From nobody Sun Feb 8 20:23:31 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; arc=fail (BodyHash is different from the expected one); dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1770120370179511.8286451281889; Tue, 3 Feb 2026 04:06:10 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id A4CD83F30C; Tue, 3 Feb 2026 07:06:09 -0500 (EST) Received: from [172.19.199.6] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 4A45A43EFC; Tue, 3 Feb 2026 07:00:48 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 13B113FD2A; Tue, 3 Feb 2026 05:37:11 -0500 (EST) Received: from mx0a-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 35FFD41861 for ; Tue, 3 Feb 2026 05:37:10 -0500 (EST) Received: from pps.filterd (m0001303.ppops.net [127.0.0.1]) by m0001303.ppops.net (8.18.1.11/8.18.1.11) with ESMTP id 61392KTn3257280 for ; Tue, 3 Feb 2026 02:33:09 -0800 Received: from ch4pr04cu002.outbound.protection.outlook.com (mail-northcentralusazon11013042.outbound.protection.outlook.com [40.107.201.42]) by m0001303.ppops.net (PPS) with ESMTPS id 4c35pgm4hy-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Tue, 03 Feb 2026 02:33:09 -0800 (PST) Received: from PH0PR15MB4862.namprd15.prod.outlook.com (2603:10b6:510:c0::9) by CY5PR15MB5438.namprd15.prod.outlook.com (2603:10b6:930:3a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9564.16; Tue, 3 Feb 2026 10:33:07 +0000 Received: from PH0PR15MB4862.namprd15.prod.outlook.com ([fe80::4f85:a71a:c12e:be54]) by PH0PR15MB4862.namprd15.prod.outlook.com ([fe80::4f85:a71a:c12e:be54%3]) with mapi id 15.20.9587.010; Tue, 3 Feb 2026 10:33:07 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 X-Greylist: delayed 240 seconds by postgrey-1.37 at lists.libvirt.org; Tue, 03 Feb 2026 05:37:10 EST DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h= content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=s2048-2025-q2; bh=gqChDoLnoGMH+sz/wk G6W0Qxt3R3Rd9Q99fQVE1zx3U=; b=QUeRbg0WYV5+EiH1X3sESMNyIeFmPg0ZCa rqTur7KOkwU/sovufiLfIo0FLbKyd3PjSdnhusLcBBr+8RmWcIrqSfq2WXI1lbyp hDahiAgJhzxwV1+zYdJp8d/091L2eJR6Df+KxMmjff8f/bFNLLbsFCRGCE/pQtkC BBQSnfeJwa9yq1mTcnRPrha7EHyJtfBREv88LBQNYn7fvUKxdNAPp7fFB2eNZtfA jvxPBLhoWghpecRsEuX1lFyemWSsSx+Hwig8CrFpD1JYthmaow0ry3aMewpeUvDM /FL7Ns3L5k6cxiiva25ETwEnWJlQPpeLsf9vePFxhZuZF4Qv81wA== ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wGQRxptS69XTvMOt6epc+YjambMsFvNEafJtUh1n4205KTaAKLzS+BZyiZCVyRb1wUnq5o/73LJj/7SAXJnIcc5q08tzy0k8Ih4JYGa020cEGsyhJD3NWOZ0eT/T9HC5fvQmUHs6CyrRtseJvFRwkvrkC2BJnuB/zsizvZOIh+c8FXUVDkzotmxPUjUhoip8fif4Hdqdqn75Hxi9BzL66foMSpFPx19JQGiwrvpAuUSVpYzeRPkhaCIG2BSpy5ubk+cHjLuYlaYdyE+JlwAUAZCT7j6F22Riks/f+AfP1TqSCnutKs/uFTwHeD6LTbZYTUC/ooOSrAuLrEVB+2k2OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gqChDoLnoGMH+sz/wkG6W0Qxt3R3Rd9Q99fQVE1zx3U=; b=dS+BWDS6saKdTvGhQDSohoc9Sr9OFG20zVfdeSKF5bbtXCJ/4g1vW/er9U6AYWQ/K9N5QMJAFttlfXU+cdQ0VVUpIbevuX9Uz9M3/1A6HVooyDhVxDumMLFO0uVabMPNGQzXVO1e8db4kk9TGERfF7Stoi1Cqyyl3CVCGOwubU0Gg8ny612FjCmxyvyiTPoPuYLCByNn8koJScdl6ebqHIPFkD/eLPWYO97PYEqaeNPBmUK7pMgiekde7J+Z8h3IzXTO41/PJgxWAMt6Td+OvBZd8gKoymoD+thHzZpPEDHrO+IlRPa/akG9P7uRV7r0VhQ4NLzlDhAdjBvO8ULXLg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none To: "devel@lists.libvirt.org" Subject: [RFC PATCH] Prioritise and validate cgroup2 canonical mount on /sys/fs/cgroup Thread-Topic: [RFC PATCH] Prioritise and validate cgroup2 canonical mount on /sys/fs/cgroup Thread-Index: AQHclPe+2k2/SuYEkkytGCSSKJMCWw== Date: Tue, 3 Feb 2026 10:33:06 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH0PR15MB4862:EE_|CY5PR15MB5438:EE_ x-ms-office365-filtering-correlation-id: 989303e3-2681-4915-806b-08de630f9e9d x-fb-source: Internal x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|10070799003|366016|1800799024|376014|38070700021; x-microsoft-antispam-message-info: =?iso-8859-1?Q?PafDEaaJKQk7ijhJFwmrRk+xPlHPJjedNjyxhxz8AE/9iuAol67z4Z2r+I?= =?iso-8859-1?Q?dbGSDSFtbOmoKiiuauiKQ2kU1NE/GwSaGG0oxSenB1/VC7M2kwawjYvzfE?= =?iso-8859-1?Q?dDFLWWwypIErw5cEqwpLXmFOMyQlJGubX4n7T27yTFGln/yXfqsQ7yhG+4?= =?iso-8859-1?Q?xxRyKpRsncPzdhjk44HuucijIWJykGI9CtDV1sgB/P6AVnr65g0dok6toK?= =?iso-8859-1?Q?3l/MbgFGpD0s2QV5o5w2lijwNk4Ogt5AZioVDkD48l8xP+vnxQD4oG45Vp?= =?iso-8859-1?Q?GGCOi1KfDiohP83ZCGl76k2Q+Z9uWjb5WzQqPfT3BCkXBZDM6MV9zCsWlM?= =?iso-8859-1?Q?qPukhfkxwKNjBaoPzPK+cpZjx5xed+O7F1Exc69yXQrKnajKqqesw7NTG3?= =?iso-8859-1?Q?vltZBBa15EqjtGMzjyaN7i3NebXZ/JfnUpWFYyDP/6Ht9Whp4pOZAJdnv3?= =?iso-8859-1?Q?yEQ1IzmsfBB0P9AHeiBGzU2CYZEir1a7tWgBI6R+sRuA1clif7aSoyoTws?= =?iso-8859-1?Q?1nyvgHDmGbvaKfoD+NyUiU0S5i+zPXfXRL409nZaTkZM/dR7L0uSeOgkfn?= =?iso-8859-1?Q?q025KNDZfqTD1sf4vcgb/prmg9P3/hwepSvz9+HfcQ2LyTJaRospEVDYUU?= =?iso-8859-1?Q?Lw8cWleDCfYUNsSCIAbEcN+7RkpLnEkAEVLkNvyJds9ONIfvQEIK1udwGz?= =?iso-8859-1?Q?kH+XRIuapA1gcAOb6Tq6JE/A7utpXWw0uVv71RkT+57LNVHKGLbAOD0dxV?= =?iso-8859-1?Q?WtuTKfQrJsv2JP2SUR1qwxtwagwAzHg45r+H75j7ZdgHFrAq96rc0iOgpE?= =?iso-8859-1?Q?bJcsBuYB6rhxa3J5iOgFBwYjDEgMX0zQ6aklI3u6blND8jOkD5wz77M28E?= =?iso-8859-1?Q?v+SqFW0L1ADgWjPBbPmiLWaiTvkMtjCY9uda4rj9pbr3tu/Jd8dk1N6aZs?= =?iso-8859-1?Q?QdyeaGnYTFk37hUPfQ9ixUH64k5k0fDALxmPw4XgNXXpyHVtyiavfz8zO6?= =?iso-8859-1?Q?l09PcImh1ntEQUiAg7akVucFhKSWmG4ytyPU7yFqM8L4hmGNE7PJb4AWr7?= =?iso-8859-1?Q?AUmXAzOtedSQ8HCYssdKdaWPRYcy42jvweeHY4r/69Y6qpW5Q493fOBBH8?= =?iso-8859-1?Q?EETSHEzAA4M5y39qeC+JwaIKzqcAoGiyuB0NmE+Qm/Qoc2r5lh58LP0QG1?= =?iso-8859-1?Q?nocqwMf7y0ovib/CFhydXQNhI7NRQV+1Z4IjdujDl4RC0BapjQsyaDosOO?= =?iso-8859-1?Q?+EsFB6hq9rfxzFR4Ww3Ns6qWjbIevbJd3mwTPn5zSPi+RDstG+SCk2PPiS?= =?iso-8859-1?Q?w//0y3ae5OVuYfe4WeuAuaHToFs4SzSr8pfnYmTmQZiifr37AYyXKZscxL?= =?iso-8859-1?Q?+f2ckqn8Yl0tLMx/w3UBGV4bSF6a9YMLtOBTsB6GX8XV+HazSR6/oxs0j+?= =?iso-8859-1?Q?Q+0iZlB/KSioE+CRPgV3szkRKKsXz6lXKk8wu++/xiPiwd0ivgNDISJkox?= =?iso-8859-1?Q?eKKVcDbtOr2i83WS8PXs4dcJyqSM2YV+8EjckCqBCLGHDFhg/AtvHHHlP3?= =?iso-8859-1?Q?2zO9iDfLQErQNGtr7DJg/zP5Cr24XhWe1e0+Pzzq9y23Vk//2EJZpJ9zdQ?= =?iso-8859-1?Q?Urpfpsqes9YwgkjOArK8x2cmVFC7WNqwnOy2CyQYo1JpYwwDpBGxLBBVcR?= =?iso-8859-1?Q?EInVXseJSQWCM9R8F3Q=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR15MB4862.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(366016)(1800799024)(376014)(38070700021);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?My4pcr5hArrv3EVpApWkGvphPcf3Fnj9jfH/exMtzdnZhejvhw9GFyeQps?= =?iso-8859-1?Q?8wIHOmZZaF29oXSHC2V52iJB1aPFOI+C71eA4Fn3tofOpb9iO8zzmBZW92?= =?iso-8859-1?Q?2mN9ShtTJhSeQfJUhE94t3nE3fYX4qENy7wpPsTaGL/3pfAwIvs9/KqWR7?= =?iso-8859-1?Q?ict4I72iOhgRQjv8pzewpG23/tOdj0SfYCso+aQMTGqmpWejn3xhQMh6WI?= =?iso-8859-1?Q?Sxk3xsupdqJ1BEu7caddNcF/M2NH+9C4ez2w+aEWrMYgPV9S1ktFeeVB+3?= =?iso-8859-1?Q?TmKmxm0hYrUfaZY4gxsdOY6OeFqwTiuQ86e+SlfgEllJUe0Q6VqNAfwteK?= =?iso-8859-1?Q?6TeRRp8dIyG4t4YQ+5VsAcuBGxF0taSvE8nBQjCDS1TUjrmTtVtcvGaW1B?= =?iso-8859-1?Q?PvDLRUkY1LjsrFS0Iu/hMk1Nv+mnjtmEljp0Nm6KHNtDbjX6D9EUVur4Ne?= =?iso-8859-1?Q?3WDyjBFYkolxdJk9rSZzguRb+sBzQ1oT/lkwLoqJ2m2wzs16iK+pQpx9yf?= =?iso-8859-1?Q?qdaFUt0iN0djhWetJEpzgl3tIwYY3ojDnwKgVJr0lmWVvkkvnvTFa85/Y5?= =?iso-8859-1?Q?Ulr2z7NQZlbeqmrBeYwZzNwi04LMQY3tid7OMD6qQZLOLNQ6C/59xRxaT6?= =?iso-8859-1?Q?mTW/96mxELxg6ObDITKvF0WiYGQQ6ueNpUINUYaKrlGmpBhPKNrZfWgw5p?= =?iso-8859-1?Q?KK1eOAdiJynVZbLL3wXN5Ak7kd3uLIMPOnw402Y204NzKgou1CBfPPYqQd?= =?iso-8859-1?Q?c3NUj9gvw7F/kK+8R6q5hs7jlBIN14+czBuwDAo1X6xGGlUmvg/R4UAk5W?= =?iso-8859-1?Q?PghU7NdjXHGMQ5kRuejUefXnVwnMiifEswOMaTlX0CirDGNDZIw1GFOXib?= =?iso-8859-1?Q?JFy4H0/sYvHvC3iaL1tCCxm/ejmNRZQStqrD96DLmgrvOuvucvuIZ6oip9?= =?iso-8859-1?Q?is+5nAQgW5Lj8UY463OOYJwRvsEXSOPi2DwCQiwrwldjWyAaLeRvQIpyTS?= =?iso-8859-1?Q?Gauq1K7kbYins4GwvE50/vnwdjGV0FsKR8kR4XbA1F7AN01ullw7nviknN?= =?iso-8859-1?Q?ASMHVXtF8i1RvnASuSooY0mVkWvyhGV63oVVd7087xe0hxKD6NdG1QkXtG?= =?iso-8859-1?Q?wRwuXAe4nNza6fWuIw3GdmmsaO5O2vxJCj6teEPUO11/l0HaXsqoZLRA8m?= =?iso-8859-1?Q?44qZKvtDdnvVcVOWwNcK5nMWTNnGKNf6TzvlJHRkr5WjK+U87Cd3Dup+TB?= =?iso-8859-1?Q?/lcKb1e2KReWpfcXTmewME2VD1qzggCOhruV4yz/dHDdAxlh9CnhqCx3ri?= =?iso-8859-1?Q?eJXc8VnuuNn3c15kMgqM4yCwGWM7GUPtVXZ3b2x6vB/PI9JoeqYkPDG/n4?= =?iso-8859-1?Q?FSg5IivGI7lx3SrdxlQVXD9fH/QNTcju9l77QarFzlbt3xPrrKSTu61vbh?= =?iso-8859-1?Q?x+Go3qwqGNhfLBoUmfGR/M80V9DXzZiUIWPxv2Zk/L35fWZ61uqh8eBM3l?= =?iso-8859-1?Q?uL6CQ+Ar/RCW4ERfaIvF881JXYOyjX86dU39jsb106MSazzN6eOx3sZ5oz?= =?iso-8859-1?Q?O8ODkijkCUvalnTCmzx+w2fTpqBaKyyyQ5dyRjlKZd1Q6jePDvPWiZ/6PS?= =?iso-8859-1?Q?zQRRykxe3VhkXJrzCwawuR14LZW8bSebhsM0STBvg28qGcmKPYbYG9FoAK?= =?iso-8859-1?Q?kn2hkUDU6NFljp2qQFETGpPxkqSQJEPCQp3LVW7/jX9SzY/eWhTrAodz4v?= =?iso-8859-1?Q?u6sM6rYOi5qHnK6D0IWMk//yX69WyXjb48Mnvcdn8zp9nYND1oI1YSRO6Z?= =?iso-8859-1?Q?ZBL2fGClYQ=3D=3D?= Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: meta.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR15MB4862.namprd15.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 989303e3-2681-4915-806b-08de630f9e9d X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2026 10:33:06.9831 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: AkmeRrycn7Vv6p1rP7otZNCGoWF7eon0tiO8kfCu4CaoSZ7f3fZ8S54H6nSWBofCiSQI8sZx7GuXxwlVi3lo7Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR15MB5438 X-Proofpoint-GUID: V1iX4su-w_OJywhvD0aDK8tMRbydu__Z X-Authority-Analysis: v=2.4 cv=fsvRpV4f c=1 sm=1 tr=0 ts=6981cee5 cx=c_pps a=MKhdtnkEmnO/r5iZxkZDBQ==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=8nJEP1OIZ-IA:10 a=HzLeVaNsDn8A:10 a=LLPZWm0_0O8A:10 a=VkNPw1HP01LnGYTKEx00:22 a=VabnemYjAAAA:8 a=Geh8XRbrA5yvxCOv1mYA:9 a=wPNLvfGTeEIA:10 a=gKebqoRLp9LExxC7YDUY:22 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjAzMDA4MyBTYWx0ZWRfX9vWBkPPlaHOV AwRP+46WVKmtD/9yv4dHE9MRuAV/vAEPNgq+YN9jZSvBeorJNUrbWSSHU0LbbEVCEDsjZTXzqFl Te3/JioZOhCF9wmm1ryYyfGGhFUa6o4KbFswP5aKqZ0g/q5itGQsy8isJiExlj/29ABAgpixe49 g+bUe5XOZ+Xk+/ODSuO3+TT/FMyrl1vWDfZPBXCMY8vI5w7dVVUQKJda7ci1LinUOXyW8eP3Vcp W1Sw5rvZqUKATQeTJwVyAqPhazYvxLvCPD3idnDLU8ai5jtHPCMD9N7v8pcfAjwwdlfoN5VUYTh 7QItkeqeOonqhqE83013blDJrfryDxRzw6QM4hDKhVGdOHSbTlA/sqXlBJOSogeexZShYnnaVZF qz+xdT+EjhcCzXu1nL41bOe6IxolbKb+3CKWPhL8IWwQrQ2rvas3bdKmtXsDHXkHgiroGVNSn8j m+NTmFkDn75qvhdyTlw== X-Proofpoint-ORIG-GUID: V1iX4su-w_OJywhvD0aDK8tMRbydu__Z X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-03_03,2026-02-02_01,2025-10-01_01 X-MailFrom: prvs=049431a3d6=rogervn@meta.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation Message-ID-Hash: HAMSE6DKLNFOD2SBQAQCUUCQYMXTBQZ4 X-Message-ID-Hash: HAMSE6DKLNFOD2SBQAQCUUCQYMXTBQZ4 X-Mailman-Approved-At: Tue, 03 Feb 2026 12:00:33 +0000 X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: =?utf-8?q?Rog=C3=A9rio_Vinhal_Nunes_via_Devel?= Reply-To: =?iso-8859-1?Q?Rog=E9rio_Vinhal_Nunes?= X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1770120372336154100 Content-Type: text/plain; charset="utf-8" Hey folks, we've gotten an issue with how libvirt is currently detecting th= e cgroup2 mounts. Basically we expose cgroup2 mounts in a container from th= e host-level and libvirt was selecting that instead of the container-level = mount, which uses the canonical path. The current logic basically iterate on the mounts until it finds a cgroup2 = mount and uses that. If there's multiple, it will override until the last o= ne is read, which is not very safe. I've cut a quick patch that should: 1. Validate that the mount is actually an existing directory in the context 2. Prefer the canonical mount (/sys/fs/cgroup) if it's available 3. only override it once, so it will not go through lists of mounts overrid= ing up to the end I'm happy to get some feedback here especially on step 3 as I'm not very su= re how we should proceed on non-canonical situations or if we should at all= . Maybe the best solution is to just use the canonical path? >From 4a0bf5c5b1e1cd4e0393981a25e1407d29beb43e Mon Sep 17 00:00:00 2001 From: Rogerio Vinhal Nunes Date: Mon, 2 Feb 2026 19:24:52 +0000 Subject: [PATCH] Preferred /sys/fs/cgroup as a canonical mount but also verifies if the mount is an existing directory in the namespace. The reason for this is preventing that mounts that are not visible in the container namespace or additional cgroupv2 mounts to share host context might be incorrectly taken as targets here. --- src/util/vircgroupv2.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c index eaf5ae98f6..aa8c950691 100644 --- a/src/util/vircgroupv2.c +++ b/src/util/vircgroupv2.c @@ -23,6 +23,7 @@ #ifdef __linux__ # include # include +# include #endif /* __linux__ */ #include "internal.h" @@ -46,6 +47,8 @@ VIR_LOG_INIT("util.cgroup"); #define VIR_FROM_THIS VIR_FROM_CGROUP +#define VIR_CGROUP_SYSFS_MOUNT "/sys/fs/cgroup" + VIR_ENUM_DECL(virCgroupV2Controller); VIR_ENUM_IMPL(virCgroupV2Controller, VIR_CGROUP_CONTROLLER_LAST, @@ -173,12 +176,26 @@ virCgroupV2DetectMounts(virCgroup *group, const char *mntOpts G_GNUC_UNUSED, const char *mntDir) { + struct stat sb; + if (STRNEQ(mntType, "cgroup2")) return 0; - VIR_FREE(group->unified.mountPoint); + if (stat(mntDir, &sb) < 0 || !S_ISDIR(sb.st_mode)) { + VIR_DEBUG("Skipping non-directory cgroup2 mount: %s", mntDir); + return 0; + } + + /* Always prefer /sys/fs/cgroup as the canonical mount point. + * If we already have /sys/fs/cgroup, don't override it. + * Otherwise, use the first valid directory we find as fallback. */ + if (STREQ(mntDir, VIR_CGROUP_SYSFS_MOUNT)) { + VIR_FREE(group->unified.mountPoint); + group->unified.mountPoint =3D g_strdup(mntDir); + } else if (!group->unified.mountPoint) { + group->unified.mountPoint =3D g_strdup(mntDir); + } - group->unified.mountPoint =3D g_strdup(mntDir); return 0; } -- 2.52.0