cros_sdk: mount cgroups in main mount namespace
When we moved to unshare, it implicitly setup cgroups inside of that
mount namespace. That's not what we want -- we need to be setup in
the main namespace so that it only gets mounted once and the parent
process gets access to it so it can kill cros_sdk if need be.
Have the re-exec logic be a bit fancier. If we are non-root, and we
have yet to setup cgroups, just re-exec ourselves with sudo. Then
this root process can mount cgroups before re-execing again in a new
mount namespace.
If cgroups are already setup, then skip that and just unshare directly
like we are today. There's more overhead on the first exec, but it's
unchanged after that, so the common case should be OK.
BUG=chromium-os:36327
TEST=`cros_sdk -- true` leaves cgroup mounts behind and only mounts on first try
Change-Id: I87368498016ee329674b5d3ce934ed6eeae82040
Reviewed-on: https://gerrit.chromium.org/gerrit/38375
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
diff --git a/scripts/cbuildbot.py b/scripts/cbuildbot.py
index 1cf5de0..659272d 100644
--- a/scripts/cbuildbot.py
+++ b/scripts/cbuildbot.py
@@ -1157,7 +1157,7 @@
parser.error('Options --buildbot/--remote-trybot and --nocgroups cannot '
'be used together. Cgroup support is required for '
'buildbot/remote-trybot mode.')
- if not cgroups.Cgroup.CgroupsSupported():
+ if not cgroups.Cgroup.IsSupported():
parser.error('Option --buildbot/--remote-trybot was given, but this '
'system does not support cgroups. Failing.')