core: grant user@.service instances write access to their own cgroup

2025-03-19 22:50:17 +03:00 · 2013-07-11 01:56:12 +02:00 · 2013-07-11 01:56:12 +02:00 · 8aa7519366
commit 8aa7519366
parent befb5b6a71
1 changed files with 17 additions and 0 deletions
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -1258,6 +1258,23 @@ int exec_spawn(ExecCommand *command,
                        }
                }

+#ifdef HAVE_PAM
+                if (cgroup_path && context->user && context->pam_name) {
+                        err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
+                        if (err < 0) {
+                                r = EXIT_CGROUP;
+                                goto fail_child;
+                        }
+
+
+                        err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
+                        if (err < 0) {
+                                r = EXIT_CGROUP;
+                                goto fail_child;
+                        }
+                }
+#endif
+
                if (apply_permissions) {
                        err = enforce_groups(context, username, gid);
                        if (err < 0) {