From afd0818326aa37f03a3bc74f0269a06a403db16d Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 6 Sep 2019 15:30:30 +0200
Subject: rootless: automatically create a systemd scope

when running in rootless mode and using systemd as cgroup manager
create automatically a systemd scope when the user doesn't own the
current cgroup.

This solves a couple of issues:

on cgroup v2 it is necessary that a process before it can moved to a
different cgroup tree must be in a directory owned by the unprivileged
user.  This is not always true, e.g. when creating a session with su
-l.

Closes: https://github.com/containers/libpod/issues/3937

Also, for running systemd in a container it was before necessary to
specify "systemd-run --scope --user podman ...", now this is done
automatically as part of this PR.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/cgroups/cgroups_unsupported.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'pkg/cgroups/cgroups_unsupported.go')

diff --git a/pkg/cgroups/cgroups_unsupported.go b/pkg/cgroups/cgroups_unsupported.go
index 9dc196e42..cd140fbf3 100644
--- a/pkg/cgroups/cgroups_unsupported.go
+++ b/pkg/cgroups/cgroups_unsupported.go
@@ -6,3 +6,9 @@ package cgroups
 func IsCgroup2UnifiedMode() (bool, error) {
 	return false, nil
 }
+
+// UserOwnsCurrentSystemdCgroup checks whether the current EUID owns the
+// current cgroup.
+func UserOwnsCurrentSystemdCgroup() (bool, error) {
+	return false, nil
+}
-- 
cgit v1.2.3-54-g00ecf