From: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
CGroup delegation can allow various processes or users to use
cgroup. Further checks should be done by the various backends.
With this series, a qemu:///session VM can have basic CGroupv2 support
with machined --user help.
Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
---
src/qemu/qemu_cgroup.c | 3 ---
src/util/vircgroup.c | 5 +++++
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index c288519e62..0f80dd4214 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -914,9 +914,6 @@ qemuInitCgroup(virDomainObjPtr vm,
qemuDomainObjPrivatePtr priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(priv->driver);
- if (!virQEMUDriverIsPrivileged(priv->driver))
- return 0;
-
if (!virCgroupAvailable())
return 0;
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 70d85200cb..4e71677994 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -1254,6 +1254,11 @@ virCgroupNewMachine(const char *name,
if (rv == -1)
return -1;
+ if (geteuid() != 0) {
+ errno = EPERM;
+ return 0;
+ }
+
return virCgroupNewMachineManual(name,
drivername,
pidleader,
--
2.26.0.rc2.42.g98cedd0233
