Tuesday, April 16, 2024
Homepage · 22.04
 Popular · Latest · Hot · Upcoming
1
rated 0 times [  1] [ 0]  / answers: 1 / hits: 2281  / 3 Years ago, sat, may 8, 2021, 7:34:01

I've tried the procedures from:



but they don't work on Ubuntu 22.04, presumably because of the update to cgroups v2:


sudo cgcreate -a $USER:$USER -g memory:myGroup -t $USER:$USER

sudo cgset -r memory.max=500M myGroup

sudo cgset -r memory.swap.max=0 myGroup

cgexec -g memory:myGroup id

fails with:


cgroup change of group failed

It works if I run with sudo


sudo cgexec -g memory:myGroup id

but then the command runs as root, and I want it to run as the current user instead.


More From » 22.04
 Answers
7

I read the Linux Kernel documentation and find the following (emphasis mine):



cgroup.procs



A read-write new-line separated values file which exists on all cgroups.

...

A PID can be written to migrate the process associated with the PID to the cgroup. The writer should match all of the following conditions.



  • It must have write access to the “cgroup.procs” file.

  • It must have write access to the “cgroup.procs” file of the common ancestor of the source and destination cgroups.


...




In this scenario, the common ancestor is /. So I make cgroup.procs of the root group writable:


sudo chmod o+w /sys/fs/cgroup/cgroup.procs

And now I can use cgexec as any non-root user. Not knowing if there is any security implication though.


[#563] Sunday, May 9, 2021, 3 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
oreera
Add To Favorites
Follow
Total Points: 472
Total Questions: 121
Total Answers: 116
Location: Mayotte
Member since Thu, Dec 17, 2020
3 Years ago
oreera questions
Wed, Aug 24, 22, 01:36, 2 Years ago
Thu, Jan 12, 23, 07:08, 1 Year ago
Wed, Dec 7, 22, 10:30, 1 Year ago
Mon, Sep 5, 22, 00:56, 2 Years ago
Tue, Aug 30, 22, 21:10, 2 Years ago
View All
;