dasharo/systemd
0
0
Fork 0
mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

cgroup-util: add cg_is_delegated_fd() helper

Browse Source 
This is just like cg_is_delegate() but operates on an fd instead of a
cgroup path.

Sooner or later we should access cgroupfs mostly via fds rather than
paths, but we aren't there yet. But let's at least get started.
This commit is contained in:
Lennart Poettering
2023-10-25 23:04:15 +02:00
parent f0b8ac9e0e
commit 6414203cfc
2 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/basic/cgroup-util.c
View File

@@ -2263,17 +2263,27 @@ int cg_is_delegated(const char *path) {
assert(path);
r = cg_get_xattr_bool(path, "trusted.delegate");
if (ERRNO_IS_NEG_XATTR_ABSENT(r)) {
/* If the trusted xattr isn't set (preferred), then check the
* untrusted one. Under the assumption that whoever is trusted
* enough to own the cgroup, is also trusted enough to decide
* if it is delegated or not this should be safe. */
r = cg_get_xattr_bool(path, "user.delegate");
if (ERRNO_IS_NEG_XATTR_ABSENT(r))
return false;
}
if (!ERRNO_IS_NEG_XATTR_ABSENT(r))
return r;
return r;
/* If the trusted xattr isn't set (preferred), then check the untrusted one. Under the assumption
* that whoever is trusted enough to own the cgroup, is also trusted enough to decide if it is
* delegated or not this should be safe. */
r = cg_get_xattr_bool(path, "user.delegate");
return ERRNO_IS_NEG_XATTR_ABSENT(r) ? false : r;
}
int cg_is_delegated_fd(int fd) {
int r;
assert(fd >= 0);
r = getxattr_at_bool(fd, /* path= */ NULL, "trusted.delegate", /* flags= */ 0);
if (!ERRNO_IS_NEG_XATTR_ABSENT(r))
return r;
r = getxattr_at_bool(fd, /* path= */ NULL, "user.delegate", /* flags= */ 0);
return ERRNO_IS_NEG_XATTR_ABSENT(r) ? false : r;
}
int cg_has_coredump_receive(const char *path) {

1
src/basic/cgroup-util.h
View File

@@ -211,6 +211,7 @@ int cg_rmdir(const char *controller, const char *path);
int cg_is_threaded(const char *path);
int cg_is_delegated(const char *path);
int cg_is_delegated_fd(int fd);
int cg_has_coredump_receive(const char *path);