On 8/31/23 1:08 AM, Julio Lajara wrote:
> Hi all, I have created a systemd slice to constrain CPU/mem resources for a
> service unit. The service unit runs as root (its a bash script) and it runs a
> subprocess using systemd-run that it also runs under the same slice but a
> different unprivileged user. The subprocess needs to read the cgroup memory
> data directly from the sysfs tree but it cant because its owned by root. Is
> there way I can change the permissions on it in the slice similar to how
> cgcreate has the -a option to set the uid/gid for the cgroup?
Can you demonstrate that? On the systems I've checked, all cgroup directories
have o=rx and all files in it o=r.
>From a very quick look, systemd seems to always be using 0755 mode:
int cg_create(const char *controller, const char *path) {
_cleanup_free_ char *fs = NULL;
int r;
r = cg_get_path_and_check(controller, path, NULL, &fs);
if (r < 0)
return r;
r = mkdir_parents(fs, 0755);
if (r < 0)
return r;
r = RET_NERRNO(mkdir(fs, 0755));
D.
>
> Thanks,
>
--
Donald Buczek
[email protected]
Tel: +49 30 8413 1433
