chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
befb5b6
)
core: grant user@.service instances write access to their own cgroup
author
Lennart Poettering
<lennart@poettering.net>
Wed, 10 Jul 2013 23:56:12 +0000
(
01:56
+0200)
committer
Lennart Poettering
<lennart@poettering.net>
Wed, 10 Jul 2013 23:56:12 +0000
(
01:56
+0200)
src/core/execute.c
patch
|
blob
|
history
diff --git
a/src/core/execute.c
b/src/core/execute.c
index cbeb0caf262967f58189bcdcf11938b1d5707772..50d2d49ba8f2f10ace94abafb840cfd5d7bd8699 100644
(file)
--- a/
src/core/execute.c
+++ b/
src/core/execute.c
@@
-1258,6
+1258,23
@@
int exec_spawn(ExecCommand *command,
}
}
+#ifdef HAVE_PAM
+ if (cgroup_path && context->user && context->pam_name) {
+ err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
+ if (err < 0) {
+ r = EXIT_CGROUP;
+ goto fail_child;
+ }
+
+
+ err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
+ if (err < 0) {
+ r = EXIT_CGROUP;
+ goto fail_child;
+ }
+ }
+#endif
+
if (apply_permissions) {
err = enforce_groups(context, username, gid);
if (err < 0) {