check again after small period(100ms) to avoid kde cgroup override

src/cgproxyd.hpp

@@ -103,8 +103,13 @@ class cgproxyd {
         return 0;
       }
       if (!belongToCgroup(cg, config.cgroup_noproxy)) {
-        info("execsnoop; noproxy: %d %s", pid, path.get());
+        int res = attach(pid, config.cgroup_noproxy_preserved);
-        return attach(pid, config.cgroup_noproxy_preserved);
+        if (res == 0) {
+          info("execsnoop; noproxy: %d %s", pid, path.get());
+        } else {
+          info("execsnoop; noproxy failed: %d %s", pid, path.get());
+        }
+        return res;
       }
     }
 
@@ -122,8 +127,13 @@ class cgproxyd {
         return 0;
       }
       if (!belongToCgroup(cg, config.cgroup_proxy)) {
-        info("execsnoop: proxied: %d %s", pid, path.get());
+        int res = attach(pid, config.cgroup_proxy_preserved);
-        return attach(pid, config.cgroup_proxy_preserved);
+        if (res == 0) {
+          info("execsnoop: proxied: %d %s", pid, path.get());
+        } else {
+          info("execsnoop: proxied failed: %d %s", pid, path.get());
+        }
+        return res;
       }
     }
     return 0;

src/cgroup_attach.cpp

@@ -9,6 +9,7 @@
 #include <string>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <thread>
 #include <unistd.h>
 
 namespace CGPROXY::CGROUP {
@@ -68,9 +69,19 @@ int attach(const string pid, const string cgroup_target) {
   }
 
   // put pid to target cgroup
-  ofstream procs(cgroup_target_procs, ofstream::app);
+  if (write2procs(pid, cgroup_target_procs) != 0) return_error;
+
+  // wait for small period and check again
+  this_thread::sleep_for(std::chrono::milliseconds(100));
+  if (getCgroup(pid) != cgroup_target && write2procs(pid, cgroup_target_procs) != 0)
+    return_error;
+  return_success;
+}
+
+int write2procs(string pid, string procspath) {
+  ofstream procs(procspath, ofstream::app);
   if (!procs.is_open()) {
-    error("open file %s failed", cgroup_target_procs.c_str());
+    error("open file %s failed", procspath.c_str());
     return_error;
   }
   procs << pid.c_str() << endl;
@@ -79,7 +90,7 @@ int attach(const string pid, const string cgroup_target) {
   // maybe there some write error, for example process pid may not exist
   if (!procs) {
     error("write %s to %s failed, maybe process %s not exist", pid.c_str(),
-          cgroup_target_procs.c_str(), pid.c_str());
+          procspath.c_str(), pid.c_str());
     return_error;
   }
   return_success;

src/cgroup_attach.h

@@ -11,6 +11,7 @@ bool validate(string pid, string cgroup);
 string get_cgroup2_mount_point();
 int attach(const string pid, const string cgroup_target);
 int attach(const int pid, const string cgroup_target);
+int write2procs(string pid, string procspath);
 
 } // namespace CGPROXY::CGROUP
 

src/common.cpp

@@ -112,7 +112,7 @@ string getCgroup(const string &pid) {
   ifstream ifs(cgroup_f);
   debug("prcessing file %s", cgroup_f.c_str());
   while (ifs.good() && getline(ifs, line)) {
-    debug("process line: %s", line.c_str());
+    // debug("process line: %s", line.c_str());
     if (line[0] == '0') {
       cgroup = line.substr(3);
       debug("get cgroup of %s: %s", pid.c_str(), cgroup.c_str());