Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751608AbbFRDQD (ORCPT ); Wed, 17 Jun 2015 23:16:03 -0400 Received: from szxga01-in.huawei.com ([58.251.152.64]:30690 "EHLO szxga01-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750896AbbFRDPy (ORCPT ); Wed, 17 Jun 2015 23:15:54 -0400 Message-ID: <5582379E.1050508@huawei.com> Date: Thu, 18 Jun 2015 11:14:38 +0800 From: Zefan Li User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: Tejun Heo CC: , , , Subject: Re: [PATCH 3/4] cgroup: require write perm on common ancestor when moving processes on the default hierarchy References: <1434481817-32001-1-git-send-email-tj@kernel.org> <1434481817-32001-4-git-send-email-tj@kernel.org> In-Reply-To: <1434481817-32001-4-git-send-email-tj@kernel.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset="GB2312" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.177.18.230] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1348 Lines: 45 Hi Tejun, > -static int cgroup_procs_write_permission(struct task_struct *task) > +static int cgroup_procs_write_permission(struct task_struct *task, > + struct cgroup *dst_cgrp, > + struct kernfs_open_file *of) > { > const struct cred *cred = current_cred(); > const struct cred *tcred = get_task_cred(task); > @@ -2407,6 +2409,26 @@ static int cgroup_procs_write_permission(struct task_struct *task) > !uid_eq(cred->euid, tcred->suid)) > ret = -EACCES; > > + if (cgroup_on_dfl(dst_cgrp)) { if (!ret && cgroup_on_dfl(dst_cgrp)) > + struct super_block *sb = of->file->f_path.dentry->d_sb; > + struct cgroup *cgrp; > + struct inode *inode; > + > + down_read(&css_set_rwsem); > + cgrp = task_cgroup_from_root(task, &cgrp_dfl_root); > + up_read(&css_set_rwsem); > + > + while (!cgroup_is_descendant(dst_cgrp, cgrp)) > + cgrp = cgroup_parent(cgrp); > + > + ret = -ENOMEM; > + inode = kernfs_get_inode(sb, cgrp->procs_kn); > + if (inode) { > + ret = inode_permission(inode, MAY_WRITE); > + iput(inode); > + } > + } > + > put_cred(tcred); > return ret; > } -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/