cgroup,native: sanity check that root cgroup is writeable

This helps running bst in older bst spacetimes, where the cgroup was left unconfigured, and setting up a child cgroup is simply impossible.
aristanetworks · Aug 31, 2023 · cf3f27c · cf3f27c
1 parent 8f48930
commit cf3f27c
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/cgroup_native.c b/cgroup_native.c
@@ -15,9 +15,21 @@ static int cgroup_native_driver_init(bool fatal)
 	if (!cgroup_read_current(NULL)) {
 		return -1;
 	}
-	if (access("/sys/fs/cgroup/cgroup.controllers", F_OK) == -1) {
+
+	/* Attempting to open /sys/fs/cgroup/cgroup.procs privileged checks two
+	   things: first, that the cgroup hierarchy is v2 by checking that the
+	   file exists; and second, that the mounted cgroup hierarchy can be
+	   operated on, which might not be the case if bst was left in its
+	   original cgroup. */
+	make_capable(BST_CAP_DAC_OVERRIDE);
+	int fd = open("/sys/fs/cgroup/cgroup.procs", O_WRONLY, 0);
+	reset_capabilities();
+
+	if (fd == -1) {
 		return -1;
 	}
+	close(fd);
+
 	return 0;
 }