From 1a17741e869521c4374e8acdf53b173182b86869 Mon Sep 17 00:00:00 2001
From: Danielle Tomlinson <dani@hashicorp.com>
Date: Fri, 9 Nov 2018 16:43:37 -0800
Subject: [PATCH] rawexec: Only use cgroups when running as root.

If Nomad is not running as root, we should not try to use cgroups for pid
freezing.

This originally was implemented pre-driver-support in
https://github.com/hashicorp/nomad/blob/v0.8.6/client/driver/raw_exec.go#L120-L130
---
 drivers/rawexec/driver.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/rawexec/driver.go b/drivers/rawexec/driver.go
index 411095475..018c9adfa 100644
--- a/drivers/rawexec/driver.go
+++ b/drivers/rawexec/driver.go
@@ -4,7 +4,9 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strconv"
+	"syscall"
 	"time"
 
 	"github.com/hashicorp/consul-template/signals"
@@ -320,12 +322,16 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *cstru
 		return nil, nil, fmt.Errorf("failed to create executor: %v", err)
 	}
 
+	// Only use cgroups when running as root on linux - Doing so in other cases
+	// will cause an error.
+	useCgroups := !d.config.NoCgroups && runtime.GOOS == "linux" && syscall.Geteuid() == 0
+
 	execCmd := &executor.ExecCommand{
 		Cmd:                driverConfig.Command,
 		Args:               driverConfig.Args,
 		Env:                cfg.EnvList(),
 		User:               cfg.User,
-		BasicProcessCgroup: !d.config.NoCgroups,
+		BasicProcessCgroup: useCgroups,
 		TaskDir:            cfg.TaskDir().Dir,
 		StdoutPath:         cfg.StdoutPath,
 		StderrPath:         cfg.StderrPath,