From b275b11d89beff3664d0c30b07e8d83b6098be71 Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Thu, 26 Nov 2020 16:24:47 +0000
Subject: [PATCH] jail: enter existing cgroups namespace if given

Call to enter an existing cgroups namespace was missing. Add it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 jail/jail.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/jail/jail.c b/jail/jail.c
index 80da47f..7ec6cd8 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -1129,6 +1129,8 @@ static int exec_jail(void *arg)
 	if (opts.namespace & CLONE_NEWCGROUP)
 		unshare(CLONE_NEWCGROUP);
 
+	setns_open(CLONE_NEWCGROUP);
+
 	if ((opts.namespace & CLONE_NEWUSER) || (opts.setns.user != -1)) {
 		if (setregid(0, 0) < 0) {
 			ERROR("setgid\n");
-- 
2.30.2