diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c index 37f776adbe..4c82552904 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c @@ -2263,17 +2263,27 @@ int cg_is_delegated(const char *path) { assert(path); r = cg_get_xattr_bool(path, "trusted.delegate"); - if (ERRNO_IS_NEG_XATTR_ABSENT(r)) { - /* If the trusted xattr isn't set (preferred), then check the - * untrusted one. Under the assumption that whoever is trusted - * enough to own the cgroup, is also trusted enough to decide - * if it is delegated or not this should be safe. */ - r = cg_get_xattr_bool(path, "user.delegate"); - if (ERRNO_IS_NEG_XATTR_ABSENT(r)) - return false; - } + if (!ERRNO_IS_NEG_XATTR_ABSENT(r)) + return r; - return r; + /* If the trusted xattr isn't set (preferred), then check the untrusted one. Under the assumption + * that whoever is trusted enough to own the cgroup, is also trusted enough to decide if it is + * delegated or not this should be safe. */ + r = cg_get_xattr_bool(path, "user.delegate"); + return ERRNO_IS_NEG_XATTR_ABSENT(r) ? false : r; +} + +int cg_is_delegated_fd(int fd) { + int r; + + assert(fd >= 0); + + r = getxattr_at_bool(fd, /* path= */ NULL, "trusted.delegate", /* flags= */ 0); + if (!ERRNO_IS_NEG_XATTR_ABSENT(r)) + return r; + + r = getxattr_at_bool(fd, /* path= */ NULL, "user.delegate", /* flags= */ 0); + return ERRNO_IS_NEG_XATTR_ABSENT(r) ? false : r; } int cg_has_coredump_receive(const char *path) { diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h index 1022caf23c..bfb3830520 100644 --- a/src/basic/cgroup-util.h +++ b/src/basic/cgroup-util.h @@ -211,6 +211,7 @@ int cg_rmdir(const char *controller, const char *path); int cg_is_threaded(const char *path); int cg_is_delegated(const char *path); +int cg_is_delegated_fd(int fd); int cg_has_coredump_receive(const char *path);