSystemdCgroup() (bool, error) { + return false, nil +} |