Skip to content

Commit

Permalink
Merge pull request #4231 from brauner/cgroup.removal
Browse files Browse the repository at this point in the history 
cgroups: fix cgroup removal
  • Loading branch information
@brauner
brauner committed Nov 24, 2022
2 parents fa56702 + 6802041 commit 07670da
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions src/lxc/cgroups/cgfsng.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -560,15 +560,20 @@ __cgfsng_ops static void cgfsng_payload_destroy(struct cgroup_ops *ops,
if (ret < 0)
WARN("Failed to detach bpf program from cgroup");

if (!list_empty(&handler->conf->id_map)) {
/*
* Only do the user namespace dance if we have too. If the container's
* monitor is root we can assume that it is privileged enough to remove
* the cgroups it created when the container started.
*/
if (!list_empty(&handler->conf->id_map) && !handler->am_root) {
struct generic_userns_exec_data wrap = {
.conf = handler->conf,
.path_prune = ops->container_limit_cgroup,
.hierarchies = ops->hierarchies,
.origuid = 0,
};
ret = userns_exec_1(handler->conf, cgroup_tree_remove_wrapper,
&wrap, "cgroup_tree_remove_wrapper");
ret = userns_exec_full(handler->conf, cgroup_tree_remove_wrapper,
&wrap, "cgroup_tree_remove_wrapper");
} else {
ret = cgroup_tree_remove(ops->hierarchies, ops->container_limit_cgroup);
}
Expand Down

0 comments on commit 07670da

Please sign in to comment.