From c4d7e02abd7008b8e8ad16f62c2abbb60fab252b Mon Sep 17 00:00:00 2001 From: William Hubbs Date: Wed, 14 Sep 2016 11:08:48 -0500 Subject: Fix permission checks for cgroups This is needed because containers may give read access to cgroups but not allow the settings to be changed. --- sh/rc-cgroup.sh.in | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sh/rc-cgroup.sh.in b/sh/rc-cgroup.sh.in index 20b2c6ec..5987f966 100644 --- a/sh/rc-cgroup.sh.in +++ b/sh/rc-cgroup.sh.in @@ -53,7 +53,7 @@ cgroup_set_values() while [ -n "$1" -a "$controller" != "cpuacct" ]; do case "$1" in $controller.*) - if [ -n "$name" -a -f "$cgroup/$name" -a -n "$val" ]; then + if [ -n "$name" -a -w "$cgroup/$name" -a -n "$val" ]; then veinfo "$RC_SVCNAME: Setting $cgroup/$name to $val" printf "%s" "$val" > "$cgroup/$name" fi @@ -68,12 +68,12 @@ cgroup_set_values() esac shift done - if [ -n "$name" -a -f "$cgroup/$name" -a -n "$val" ]; then + if [ -n "$name" -a -w "$cgroup/$name" -a -n "$val" ]; then veinfo "$RC_SVCNAME: Setting $cgroup/$name to $val" printf "%s" "$val" > "$cgroup/$name" fi - if [ -f "$cgroup/tasks" ]; then + if [ -w "$cgroup/tasks" ]; then veinfo "$RC_SVCNAME: adding to $cgroup/tasks" printf "%d" 0 > "$cgroup/tasks" fi @@ -88,14 +88,14 @@ cgroup_add_service() # cgroups. But may lead to a problems where that inheriting # is needed. for d in /sys/fs/cgroup/* ; do - [ -f "${d}"/tasks ] && printf "%d" 0 > "${d}"/tasks + [ -w "${d}"/tasks ] && printf "%d" 0 > "${d}"/tasks done openrc_cgroup=/sys/fs/cgroup/openrc if [ -d "$openrc_cgroup" ]; then cgroup="$openrc_cgroup/$RC_SVCNAME" mkdir -p "$cgroup" - [ -f "$cgroup/tasks" ] && printf "%d" 0 > "$cgroup/tasks" + [ -w "$cgroup/tasks" ] && printf "%d" 0 > "$cgroup/tasks" fi } -- cgit v1.2.3