core: grant user@.service instances write access to their own cgroup

author Lennart Poettering <lennart@poettering.net>

Wed, 10 Jul 2013 23:56:12 +0000 (01:56 +0200)

committer Lennart Poettering <lennart@poettering.net>

Wed, 10 Jul 2013 23:56:12 +0000 (01:56 +0200)
author Lennart Poettering <lennart@poettering.net>
Wed, 10 Jul 2013 23:56:12 +0000 (01:56 +0200)
committer Lennart Poettering <lennart@poettering.net>
Wed, 10 Jul 2013 23:56:12 +0000 (01:56 +0200)
diff --git a/src/core/execute.c b/src/core/execute.c

index cbeb0caf262967f58189bcdcf11938b1d5707772..50d2d49ba8f2f10ace94abafb840cfd5d7bd8699 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1258,6 +1258,23 @@ int exec_spawn(ExecCommand *command,
                          }
                  }
  
+#ifdef HAVE_PAM
+                if (cgroup_path && context->user && context->pam_name) {
+                        err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
+                        if (err < 0) {
+                                r = EXIT_CGROUP;
+                                goto fail_child;
+                        }
+
+
+                        err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
+                        if (err < 0) {
+                                r = EXIT_CGROUP;
+                                goto fail_child;
+                        }
+                }
+#endif
+
                  if (apply_permissions) {
                          err = enforce_groups(context, username, gid);
                          if (err < 0) {
author	Lennart Poettering <lennart@poettering.net>
	Wed, 10 Jul 2013 23:56:12 +0000 (01:56 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 10 Jul 2013 23:56:12 +0000 (01:56 +0200)