#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <fcntl.h>

#include <linux/sched.h>    /* Definition of struct clone_args */
#include <sched.h>          /* Definition of CLONE_* constants */
#include <sys/syscall.h>    /* Definition of SYS_* constants */
#include <unistd.h>

/*
 * Preconditions:
 * - /sys/fs/cgroup/not-allowed is a real cgroup.
 * - You are not root and do not have write permissions to
 *   /sys/fs/cgroup/not-allowed/cgroup.procs
 */
int main() {
  pid_t pid;
  int fd;
  struct clone_args cl_args = {0};
  char *cgPath = "/sys/fs/cgroup/not-allowed";

  fd = open(cgPath, O_RDONLY);
  if (fd == -1) {
    fprintf(stderr, "Could not open cgroup %s: %s\n", cgPath, strerror(errno));
    exit(1);
  }

  cl_args.exit_signal = SIGCHLD;
  cl_args.flags = CLONE_INTO_CGROUP;
  cl_args.cgroup = fd;
  pid = syscall(SYS_clone3, &cl_args, sizeof(cl_args));
  if (pid == -1) {
    if (errno == EACCES) {
      printf("EACCES detected\n");
      exit(0);
    }
    fprintf(stderr, "Could not clone into cgroup: %s\n", strerror(errno));
  } else if (pid == 0) {
    fprintf(stderr, "Are you root, or do you have write access to %s?\n", cgPath);
  }
  exit(1);
}