diff options
author | William Hubbs <w.d.hubbs@gmail.com> | 2016-09-14 11:08:48 -0500 |
---|---|---|
committer | William Hubbs <w.d.hubbs@gmail.com> | 2016-09-14 12:34:42 -0500 |
commit | c4d7e02abd7008b8e8ad16f62c2abbb60fab252b (patch) | |
tree | 78f4f562e706db6790c2aad5bd23881cd5f0e5e1 | |
parent | a4e0d675e13f07bf880da10a4d602983a556264d (diff) |
Fix permission checks for cgroups
This is needed because containers may give read access to cgroups but
not allow the settings to be changed.
-rw-r--r-- | sh/rc-cgroup.sh.in | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sh/rc-cgroup.sh.in b/sh/rc-cgroup.sh.in index 20b2c6ec..5987f966 100644 --- a/sh/rc-cgroup.sh.in +++ b/sh/rc-cgroup.sh.in @@ -53,7 +53,7 @@ cgroup_set_values() while [ -n "$1" -a "$controller" != "cpuacct" ]; do case "$1" in $controller.*) - if [ -n "$name" -a -f "$cgroup/$name" -a -n "$val" ]; then + if [ -n "$name" -a -w "$cgroup/$name" -a -n "$val" ]; then veinfo "$RC_SVCNAME: Setting $cgroup/$name to $val" printf "%s" "$val" > "$cgroup/$name" fi @@ -68,12 +68,12 @@ cgroup_set_values() esac shift done - if [ -n "$name" -a -f "$cgroup/$name" -a -n "$val" ]; then + if [ -n "$name" -a -w "$cgroup/$name" -a -n "$val" ]; then veinfo "$RC_SVCNAME: Setting $cgroup/$name to $val" printf "%s" "$val" > "$cgroup/$name" fi - if [ -f "$cgroup/tasks" ]; then + if [ -w "$cgroup/tasks" ]; then veinfo "$RC_SVCNAME: adding to $cgroup/tasks" printf "%d" 0 > "$cgroup/tasks" fi @@ -88,14 +88,14 @@ cgroup_add_service() # cgroups. But may lead to a problems where that inheriting # is needed. for d in /sys/fs/cgroup/* ; do - [ -f "${d}"/tasks ] && printf "%d" 0 > "${d}"/tasks + [ -w "${d}"/tasks ] && printf "%d" 0 > "${d}"/tasks done openrc_cgroup=/sys/fs/cgroup/openrc if [ -d "$openrc_cgroup" ]; then cgroup="$openrc_cgroup/$RC_SVCNAME" mkdir -p "$cgroup" - [ -f "$cgroup/tasks" ] && printf "%d" 0 > "$cgroup/tasks" + [ -w "$cgroup/tasks" ] && printf "%d" 0 > "$cgroup/tasks" fi } |