From: Daniel Golle <daniel@makrotopia.org>
Date: Thu, 26 Nov 2020 16:24:47 +0000 (+0000)
Subject: jail: enter existing cgroups namespace if given
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=b275b11d89beff3664d0c30b07e8d83b6098be71;p=project%2Fprocd.git

jail: enter existing cgroups namespace if given

Call to enter an existing cgroups namespace was missing. Add it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---

diff --git a/jail/jail.c b/jail/jail.c
index 80da47f..7ec6cd8 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -1129,6 +1129,8 @@ static int exec_jail(void *arg)
 	if (opts.namespace & CLONE_NEWCGROUP)
 		unshare(CLONE_NEWCGROUP);
 
+	setns_open(CLONE_NEWCGROUP);
+
 	if ((opts.namespace & CLONE_NEWUSER) || (opts.setns.user != -1)) {
 		if (setregid(0, 0) < 0) {
 			ERROR("setgid\n");