libprocessgroup: Reject JoinCgroup actions for v2 controllers
A JoinCgroup action for a v2 cgroup controller migrates a process or task
from the uid_%d/pid_%d cgroup into another cgroup, e.g. the root cgroup.
This may make services unkillable because Service::Stop() only stops a
service if the uid_%d/pid_%d cgroup still exists when Service::Stop() is
called.
Bug: 309674654
Change-Id: I20b797afdf596125ff5a6ed41cb33fe59b84ac88
Signed-off-by: Bart Van Assche <bvanassche@google.com>
diff --git a/libprocessgroup/task_profiles.cpp b/libprocessgroup/task_profiles.cpp
index fe3c375..d5bd47c 100644
--- a/libprocessgroup/task_profiles.cpp
+++ b/libprocessgroup/task_profiles.cpp
@@ -868,7 +868,13 @@
auto controller = cg_map.FindController(controller_name);
if (controller.HasValue()) {
- profile->Add(std::make_unique<SetCgroupAction>(controller, path));
+ if (controller.version() == 1) {
+ profile->Add(std::make_unique<SetCgroupAction>(controller, path));
+ } else {
+ LOG(WARNING) << "A JoinCgroup action in the " << profile_name
+ << " profile is used for controller " << controller_name
+ << " in the cgroup v2 hierarchy and will be ignored";
+ }
} else {
LOG(WARNING) << "JoinCgroup: controller " << controller_name << " is not found";
}