From eea58c84cd261f6328e1b7631d3a1da81c4315f8 Mon Sep 17 00:00:00 2001
From: "Anna (navi) Figueiredo Gomes" <navi@vlhl.dev>
Date: Tue, 14 Apr 2026 20:38:28 +0200
Subject: [PATCH 1/2] openrc-run.sh: extract _setup_cgroup function and replace
 break with return

Fixes: https://github.com/OpenRC/openrc/issues/1002
---
 sh/openrc-run.sh.in | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/sh/openrc-run.sh.in b/sh/openrc-run.sh.in
index 858ce3e88..d85dd6d54 100644
--- a/sh/openrc-run.sh.in
+++ b/sh/openrc-run.sh.in
@@ -289,27 +289,27 @@ if yesno "${rc_verbose:-$RC_VERBOSE}"; then
 	export EINFO_VERBOSE
 fi
 
-case $1 in
-status|describe) ;;
-*)
-	# Apply any ulimit(s) defined
-	[ -n "${rc_ulimit:-$RC_ULIMIT}" ] && apply_ulimits ${rc_ulimit:-$RC_ULIMIT}
-
+_setup_cgroup() {
 	# Apply cgroups settings if defined
 	if [ "$(command -v cgroup_add_service)" = "cgroup_add_service" ]; then
-		if grep -qs /sys/fs/cgroup /proc/1/mountinfo
-		then
-			if [ -d /sys/fs/cgroup -a ! -w /sys/fs/cgroup ]; then
-				eerror "No permission to apply cgroup settings"
-				break
-			fi
+		if grep -qs /sys/fs/cgroup /proc/1/mountinfo && [ -d /sys/fs/cgroup ] && ! [ -w /sys/fs/cgroup ]; then
+			eerror "No permission to apply cgroup settings"
+			return
 		fi
 		cgroup_add_service
 	fi
 
 	[ "$(command -v cgroup_set_limits)" = "cgroup_set_limits" ] && cgroup_set_limits
 	[ "$(command -v cgroup2_set_limits)" = "cgroup2_set_limits" ] && cgroup2_set_limits
-	;;
+}
+
+case $1 in
+	status|describe) ;;
+	*)
+		# Apply any ulimit(s) defined
+		[ -n "${rc_ulimit:-$RC_ULIMIT}" ] && apply_ulimits ${rc_ulimit:-$RC_ULIMIT}
+		_setup_cgroup
+		;;
 esac
 
 eval "printf '%s\n' $required_dirs" | while read _d; do

From 8f48905ad8c5a314d9da02aab880d1e5f4e5c6c3 Mon Sep 17 00:00:00 2001
From: "Anna (navi) Figueiredo Gomes" <navi@vlhl.dev>
Date: Tue, 14 Apr 2026 20:43:44 +0200
Subject: [PATCH 2/2] openrc-run.sh: fixup permission check.

old check would not hit if cgroups isn't mounted
---
 sh/openrc-run.sh.in | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/sh/openrc-run.sh.in b/sh/openrc-run.sh.in
index d85dd6d54..7e3d158a8 100644
--- a/sh/openrc-run.sh.in
+++ b/sh/openrc-run.sh.in
@@ -290,15 +290,14 @@ if yesno "${rc_verbose:-$RC_VERBOSE}"; then
 fi
 
 _setup_cgroup() {
-	# Apply cgroups settings if defined
-	if [ "$(command -v cgroup_add_service)" = "cgroup_add_service" ]; then
-		if grep -qs /sys/fs/cgroup /proc/1/mountinfo && [ -d /sys/fs/cgroup ] && ! [ -w /sys/fs/cgroup ]; then
-			eerror "No permission to apply cgroup settings"
-			return
-		fi
-		cgroup_add_service
-	fi
+	grep -qs /sys/fs/cgroup /proc/1/mountinfo || return
+	[ -w /sys/fs/cgroup ] || {
+		yesno "$RC_USER_SERVICES" || eerror "No permission to apply cgroup settings"
+		return
+	}
 
+	# Apply cgroups settings if defined
+	[ "$(command -v cgroup_add_service)" = "cgroup_add_service" ] && cgroup_add_service
 	[ "$(command -v cgroup_set_limits)" = "cgroup_set_limits" ] && cgroup_set_limits
 	[ "$(command -v cgroup2_set_limits)" = "cgroup2_set_limits" ] && cgroup2_set_limits
 }