From 643ede2b9062937d6482b4bb36cd7e8e053dd7bb Mon Sep 17 00:00:00 2001 From: Simon Fels Date: Thu, 19 Jul 2018 22:22:03 -0400 Subject: [PATCH] container: use cgroup snap-confine already setup --- src/anbox/container/lxc_container.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/anbox/container/lxc_container.cpp b/src/anbox/container/lxc_container.cpp index c257582..0490577 100644 --- a/src/anbox/container/lxc_container.cpp +++ b/src/anbox/container/lxc_container.cpp @@ -266,6 +266,11 @@ void LxcContainer::start(const Configuration &configuration) { set_config_item("lxc.init.cmd", "/anbox-init.sh"); + // If we're running inside the snap environment snap-confine already created a + // cgroup for us we need to use as otherwise presevering a namespace wont help. + if (utils::is_env_set("SNAP")) + set_config_item("lxc.namespace.keep", "cgroup"); + auto rootfs_path = SystemConfiguration::instance().rootfs_dir(); if (rootfs_overlay_) rootfs_path = SystemConfiguration::instance().combined_rootfs_dir();