[CRIU] [PATCH 4/6] cgroups: restore perms on tasks and cgroup.procs files

[Tycho Andersen]

Although we don't want to restore the values on these files, we definitely
do want to restore the permissions, as certain container engines (lxc) make
use of this.

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
---
 cgroup.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/cgroup.c b/cgroup.c
index 3ddf33a..d4b3580 100644
--- a/cgroup.c
+++ b/cgroup.c
@@ -85,6 +85,8 @@ static const char *global_props[] = {
 	"cgroup.clone_children",
 	"cgroup.sane_behavior",
 	"notify_on_release",
+	"cgroup.procs",
+	"tasks",
 	NULL
 };
 
@@ -333,6 +335,20 @@ static int read_cgroup_prop(struct cgroup_prop *property, const char *fullpath)
 	property->uid = sb.st_uid;
 	property->gid = sb.st_gid;
 
+	/* skip dumping the value of these, since it doesn't make sense (we
+	 * just want to restore the perms) */
+	if (!strcmp(property->name, "cgroup.procs") || !strcmp(property->name, "tasks")) {
+		ret = 0;
+		/* libprotobuf segfaults if we leave a null pointer in a
+		 * string, so let's not do that */
+		property->value = xstrdup("");
+		if (!property->value)
+			ret = -1;
+
+		close(fd);
+		return ret;
+	}
+
 	ret = read(fd, buf, sizeof(buf) - 1);
 	if (ret == -1) {
 		pr_err("Failed scanning %s\n", fullpath);
@@ -1123,6 +1139,12 @@ static int restore_cgroup_prop(const CgroupPropEntry * cg_prop_entry_p,
 		return -1;
 	}
 
+	/* skip these two since restoring their values doesn't make sense */
+	if (!strcmp(cg_prop_entry_p->name, "cgroup.procs") || !strcmp(cg_prop_entry_p->name, "tasks")) {
+		fclose(f);
+		return 0;
+	}
+
 	if (fprintf(f, "%s", cg_prop_entry_p->value) < 0) {
 		fclose(f);
 		pr_err("Failed writing %s to %s\n", cg_prop_entry_p->value, path);
-- 
2.5.0