677a72cd3e
Currently, mount_sysfs() only creates /sys/fs/cgroup if cg_ns_supported(). The comment explains that we need to "Create mountpoint for cgroups. Otherwise we are not allowed since we remount /sys read-only."; that is: that we need to do it now, rather than later. However, the comment doesn't do anything to explain why we only need to do this if cg_ns_supported(); shouldn't we _always_ need to do it? The answer is that if !use_cgns, then this was already done by the outer child, so mount_sysfs() only needs to do it if use_cgns. Now, mount_sysfs() doesn't know whether use_cgns, but !cg_ns_supported() implies !use_cgns, so we can optimize" the case where we _know_ !use_cgns, and deal with a no-op mkdir_p() in the false-positive where cgns_supported() but !use_cgns. But is it really much of an optimization? We're potentially spending an access(2) (cg_ns_supported() could be cached from a previous call) to potentially save an lstat(2) and mkdir(2); and all of them are on virtual fileystems, so they should all be pretty cheap. So, simplify and drop the conditional. It's a dubious optimization that requires more text to explain than it's worth. |
||
---|---|---|
.. | ||
meson.build | ||
nspawn-cgroup.c | ||
nspawn-cgroup.h | ||
nspawn-def.h | ||
nspawn-expose-ports.c | ||
nspawn-expose-ports.h | ||
nspawn-gperf.gperf | ||
nspawn-mount.c | ||
nspawn-mount.h | ||
nspawn-network.c | ||
nspawn-network.h | ||
nspawn-patch-uid.c | ||
nspawn-patch-uid.h | ||
nspawn-register.c | ||
nspawn-register.h | ||
nspawn-seccomp.c | ||
nspawn-seccomp.h | ||
nspawn-settings.c | ||
nspawn-settings.h | ||
nspawn-setuid.c | ||
nspawn-setuid.h | ||
nspawn-stub-pid1.c | ||
nspawn-stub-pid1.h | ||
nspawn.c | ||
test-nspawn-tables.c | ||
test-patch-uid.c |