Thursday, May 23, 2024
 Popular · Latest · Hot · Upcoming
1
rated 0 times [  1] [ 0]  / answers: 1 / hits: 2299  / 3 Years ago, sat, may 8, 2021, 7:34:01

I've tried the procedures from:



but they don't work on Ubuntu 22.04, presumably because of the update to cgroups v2:


sudo cgcreate -a $USER:$USER -g memory:myGroup -t $USER:$USER
sudo cgset -r memory.max=500M myGroup
sudo cgset -r memory.swap.max=0 myGroup
cgexec -g memory:myGroup id

fails with:


cgroup change of group failed

It works if I run with sudo


sudo cgexec -g memory:myGroup id

but then the command runs as root, and I want it to run as the current user instead.


More From » 22.04

 Answers
7

I read the Linux Kernel documentation and find the following (emphasis mine):



cgroup.procs



A read-write new-line separated values file which exists on all cgroups.

...

A PID can be written to migrate the process associated with the PID to the cgroup. The writer should match all of the following conditions.



  • It must have write access to the “cgroup.procs” file.

  • It must have write access to the “cgroup.procs” file of the common ancestor of the source and destination cgroups.


...




In this scenario, the common ancestor is /. So I make cgroup.procs of the root group writable:


sudo chmod o+w /sys/fs/cgroup/cgroup.procs

And now I can use cgexec as any non-root user. Not knowing if there is any security implication though.


[#563] Sunday, May 9, 2021, 3 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
oreera

Total Points: 472
Total Questions: 121
Total Answers: 116

Location: Mayotte
Member since Thu, Dec 17, 2020
4 Years ago
oreera questions
;