jail: enter existing cgroups namespace if given

Call to enter an existing cgroups namespace was missing. Add it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

diff --git a/jail/jail.c b/jail/jail.c
index 80da47fa41583081f39b47ed45d0db1220886f56..7ec6cd8281733868689cc885c08031d6ec8c783e 100644 (file)
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -1129,6 +1129,8 @@ static int exec_jail(void *arg)
        if (opts.namespace & CLONE_NEWCGROUP)
                unshare(CLONE_NEWCGROUP);
 
+       setns_open(CLONE_NEWCGROUP);
+
        if ((opts.namespace & CLONE_NEWUSER) || (opts.setns.user != -1)) {
                if (setregid(0, 0) < 0) {
                        ERROR("setgid\n");