Re: Is it possible to change the cgroup uid/gid for a systemd slice?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/31/23 1:08 AM, Julio Lajara wrote:

> Hi all, I have created a systemd slice to constrain CPU/mem resources for a service unit. The service unit runs as root (its a bash script) and it runs a subprocess using systemd-run that it also runs under the same slice but a different unprivileged user. The subprocess needs to read the cgroup memory data directly from the sysfs tree but it cant because its owned by root. Is there way I can change the permissions on it in the slice similar to how cgcreate has the -a option to set the uid/gid for the cgroup?

Can you demonstrate that? On the systems I've checked, all cgroup directories have o=rx and all files in it o=r.

>From a very quick look, systemd seems to always be using 0755 mode:

int cg_create(const char *controller, const char *path) {
        _cleanup_free_ char *fs = NULL;
        int r;

        r = cg_get_path_and_check(controller, path, NULL, &fs);
        if (r < 0)
                return r;

        r = mkdir_parents(fs, 0755);
        if (r < 0)
                return r;

        r = RET_NERRNO(mkdir(fs, 0755));

D.



> 
> Thanks,
> 


-- 
Donald Buczek
buczek@xxxxxxxxxxxxx
Tel: +49 30 8413 1433
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux