From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Thu, 10 Jun 2021 10:03:28 +0000 (+0200)
Subject: support pure cgroupv2 environments
X-Git-Url: https://git.proxmox.com/?p=pve-lxc-syscalld.git;a=commitdiff_plain;h=fe73c2fb92d1c30ff584da906f5ae75bfe9951ab

support pure cgroupv2 environments

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---

diff --git a/src/process/cgroups.rs b/src/process/cgroups.rs
index d8d88b3..8c4d8f3 100644
--- a/src/process/cgroups.rs
+++ b/src/process/cgroups.rs
@@ -3,7 +3,7 @@ use std::ffi::{OsStr, OsString};
 
 #[derive(Default)]
 pub struct CGroups {
-    pub v1: HashMap<String, OsString>,
+    pub v1: Option<HashMap<String, OsString>>,
     pub v2: Option<OsString>,
 }
 
@@ -13,10 +13,16 @@ impl CGroups {
     }
 
     pub fn get(&self, name: &str) -> Option<&OsStr> {
-        self.v1.get(name).map(|s| s.as_os_str())
+        self.v1
+            .as_ref()
+            .and_then(|v1| v1.get(name).map(|s| s.as_os_str()))
     }
 
     pub fn v2(&self) -> Option<&OsStr> {
         self.v2.as_ref().map(|s| s.as_os_str())
     }
+
+    pub fn has_v1(&self) -> bool {
+        self.v1.is_some()
+    }
 }
diff --git a/src/process/pid_fd.rs b/src/process/pid_fd.rs
index 674ebae..1caf8f2 100644
--- a/src/process/pid_fd.rs
+++ b/src/process/pid_fd.rs
@@ -222,7 +222,10 @@ impl PidFd {
                 cgroups.v2 = Some(path);
             } else {
                 for entry in name.split(',') {
-                    cgroups.v1.insert(entry.to_string(), path.clone());
+                    cgroups
+                        .v1
+                        .get_or_insert_with(Default::default)
+                        .insert(entry.to_string(), path.clone());
                 }
             }
         }
diff --git a/src/process/user_caps.rs b/src/process/user_caps.rs
index a3d6bcb..b0850ac 100644
--- a/src/process/user_caps.rs
+++ b/src/process/user_caps.rs
@@ -47,6 +47,7 @@ pub struct UserCaps<'a> {
     capabilities: Capabilities,
     umask: libc::mode_t,
     cgroup_v1_devices: Option<OsString>,
+    cgroup_v2_base: &'static str,
     cgroup_v2: Option<OsString>,
     apparmor_profile: Option<OsString>,
 }
@@ -67,12 +68,15 @@ impl UserCaps<'_> {
             capabilities: status.capabilities,
             umask: status.umask,
             cgroup_v1_devices: cgroups.get("devices").map(|s| s.to_owned()),
+            cgroup_v2_base: if cgroups.has_v1() { "unified/" } else { "" },
             cgroup_v2: cgroups.v2().map(|s| s.to_owned()),
             apparmor_profile,
         })
     }
 
     fn apply_cgroups(&self) -> io::Result<()> {
+        // FIXME: Handle `kind` taking /proc/self/mountinfo into account instead of assuming
+        // "unified/"
         fn enter_cgroup(kind: &str, name: &OsStr) -> io::Result<()> {
             let mut path = OsString::with_capacity(15 + kind.len() + name.len() + 13 + 1);
             path.push(OsStr::from_bytes(b"/sys/fs/cgroup/"));
@@ -87,7 +91,7 @@ impl UserCaps<'_> {
         }
 
         if let Some(ref cg) = self.cgroup_v2 {
-            enter_cgroup("unified/", cg)?;
+            enter_cgroup(self.cgroup_v2_base, cg)?;
         }
 
         Ok(())