wrapper: chown tasks file in net_cls cgroup

nyoxi · nyoxi · commit e70d90165ea8 · 2019-03-25T00:53:23.000+01:00
When `cgexec` starts it is already running under modified UID/GID
(at least on RHV host). We need to change ownership of `tasks` file so
that `cgexec` can write into it.

Signed-off-by: Tomáš Golembiovský &lt;tgolembi@redhat.com&gt;
diff --git a/wrapper/virt-v2v-wrapper.py b/wrapper/virt-v2v-wrapper.py
@@ -1283,7 +1283,10 @@ def set_network_limit(self, limit):
         return self._tc.set_limit(limit)
 
     def _prepare_net_cls(self):
-        self._tc = TcController(self._host.get_tag())
+        self._tc = TcController(
+            self._host.get_tag(),
+            self._host.get_uid(),
+            self._host.get_gid())
         return self._tc.cgroup
 
     def _systemd_return_code(self):
@@ -1322,10 +1325,11 @@ def class_id_to_hex(class_id):
         minor = int(parts[1], base=16)
         return '0x{:04x}{:04x}'.format(major, minor)
 
-    def __init__(self, tag):
+    def __init__(self, tag, uid, gid):
         self._cgroup = 'v2v-conversion/%s' % tag
         self._class_id = None
         self._interfaces = []
+        self._owner = (uid, gid)
         self._prepare()
 
     @property
@@ -1367,6 +1371,10 @@ def _prepare_cgroup(self):
         cgroup_dir = '/sys/fs/cgroup/net_cls/%s' % self._cgroup
         atexit_command(['/usr/bin/rmdir', '-p', cgroup_dir])
         os.makedirs(cgroup_dir)
+        # Change ownership of 'tasks' file so cgexec can write into it
+        os.chown(
+            os.path.join(cgroup_dir, 'tasks'),
+            self._owner[0], self._owner[1])
         # Store class ID
         if self._class_id is not None:
             with open(os.path.join(cgroup_dir, 'net_cls.classid'), 'w') as f:
