cg_get_root_path: Return default root path if it's not accessible due to insufficient...

This commit provides default value ("/") for root path in case where
/proc/1/cgroup is not readable due to insufficient permission (eg. in
MAC system).

Inability to read root cgroup path leads to failure in determining
instance type being used (system, user), eg.

  user@localhost:~$ /usr/lib/systemd/user-generators/systemd-dbus1-generator
  [13087.175648] audit: type=1400 audit(946701489.290:1463): lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System" requested=r pid=14081 comm="systemd-dbus1-g" name="cgroup" dev="proc" ino=11149
  Failed to determine whether we are running as user or system instance: Permission denied

  strace:  open("/proc/1/cgroup", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 EACCES (Permission denied)

Change-Id: I60a17ad05b8b49cd1fb1c8aa3ad8f46d34231df3
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>

diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index 4702d85..8d39318 100644 (file)
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -1227,7 +1227,13 @@ int cg_get_root_path(char **path) {
         assert(path);
 
         r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 1, &p);
-        if (r < 0)
+        if (r == -EACCES) {
+                /* /proc/1/cgroup might not be accessible due
+                 * to security policy - assume sane default */
+                p = strdup("/");
+                if (!p)
+                        return -ENOMEM;
+        } else if (r < 0)
                 return r;
 
         e = endswith(p, "/" SPECIAL_INIT_SCOPE);