diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c index a9d36627a86..a5002437c6f 100644 --- a/src/nspawn/nspawn-cgroup.c +++ b/src/nspawn/nspawn-cgroup.c @@ -35,6 +35,8 @@ static int chown_cgroup_path(const char *path, uid_t uid_shift) { "cgroup.stat", "cgroup.subtree_control", "cgroup.threads", + "memory.oom.group", + "memory.reclaim", "notify_on_release", "tasks") if (fchownat(fd, fn, uid_shift, uid_shift, 0) < 0) diff --git a/src/shared/cgroup-setup.c b/src/shared/cgroup-setup.c index 811f129f6cd..934a16eaf38 100644 --- a/src/shared/cgroup-setup.c +++ b/src/shared/cgroup-setup.c @@ -421,6 +421,8 @@ int cg_set_access( { "cgroup.procs", true }, { "cgroup.subtree_control", true }, { "cgroup.threads", false }, + { "memory.oom.group", false }, + { "memory.reclaim", false }, {}, }; diff --git a/test/units/testsuite-19.delegate.sh b/test/units/testsuite-19.delegate.sh index 83446a5704b..74d36c405da 100755 --- a/test/units/testsuite-19.delegate.sh +++ b/test/units/testsuite-19.delegate.sh @@ -26,6 +26,19 @@ systemd-run --wait \ -w /sys/fs/cgroup/system.slice/test-0.service/cgroup.procs -a \ -w /sys/fs/cgroup/system.slice/test-0.service/cgroup.subtree_control +# Test if this also works for some of the more recent attrs the kernel might or might not support +for attr in cgroup.threads memory.oom.group memory.reclaim ; do + + if grep -q "$attr" /sys/kernel/cgroup/delegate ; then + systemd-run --wait \ + --unit=test-0.service \ + --property="DynamicUser=1" \ + --property="Delegate=" \ + test -w /sys/fs/cgroup/system.slice/test-0.service/ -a \ + -w /sys/fs/cgroup/system.slice/test-0.service/"$attr" + fi +done + systemd-run --wait \ --unit=test-1.service \ --property="DynamicUser=1" \